PRESS RELEASE
Austin, Texas – April 3, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of eleven market-leading vendors of network firewalls cloud. Six products were recommended, one product received a neutral rating and four received a caution rating.
Cloud network firewalls are considered the first line of defense when deployed in public cloud providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. But implementing cloud security can be complex, as multiple factors influence its effectiveness.
CyberRatings tested cloud firewall products to determine how they handled TLS/SSL (authentication) 1.2 and 1.3 cipher suites (algorithms), how they defended against 984 exploits (attacks that exploit a software flaw or install malware), and whether any of 1,645 escapes could bypass protection. At all times the devices had to remain stable under adverse conditions. To provide a more realistic assessment based on modern network traffic, both plaintext (HTTP) and encrypted traffic (HTTPS) were measured. Amazon Web Services (AWS) was the public cloud service chosen to run the test.
The combination of effectiveness and security value has determined the positioning of the products in the Security Value Map™ (SVM). Six of the eleven products were recommended for their effectiveness in terms of safety with scores ranging between 99.70% and 100%. Recommended ratings are based on threat prevention (how many exploits and evasions were blocked?), TLS/SSL functionality, routing and policy enforcement, and stability and reliability to yield a final security effectiveness score. These same products have also demonstrated competitive pricing in terms of total cost per protected Mbps (value). The product rated Neutral received a safety efficacy score of 48.44%. Four products classified as Caution achieved safety effectiveness scores ranging from 5.39% to 48.37%.
“We have been testing firewalls for years, and more recently, cloud network firewalls,” said Vikram Phatak, CEO of CyberRatings.org. “All of the products chosen were market leaders, and the range of scores clearly shows that building a product for the cloud is different than building a product on a device where you control the environment,” Phatak said. “We recommend that companies check with their service providers or IT teams to see which cloud firewall products are currently deployed on their networks.”
As part of the cloud firewall test, CyberRatings also checked whether the products were secure by default. Some firewall bypass defenses have been found to be inactive by default, potentially exposing customers to significant risk. In response, CyberRatings provides a policy and configuration guide to help companies ensure their firewalls are configured correctly.
Encryption is important: About 80% of web traffic is encrypted. The four major cipher suites account for more than 95% of HTTPS traffic. In some products, decryption was not enabled by default. Firewalls will not see attacks delivered over HTTPS unless they are configured to do so. Performance is significantly different when TLS/SSL is enabled. With the exception of one vendor who failed to handle TLS 1.3 despite requesting support, all other vendors supported encryption.
Companies should monitor security and performance capabilities and regularly update firewalls. With the ever-evolving cloud platform and agile development, something can go wrong even when the security vendor doesn’t make any changes.
The following products were evaluated:
|
Amazon Web Services (AWS) network firewall. |
||||
|
Barracuda CloudGen Firewall |
||||
|
Cisco Secure Firewall virtual threat defense |
||||
|
Palo Alto Networks next-generation VM Series firewall with advanced threat prevention |
||||
Additional Resources:
Cloud Network Firewall Comparison Report and Test Report
2024 Best Practices for Cloud Network Firewall Deployment
Exploring the landscape of cloud network firewalls available on AWS
Why firewalls should be secure by default
Information on CyberRatings.org
CyberRatings.org is a 501(c)6 nonprofit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide companies with independent, objective evaluations of the effectiveness of security products to make informed decisions. To become a member, visitwww.cyberratings.org and follow us on LinkedIn.