Skip to main content Skip to footer
CyberRatings
  • Research & Testing
    • Test Reports
      Browser Security
      Cloud Network Firewall
      Endpoint Protection
      Enterprise Firewall (formerly NGFW)
      Software-Defined Wide Area Network (SD-WAN)
      Security Service Edge (SSE) Threat Protection
      Zero Trust Network Access (ZTNA)
    • Mini TestsHow effective are the Cloud Service Provider (CSP) native cloud firewall offerings?What does "Secure by Default" mean for Security Service Edge solutions?
Our Ratings SystemResearch
  • Media
    • Blog
    • Press
    • Podcasts & Videos
  • Services
    • Test ToolsCyPerf Trial
  • NSS Labs Archive
0
Log inSign up
CyberRatings
Log inSign up
0
  • CyberRatings
  • Research & Testing
    • Browser Security
    • Cloud Network Firewall
    • Endpoint Protection
    • Enterprise Firewall (formerly NGFW)
    • Software-Defined Wide Area Network (SD-WAN)
    • Security Service Edge (SSE) Threat Protection
    • Zero Trust Network Access (ZTNA)
    • Mini Tests
    • How effective are the Cloud Service Provider (CSP) native cloud firewall offerings?
    • What does "Secure by Default" mean for Security Service Edge solutions?

    • Our Ratings System
    • Research
  • Media
    • Blog
    • Press
    • Podcasts & Videos
  • Services
    • Test ToolsCyPerf Trial
  • NSS Labs Archive
  • Log inSign up
  • CyberRatings
  • Research & Testing
    • Test Reports
    • Browser Security
    • Cloud Network Firewall
    • Endpoint Protection
    • Enterprise Firewall (formerly NGFW)
    • Software-Defined Wide Area Network (SD-WAN)
    • Security Service Edge (SSE) Threat Protection
    • Zero Trust Network Access (ZTNA)
    • Mini Tests
    • What does "Secure by Default" mean for Security Service Edge solutions?

    • Our Ratings System
    • Research
  • Media
    • Blog
    • Press
    • Podcasts & Videos
  • Services
  • NSS Labs Archive
  • Log inSign up

Read the press release on 2025 Cloud Network Firewall Test Results

Blog

« Back
« Back

How CyberRatings Tests Security

April 8, 2025Ian FooBlog

At CyberRatings, our mission is to provide objective, real-world validation of cybersecurity products, ensuring enterprises have the insights they need to make informed security decisions. To achieve this, we employ a rigorous, industry-leading testing methodology, leveraging a combination of commercial, open-source, and in-house developed tools.

The Tools Behind Our Testing

Our testing arsenal consists of both commercial and custom-developed platforms, allowing us to generate realistic and complex network conditions. One of our key technology partners is Keysight Technologies, whose platforms—including CyPerf, PerfectStorm, BreakingPoint, and Network Emulator—enable us to simulate high-scale network traffic and sophisticated attack scenarios. Additionally, we have partnered with TeraPackets, utilizing their advanced traffic replay tools when needed.

Comprehensive Threat Testing

A critical aspect of cybersecurity validation is ensuring products can detect and block real-world threats without excessive false positives. To accomplish this, we curate threat packages from a vast range of sources, including:

  • Exploits from 240,000+ known vulnerabilities documented in the CVE database. These exploits are carefully selected based on the focus of each test program, ensuring alignment with real-world security concerns. Our library includes both commercially sourced and in-house developed exploit samples.
  • Malware from over 1,000,000+ live samples publicly available across the internet, covering a wide range of threat actors and attack techniques.
  • Advanced evasion techniques, meticulously crafted to test how well security products handle obfuscation and bypass attempts. Our in-house techniques allow us to apply hundreds of evasion layers on malware and exploit samples, creating millions of potential threat variations.
  • Legitimate application traffic to assess the rate of false positives, ensuring that security solutions effectively distinguish between malicious and benign activity.

Business and Technical Value

Our approach to testing provides tangible business and technical benefits for enterprises, security teams, and vendors alike:

  • Enterprises gain confidence in the products they deploy, knowing they have been tested against real-world threat conditions rather than artificial lab environments.
  • Security teams receive actionable insights, helping them choose solutions that offer strong protection while minimizing disruptions from false positives.
  • Vendors benefit from transparent, data-driven validation, allowing them to optimize product performance and improve detection efficacy based on objective results.

By leveraging industry-leading tools, an extensive threat database, and advanced evasion techniques, CyberRatings sets the standard for security validation, helping organizations navigate the evolving cybersecurity landscape with confidence.

Related content

Our Adversarial Approach to Testing at CyberRatings

April 9, 2025
BLOG

Sign up for our Newsletter

515 South Capital of Texas Highway
Suite 225
Austin, TX 78746

Phone: +1 (512) 333-1734

Fax: +1 (512) 727-2130

Contact Us

Research & Testing

  • Browser Security
  • Cloud Network Firewall
  • Endpoint Protection
  • Enterprise Firewall (formerly NGFW)
  • Software-Defined Wide Area Network (SD-WAN)
  • Security Service Edge (SSE) Threat Protection
  • Zero Trust Network Access (ZTNA)
Mini TestsHow effective are the Cloud Service Provider (CSP) native cloud firewall offerings?What does "Secure by Default" mean for Security Service Edge solutions?Our Ratings SystemResearch

Services

  • Test Tools
  • CyPerf Trial

Media

  • Blog
  • Press
  • Podcasts & Videos

About Us

  • Our Mission
  • Leadership

Research & Testing

  • Browser Security
  • Cloud Network Firewall
  • Endpoint Protection
  • Enterprise Firewall (formerly NGFW)
  • Software-Defined Wide Area Network (SD-WAN)
  • Security Service Edge (SSE) Threat Protection
  • Zero Trust Network Access (ZTNA)
Mini TestsHow effective are the Cloud Service Provider (CSP) native cloud firewall offerings?What does "Secure by Default" mean for Security Service Edge solutions?Our Ratings SystemResearch

Services

  • Test Tools
  • CyPerf Trial

Media

  • Blog
  • Press
  • Podcasts & Videos

About Us

  • Our Mission
  • Leadership

Copyright © 2022 - 2025 CyberRatings.org, All Rights Reserved. Use of this site governed by the Terms of Service

Privacy PolicyCopyright & Quote PolicyCookie Policy
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
body::-webkit-scrollbar { width: 7px; } body::-webkit-scrollbar-track { border-radius: 10px; background: #f0f0f0; } body::-webkit-scrollbar-thumb { border-radius: 50px; background: #dfdbdb }