NSS Labs Announces 2019 NGFW Group Test Results
Wednesday, July 17, 2019
Next generation firewalls are core to many cybersecurity strategies, and yet most of these products were easily evaded in this test.
AUSTIN, Texas, July 17, 2019 /PRNewswire/ -- NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the results of its 2019 Next Generation Firewall (NGFW) Group Test. Twelve of the industry's leading NGFW products were tested to compare NGFW product capabilities across multiple use cases. Products were assessed for security effectiveness, total cost of ownership (TCO), and performance.
Firewalls are the most widely deployed network security devices. Enterprises expect modern firewalls (NGFWs) to prevent exploits and malware from infecting critical systems.
This is the ninth year for testing NGFW products. NSS Labs raised the bar this year by performing a significantly harder test for security effectiveness, which exposed weaknesses not seen previously. Test results showed that block rates for simple clear-text attacks remain strong (over 96%) for nine out of twelve products. However, while known/published exploits were frequently blocked, test engineers were able to bypass protection in all devices with minor modifications to known and blocked exploits. In addition, only one of twelve products properly blocked exploits that were obfuscated using Complex Evasions (HTML / JavaScript / VBScript). Palo Alto Networks and WatchGuard stood out as the only products that didn't miss major evasions this year.
Key Takeaways:
-- Enterprises expect when they purchase products that they will remain
viable over multiple years.
-- While it is tempting to draw conclusions from one test, NSS Labs
recommends enterprises favor vendors that consistently engage and
improve over time. When in doubt, an NSS Labs analyst is available to
answer questions.
-- Scripting evasions are challenging for NGFWs since they require
real-time code analysis in order to determine whether a function is
legitimate or obfuscating an attack.
-- Vendor claims to protect vulnerabilities (regardless of the exploit
specifics) are largely dependent on the nature of the vulnerability and
whether it lends itself to such protection. Test results found all
products had room for improvement when confronted with unknown variants
of known exploits.
-- Research indicates that over 70% of Internet traffic is encrypted using
TLS/SSL. NSS Labs recommends measuring the performance of devices both
with and without TLS/SSL enabled. Failure to do so could result in
unexpected performance bottlenecks.
"Given the ever increasing integration of the cyber and physical world, it is imperative that cybersecurity products work properly," said Jason Brvenik, Chief Executive Officer at NSS Labs. "The good news is that while we found flaws, most vendors are committed to protecting their customers and are fixing their products. Stay tuned for follow-on reports," added Brvenik.
Of the twelve products tested, ten were rated as Recommended based on comparative scores for overall security effectiveness, TCO per protected Mbps, and performance:
-- Barracuda Networks CloudGen Firewall F800.CCE v7.2.3
-- Check Point Software Technologies 6500 Security Gateway R80.20
-- Forcepoint 2105 NGFW v6.3.11
-- Fortinet FortiGate 500E v6.0.4 build 0231
-- Huawei USG6620E v600R006C00SPC310
-- Palo Alto Networks PA-5220 PAN-OS 8.1.6-h2
-- Sophos XG 750 Firewall SFOS v17.5
-- SonicWall NS 4650 SonicOS v6.5
-- Versa Networks FlexVNF v16.1R2-S7
-- WatchGuard Firebox M670 Firmware: 12.3 B589695 Ver-4.907
NSS Labs is committed to providing empirical data and objective group test results that help organizations make educated decisions about purchasing and optimizing security products and services. We believe if a product is good enough to sell, it is good enough to test. If you do not see a product you are interested in, ask them where their results are and encourage participation. As with all NSS Labs group tests, there is no fee for participation.
Additional Resources
-- View the 2019 NGFW Test Security Value Map (free)
-- View the 2019 NGFW Group Test Methodology (free)
-- Subscribers can access the 2019 NGFW Group Test reports here
-- View the Intelligence Brief on Security Controls in the US Enterprise:
Next Generation Firewall (March 2019)
-- Learn more about how NSS Labs approaches testing
-- To suggest a product for testing, click here
-- Follow NSS Labs on Twitter
-- Follow NSS Labs on LinkedIn
About NSS Labs, Inc.
NSS Labs tests the world's security products. Based in Austin, Texas, the company's research and testing laboratory is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. C-Suite executives and information security professionals from many of the world's most demanding global enterprises rely on NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com.
View original content to download multimedia:http://www.prnewswire.com/news-releases/nss-labs-announces-2019-ngfw-group-test-results-300886272.html
SOURCE NSS Labs, Inc.
|
|
|
|
|
 |
Identiv Completes Thailand Manufacturing Transition, Unlocking Next-Generation Multicomponent Manufacturing for Advanced IoT Solutions | Jan 22, 2026
|
|
Global Cyber Alliance Identifies Five Cybersecurity Forces That Defined 2025 - And Will Shape 2026 | Jan 22, 2026
|
|
New Report Names States Most Vulnerable to Holiday Scams | Jan 22, 2026
|
|
Truvista Fiber Acquires SlyTel | Jan 22, 2026
|
|
pgEdge Announces pgEdge Agentic AI Toolkit for Postgres | Jan 22, 2026
|
|
Android Mobile Adware Surges in Second Half of 2025 | Jan 22, 2026
|
|
Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack | Jan 22, 2026
|
|
Healthcare Industry Executives are Likely to be Personal Targets of Cybercrime | Jan 22, 2026
|
|
LG ELECTRONICS INTRODUCES 2026 LG GRAM LINEUP ELEVATED BY AEROMINUM | Jan 22, 2026
|
|
Breakthrough Progress: METiS TechBio Publishes Consecutive Research Findings in Nature Communications and the Journal for ImmunoTherapy of Cancer | Jan 22, 2026
|
|
|
