Cloud Network Firewall

Click to enlarge

The Security Value Map ™ (SVM) provides a high-level analysis of the detailed findings from our tests. The x-axis displays the Price per Protected Mbps in US dollars. The y-axis displays the Protection Rate score as a percentage.

Where a product’s Protection Rate and Price per Protected Mbps scores will determine which section it falls into on the SVM:

Recommended: Products in the upper-right section are recommended for security, performance, and value.
Neutral: Products that map into either the upper-left or lower-right sections are less capable than the Recommended category.
Caution: Products that map into the lower-left section of the SVM offer poor value for money.

Technology Overview
In The Reports
Test Tools

Technology Overview

Cloud network firewalls are considered to be the first line of defense when deployed in public cloud providers such as Amazon Web Services, Google Cloud Platform and Microsoft Azure. While the firewall market is one of the largest and most mature security technology segments, cloud network firewalls are a relatively new technology, deployed within a cloud service that by definition is constantly changing.

As part of the cloud firewall test, CyberRatings also discovered that many firewall evasion defenses are not on by default, potentially leaving customers at significant risk. In response, CyberRatings is providing a policy and configuration guide to help enterprises ensure that their firewalls are configured properly.

In The Reports

Eleven market leading Cloud Network Firewall vendors were in this comparative test. Six products were Recommended, one product received a Neutral rating, and four received a Caution rating. Security Effectiveness scores ranged from 5.39% to 100%.

CyberRatings tested the cloud firewall products to determine how they handled TLS/SSL (authentication) 1.2 and 1.3 cipher suites (algorithms), how they defended against 984 exploits (attacks that take advantage of a software flaw or install malware), and whether any of 1,645 evasions could bypass protection. At all times the devices needed to remain stable under adverse conditions. To provide a more realistic rating based on modern network traffic, both clear text (HTTP) and encrypted traffic (HTTPS) were measured. Amazon Web Services (AWS) was the public cloud service chosen to run the test.

The test reports are provided in two ways: individual test reports for each vendor and a comparative report summarizing test results for all of the vendors in the test. The methodology and the comparative SVM are provided to the community at no cost, while the in-depth reports are available for purchase. Of the individual reports, those that received a “Caution” rating are available to all members free of charge. Security Effectiveness scores ranged from 5.39% to 100%.

Test Tools

We would like to issue a special thank you to Keysight Technologies for providing their CyPerf and BreakingPoint tools for us to test the performance, TLS functionality, and stability of Cloud Network Firewalls. We would also like to thank TeraPackets for providing us with their Threat Replayer tool which enabled us to accurately replay exploits in a cloud environment.

Cloud Network Firewall

Related content

Cloud Network Firewall (CNFW) Test Update

CyberRatings.org Announces First-of-its-Kind Test on Cloud Network Firewall

CyberRatings.org Announces Test Results for Cloud Network Firewall

CyberRatings.org Issues AAA Rating on Forcepoint’s Cloud Network Firewall

CyberRatings.org Issues ‘AAA’ Rating on Juniper’s Cloud Network Firewall

2024

Q1 Comparative Report

Security Value Map (SVM)

Amazon Web Services

Barracuda

Check Point

Cisco

Forcepoint

Fortinet

Juniper Networks

Palo Alto Networks

Sophos

Versa Networks

Watch Guard

2022

Premium Account Required

Q4 Comparative Report