CyberRatings.org Announces Enterprise Firewall Test Results
Friday, July 5, 2024
Multiple exploits for each evasion technique were used to measure each product's defense.
Protection rate scores ranged from 37.01% to 99.87%.
AUSTIN, Texas, June 27, 2024 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of eight market leading enterprise firewall vendors. Seven products were Recommended, and one received a Caution rating.
Enterprise firewalls are used to protect a trusted network from an untrusted network while allowing authorized communications to pass from one side to the other, thus facilitating secure business use of the Internet. Protection rate tests verified how effectively the firewall protected control network access, applications, and users while preventing threats (exploits and evasions), blocking malicious traffic under extended load, and remaining resistant to false positives.
Key Findings:
-- When an exploit is blocked by a firewall, applying an evasion technique
to that exploit is often easier for an attacker than finding a new
exploit that isn't blocked by that firewall.
-- Threat actors apply evasion techniques to disguise and modify attacks to
avoid detection by security products. Missing a type of evasion means a
hacker can use an entire class of exploits to circumvent the security
product. CyberRatings used multiple exploits for each evasion technique
to see how each product defended against these combinations.
-- Vendors have made progress towards "Secure by Default." For the products
and versions CyberRatings tested, if a vendor's pre-defined high
security configuration is selected, then firewall evasion defenses will
be on by default. For other security configurations evasion defenses may
not be enabled by default.
-- Encryption matters: Roughly 80% of web traffic is encrypted. The top
four cipher suites account for over 95% of HTTPS traffic. It should be
noted that decryption is not on by default. Firewalls will not see
attacks delivered via HTTPS unless configured to do so.
-- Variants from well-known exploits are not always covered by vendors. At
times, CyberRatings found multiple signatures/rules for the same Common
Vulnerabilities and Exposures (CVE), with some offering more protection
than others. Vendors may attempt to provide rapid coverage for high
profile vulnerabilities by creating multiple exploit-specific
signatures. If vendors don't follow up with more comprehensive defenses,
this approach can lead to gaps in protection.
To our knowledge, this was the most comprehensive evasion test performed to date. We have accelerated our research into evasion techniques as attackers increasingly bypass defenses," said Vikram Phatak, CEO of CyberRatings.org. "An attacker can bypass protection if a firewall fails to detect a single form of evasion."
The following products were tested and rated:
Enterprise Firewall Rating Protection Rated Throughput Price per Protected
Rate (Mbps) Mbps
Check Point Quantum Force 19200 plus R81.20 Recommended 98.41 % 12,281 $11.28
Cisco Firepower 2130 Threat Defense v7.3.1 (build 19) Caution 37.01 % 1,040 $77.34
Forcepoint 3410 NGFW version 7.1.1 build 29059 Recommended 96.89 % 14,961 $7.93
Fortinet FortiGate-900G v7.4.4 GA Recommended 98.21 % 14,096 $3.25
Juniper Networks SRX4600 JUNOS 22.4X3.1 srx4600 Recommended 99.54 % 7,772 $13.74
Palo Alto Networks PA-450 v11.1.1 Recommended 96.36 % 1,026 $6.52
Sangfor NGAF 5300 AF 8.0.85.1029 Build 20240423 Recommended 97.48 % 5,719 $1.57
Versa Networks CSG5000 versa-flexvnf-22.1.4-B Recommended 99.87 % 15,811 $2.15
Keysight provided their CyPerf and BreakingPoint tools to test performance, TLS functionality and stability. TeraPackets provided their Threat Replayer tool for packet replay, and CyberRatings used its own proprietary tools for live exploits and evasions.
The Enterprise Firewall Test Reports, Comparative and Security Value Map(TM) are available at cyberratings.org.
Additional Resources:
Enterprise Firewall Configuration Guide
Enterprise Firewall Methodology v2.2
Why Firewalls Should be Secure by Default
About CyberRatings.org?
CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member,?visit?www.cyberratings.org and follow us on LinkedIn.
View original content to download multimedia:https://www.prnewswire.com/news-releases/cyberratingsorg-announces-enterprise-firewall-test-results-302184011.html
SOURCE CyberRatings.org
|
|
|
|
|
 |
EXECUTIVE PRODUCER BRADLEY COOPER'S FILM CAREGIVING TO PREMIERE ON PBS FOR NATIONWIDE BROADCAST JUNE 24 STREAMING BEGINS MAY 27 | Mar 28, 2025
|
|
Indusface redefines WAAP user experience with industry-first innovations in AppTrana | Mar 28, 2025
|
|
Trend Micro Launches Voice-Enabled ScamCheck Capability to Help Protect Consumers from the Rising Threat of Global Scams | Mar 28, 2025
|
|
/C O R R E C T I O N -- Bell Canada (MTL)/ | Mar 28, 2025
|
|
Keeper Security Unveils Latest WearOS App for Seamless Password Management | Mar 28, 2025
|
|
Splitit Unveils First Fully Embedded White-Label Installment Solution for Shopify Merchants | Mar 28, 2025
|
|
Identity Theft After a Data Breach? Legal Action May Recover Your Losses | Console & Associates | Mar 28, 2025
|
|
Leading Endpoint Protection Solutions for Combatting Cyberthreats Identified in Info-Tech Research Group's New Emotional Footprint Report | Mar 28, 2025
|
|
Hornetsecurity named Top Player in Radicati's Secure Email - Market Quadrant 2025 | Mar 28, 2025
|
|
Ontinue Research Reveals Ransomware Attacks Surged 132% Despite 35% Drop in Payments | Mar 28, 2025
|
|
|
