Cloud Network Firewall
The Security Value Map ™ (SVM) provides a high-level analysis of the detailed findings from our tests. The x-axis displays the Price per Protected Mbps in US dollars. The y-axis displays the Protection Rate score as a percentage.
Where a product’s Protection Rate and Price per Protected Mbps scores will determine which section it falls into on the SVM:
- Recommended: Products in the upper-right section are recommended for security, performance, and value.
- Neutral: Products that map into either the upper-left or lower-right sections are less capable than the Recommended category.
- Caution: Products that map into the lower-left section of the SVM offer poor value for money.
- Technology Overview
- In The Reports
- Test Tools
Cloud network firewalls are considered to be the first line of defense when deployed in public cloud providers such as Amazon Web Services, Google Cloud Platform and Microsoft Azure. While the firewall market is one of the largest and most mature security technology segments, cloud network firewalls are a relatively new technology, deployed within a cloud service that by definition is constantly changing.
As part of the cloud firewall test, CyberRatings also discovered that many firewall evasion defenses are not on by default, potentially leaving customers at significant risk. In response, CyberRatings is providing a policy and configuration guide to help enterprises ensure that their firewalls are configured properly.
Eleven market leading Cloud Network Firewall vendors were in this comparative test. Six products were Recommended, one product received a Neutral rating, and four received a Caution rating. Security Effectiveness scores ranged from 5.39% to 100%.
CyberRatings tested the cloud firewall products to determine how they handled TLS/SSL (authentication) 1.2 and 1.3 cipher suites (algorithms), how they defended against 984 exploits (attacks that take advantage of a software flaw or install malware), and whether any of 1,645 evasions could bypass protection. At all times the devices needed to remain stable under adverse conditions. To provide a more realistic rating based on modern network traffic, both clear text (HTTP) and encrypted traffic (HTTPS) were measured. Amazon Web Services (AWS) was the public cloud service chosen to run the test.
The test reports are provided in two ways: individual test reports for each vendor and a comparative report summarizing test results for all of the vendors in the test. The methodology and the comparative SVM are provided to the community at no cost, while the in-depth reports are available for purchase. Of the individual reports, those that received a “Caution” rating are available to all members free of charge. Security Effectiveness scores ranged from 5.39% to 100%.
We would like to issue a special thank you to Keysight Technologies for providing their CyPerf and BreakingPoint tools for us to test the performance, TLS functionality, and stability of Cloud Network Firewalls. We would also like to thank TeraPackets for providing us with their Threat Replayer tool which enabled us to accurately replay exploits in a cloud environment.