CyberRatings.org Announces Enterprise Firewall Test Results
Friday, July 5, 2024
Multiple exploits for each evasion technique were used to measure each product's defense.
Protection rate scores ranged from 37.01% to 99.87%.
AUSTIN, Texas, June 27, 2024 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of eight market leading enterprise firewall vendors. Seven products were Recommended, and one received a Caution rating.
Enterprise firewalls are used to protect a trusted network from an untrusted network while allowing authorized communications to pass from one side to the other, thus facilitating secure business use of the Internet. Protection rate tests verified how effectively the firewall protected control network access, applications, and users while preventing threats (exploits and evasions), blocking malicious traffic under extended load, and remaining resistant to false positives.
Key Findings:
-- When an exploit is blocked by a firewall, applying an evasion technique
to that exploit is often easier for an attacker than finding a new
exploit that isn't blocked by that firewall.
-- Threat actors apply evasion techniques to disguise and modify attacks to
avoid detection by security products. Missing a type of evasion means a
hacker can use an entire class of exploits to circumvent the security
product. CyberRatings used multiple exploits for each evasion technique
to see how each product defended against these combinations.
-- Vendors have made progress towards "Secure by Default." For the products
and versions CyberRatings tested, if a vendor's pre-defined high
security configuration is selected, then firewall evasion defenses will
be on by default. For other security configurations evasion defenses may
not be enabled by default.
-- Encryption matters: Roughly 80% of web traffic is encrypted. The top
four cipher suites account for over 95% of HTTPS traffic. It should be
noted that decryption is not on by default. Firewalls will not see
attacks delivered via HTTPS unless configured to do so.
-- Variants from well-known exploits are not always covered by vendors. At
times, CyberRatings found multiple signatures/rules for the same Common
Vulnerabilities and Exposures (CVE), with some offering more protection
than others. Vendors may attempt to provide rapid coverage for high
profile vulnerabilities by creating multiple exploit-specific
signatures. If vendors don't follow up with more comprehensive defenses,
this approach can lead to gaps in protection.
To our knowledge, this was the most comprehensive evasion test performed to date. We have accelerated our research into evasion techniques as attackers increasingly bypass defenses," said Vikram Phatak, CEO of CyberRatings.org. "An attacker can bypass protection if a firewall fails to detect a single form of evasion."
The following products were tested and rated:
Enterprise Firewall Rating Protection Rated Throughput Price per Protected
Rate (Mbps) Mbps
Check Point Quantum Force 19200 plus R81.20 Recommended 98.41 % 12,281 $11.28
Cisco Firepower 2130 Threat Defense v7.3.1 (build 19) Caution 37.01 % 1,040 $77.34
Forcepoint 3410 NGFW version 7.1.1 build 29059 Recommended 96.89 % 14,961 $7.93
Fortinet FortiGate-900G v7.4.4 GA Recommended 98.21 % 14,096 $3.25
Juniper Networks SRX4600 JUNOS 22.4X3.1 srx4600 Recommended 99.54 % 7,772 $13.74
Palo Alto Networks PA-450 v11.1.1 Recommended 96.36 % 1,026 $6.52
Sangfor NGAF 5300 AF 8.0.85.1029 Build 20240423 Recommended 97.48 % 5,719 $1.57
Versa Networks CSG5000 versa-flexvnf-22.1.4-B Recommended 99.87 % 15,811 $2.15
Keysight provided their CyPerf and BreakingPoint tools to test performance, TLS functionality and stability. TeraPackets provided their Threat Replayer tool for packet replay, and CyberRatings used its own proprietary tools for live exploits and evasions.
The Enterprise Firewall Test Reports, Comparative and Security Value Map(TM) are available at cyberratings.org.
Additional Resources:
Enterprise Firewall Configuration Guide
Enterprise Firewall Methodology v2.2
Why Firewalls Should be Secure by Default
About CyberRatings.org?
CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member,?visit?www.cyberratings.org and follow us on LinkedIn.
View original content to download multimedia:https://www.prnewswire.com/news-releases/cyberratingsorg-announces-enterprise-firewall-test-results-302184011.html
SOURCE CyberRatings.org
|
|
|
|
|
 |
New Report Names States Most Vulnerable to Holiday Scams | Jan 22, 2026
|
|
Identiv Completes Thailand Manufacturing Transition, Unlocking Next-Generation Multicomponent Manufacturing for Advanced IoT Solutions | Jan 22, 2026
|
|
Truvista Fiber Acquires SlyTel | Jan 22, 2026
|
|
Android Mobile Adware Surges in Second Half of 2025 | Jan 22, 2026
|
|
Breakthrough Progress: METiS TechBio Publishes Consecutive Research Findings in Nature Communications and the Journal for ImmunoTherapy of Cancer | Jan 22, 2026
|
|
Healthcare Industry Executives are Likely to be Personal Targets of Cybercrime | Jan 22, 2026
|
|
pgEdge Announces pgEdge Agentic AI Toolkit for Postgres | Jan 22, 2026
|
|
Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack | Jan 22, 2026
|
|
LG ELECTRONICS INTRODUCES 2026 LG GRAM LINEUP ELEVATED BY AEROMINUM | Jan 22, 2026
|
|
Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026 | Jan 22, 2026
|
|
|
