Ratings ranged from ‘AAA’ to ‘CC’ with security effectiveness scores from 27% to 100%.
AUSTIN, Texas – December 1, 2022 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of eight market leading security vendors in its first-ever Cloud Network Firewall comparative evaluation. Forcepoint, Fortinet and Juniper’s test reports were published earlier in the year, all with ‘AAA’ ratings. In this latest release of test reports, Check Point and Versa Networks received a ‘AAA’ rating. Palo Alto Networks received an ‘AA,’ Sophos an ‘A,’ and Cisco ‘CC.’
The test covered capabilities considered essential in a firewall including basic routing, access control, SSL / TLS decryption, threat prevention (exploits), evasion, performance, stability and reliability, and management. Amazon Web Services (AWS) was the public cloud service chosen to run the test. Ratings were calculated using a scale from 0 to 800.
Key Findings include:
- Cloud services assume a shared security model, where cloud providers are responsible for the infrastructure and customers are responsible for securing the applications running on the infrastructure.
- Roughly 80% of web traffic is encrypted and firewall decryption is not on by default: Firewalls will not see/block attacks delivered via (encrypted) HTTPS unless configured to do so.
- Security vendors are used to controlling the platform on which their products are installed. In the cloud, they do not have that control; vendors are learning how to operate under these new conditions and there will be challenges.
- Supply Chain attacks are on the rise. Using the cloud means relying on third parties to maintain software supply chain integrity. APIs, code reuse, open-source libraries, not maintained code, and other shared resources introduce unknown risks.
Security effectiveness scores ranged from 27% to 100%. The security effectiveness tests verified how effectively the firewall protected control network access, applications, and users while preventing threats (exploits and evasions), blocking malicious traffic while under extended load, and remaining resistant to false positives. Exploit block rates ranged from 88.3% to 100%. All products achieved 100% for resistance to evasion techniques.
“Security is your problem, not Amazon’s,” said Vikram Phatak, CEO of CyberRatings.org. “If you are migrating your data center to the cloud, create a plan for securing it,” Phatak added. “And if you needed a firewall for your data center, you probably need one for your cloud deployment.”
There are different ways consumers can purchase security products for the cloud. The individual test reports reflect the bring-your-own-license model while the comparative report illustrates the pay-as-you-go pricing. Both pricing models provide consumers with options to compare pricing on items important to their own organizations.
The following products were evaluated:
|Check Point Cloud Network Firewall CloudGuard IaaS R81.20-581||AAA|
|Cisco Firepower Threat Defense for AWS Version 7.2.0||CC|
|Forcepoint Cloud Network Firewall v6.11||AAA|
|Fortinet Cloud Network Firewall v7.0.5 Build 0304(GA)||AAA|
|Juniper Cloud Network Firewall 22.1R1.1||AAA|
|Palo Alto Networks Cloud Network Firewall PA-VM-AWS-10.2.2||AA|
|Sophos Cloud Network Firewall SFOS 19.0.0 GA-Build317||A|
|Versa Networks Cloud Network Firewall Versa-FlexVNF-21.2.3||AAA|
To read the CyberRatings reports go to CyberRatings.org.
Cloud Network Firewall test tools were provided by Keysight (CyPerf and Breaking Point), and TeraPackets Threat Replayer.