While we think that testing with the Mu Dynamics tester helps to keep IPS vendors on their toes with vulnerability signatures, it's important not to read too much into efficacy tests like these. Since the Mu Dynamics tester is a standard product, there's always the possibility that IPS vendors will tune their systems to increase their scores — even if they don't agree that a particular attack or vulnerability is important or correctly crafted. The Mu Dynamics tester is also useful because it can do mutation testing, which can stress the software in next generation firewalls, although only the Barracuda NG Firewall had a crash during our test runs.
Because IPSes all can trigger false positives, management is an important concern. We found Check Point Security Gateway and SonicWall SonicOS the easiest to work with, although this can be a matter of personal preference. Both devices only allow for a single IPS policy per device, which means that you're managing a single large policy on the firewall. That's limiting, but it is an appropriate limitation when you're managing a firewall and not a dedicated IPS device.
In contrast, Barracuda NG Firewall and Fortinet FortiGate both allow you to define multiple policies, and bring each policy into play on a rule-by-rule basis. The NG Firewall and FortiGate are more flexible, but there's a price to be paid -- you don't have very good policy creation and management tools, which means that making more than one policy can turn out to be just aggravating.
If you think your IPS management will be a "set it and forget it" style where you define rough categories you want to enable and then never look again at the logs or the configuration, you'll be happy with any of these products.
When we turned to the IPS reporting interfaces, we found a clear winner in Check Point's Security Gateway when combined with the optional SmartEvent analyzer. Check Point's winning combination offers an easy-to-understand way to view IPS events, understand what is happening over time, and to drill-down into individual events and supporting evidence for each event. From the SmartEvent analyzer, we were able to jump directly to the IPS policy, enabling or disabling signatures or adding exceptions.
If you are thinking of replacing your standalone IPS with a next-generation firewall containing an IPS, and want to have the same level of reporting and analysis that a standalone IPS gives you, Check Point Secure Gateway with SmartEvent analyzer leaves the other devices far behind.