Skip to main content Skip to footer
CyberRatings
  • Research & Testing
    • Test Reports
      Browser Security
      Cloud Network Firewall
      Endpoint Protection
      Enterprise Firewall (formerly NGFW)
      Software-Defined Wide Area Network (SD-WAN)
      Security Service Edge (SSE) Threat Protection
      Zero Trust Network Access (ZTNA)
    • Mini TestsHow effective are the Cloud Service Provider (CSP) native cloud firewall offerings?What does "Secure by Default" mean for Security Service Edge solutions?
Our Ratings SystemResearch
  • Media
    • Blog
    • Press
    • Podcasts & Videos
  • Services
    • Test ToolsCyPerf Trial
  • NSS Labs Archive
0
Log inSign up
CyberRatings
Log inSign up
0
  • CyberRatings
  • Research & Testing
    • Browser Security
    • Cloud Network Firewall
    • Endpoint Protection
    • Enterprise Firewall (formerly NGFW)
    • Software-Defined Wide Area Network (SD-WAN)
    • Security Service Edge (SSE) Threat Protection
    • Zero Trust Network Access (ZTNA)
    • Mini Tests
    • How effective are the Cloud Service Provider (CSP) native cloud firewall offerings?
    • What does "Secure by Default" mean for Security Service Edge solutions?

    • Our Ratings System
    • Research
  • Media
    • Blog
    • Press
    • Podcasts & Videos
  • Services
    • Test ToolsCyPerf Trial
  • NSS Labs Archive
  • Log inSign up
  • CyberRatings
  • Research & Testing
    • Test Reports
    • Browser Security
    • Cloud Network Firewall
    • Endpoint Protection
    • Enterprise Firewall (formerly NGFW)
    • Software-Defined Wide Area Network (SD-WAN)
    • Security Service Edge (SSE) Threat Protection
    • Zero Trust Network Access (ZTNA)
    • Mini Tests
    • What does "Secure by Default" mean for Security Service Edge solutions?

    • Our Ratings System
    • Research
  • Media
    • Blog
    • Press
    • Podcasts & Videos
  • Services
  • NSS Labs Archive
  • Log inSign up

Read the press release on new SSE and ZTNA results — See how Zscaler’s Zero Trust Exchange Performed

Press

« Back
« Back

CyberRatings.org Publishes Security Service Edge (SSE) “Mini-Test” Results Designed to Answer One Question: Are They Secure by Default?

October 3, 2024CyberRatings.orgPress

Austin, TX – October 3, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has published its first “Mini-Test.” This Mini-Test for Security Service Edge (SSE) products was focused on answering the question, “How secure are users if they rely on the vendors’ default configurations?” Tests showed four SSE products blocked between 89.90% to 96.74% of malware downloads, but three failed to block any malware at all (i.e. 0%).

“For products whose default configurations offered 0% protection, we made minor configuration changes to determine how much the protection could improve,” said Vikram Phatak, CEO of CyberRatings.org. “With those changes, we were able to achieve over 90% block rate on average. For products that offered effective defaults, no further adjustments were made.”

Research indicates that most customers expect cybersecurity vendors to ship with a high level of protection enabled by default. CISA states: “Secure-by-Default” means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure-by-Default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls.”

SSE solutions are a subset of Secure Access Service Edge (SASE) that focus primarily on security services delivered through the cloud. SSE encompasses critical security functions such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), and Zero Trust Network Access (ZTNA), which work together to protect users, devices, and applications across distributed networks. SSE solutions improve flexibility and scalability, enabling enterprises to enforce security policies regardless of user location or device. SSE is particularly beneficial for organizations with a remote or hybrid workforce, as it provides consistent protection against threats, controls access to cloud services and ensures data security without relying on traditional network boundaries.

While some SSEs offer moderate malware protection by default, others do not. End-users should verify the security level their organizations require and assess whether the vendor’s default configuration meets their needs. If it does not, it is advisable to implement the vendor’s recommended configurations for an optimized solution. It should not be assumed that any vendor solution will be secure by default. 

Key Findings:

  • The level of security offered by default varies greatly across SSE vendors. Three out of seven SSE vendors tested offered no security by default.
  • In some cases, minor changes from a vendor’s supplied default configuration dramatically improved the security posture of an SSE solution. We observed improvements in malware blocking from 0% to >90% on average.
  • SSE customers should not assume any level of security by default without verification.
  • SSE customers should understand where the SSE they use stands by default, and whether that default offers the required level of security for their environment.
  • SSE customers should be aware of the potential default options and their implications during any guided setup offered, which may not provide the required level of security. This can be a risk when leveraging non-technical staff for initial setup and configuration.

SSE “Mini-Test” Results:

Further details can be found in the report at https://cyberratings.org/mini-test/.

Keysight provides technology and support for CyberRatings testing programs.

Related content

CISA’s “Secure by Design, Secure by Default” gets it right

August 30, 2023
Blog

CyberRatings.org Announces “Spot Check” for Security Service Edge (SSE).

January 31, 2024
PRESS RELEASE

Security Service Edge (SSE) Threat Protection

Technology

SSE Implementation: Evasions and the Need for a Solid Defense

February 27, 2024
Blog

CyberRatings.org Announces Test Results and Ratings. Security Service Edge (SSE) Focused on Firewall as a Service

June 7, 2022
PRESS RELEASE

SSE Success and Missteps: Implementing Security Service Edge

March 5, 2024
BLOG

Mastering Oversight in SSE Implementation

February 5, 2024
BLOG

Versa Security Service Edge (SSE) and Versa Zero Trust Network Access (ZTNA) Earn “AAA” ratings in CyberRatings.org SSE and ZTNA Tests

October 24, 2024
PRESS RELEASE

Mini Test

October 2, 2024

CyberRatings.org Announces Test Results for Fortinet Unified Secure Access Service Edge (FortiSASE)

December 4, 2024
PRESS RELEASE

CyberRatings.org Announces Test Results for Cisco Umbrella and Palo Alto Networks Prisma Access

May 15, 2025
PRESS RELEASE

Sign up for our Newsletter

515 South Capital of Texas Highway
Suite 225
Austin, TX 78746

Phone: +1 (512) 333-1734

Fax: +1 (512) 727-2130

Contact Us

Research & Testing

  • Browser Security
  • Cloud Network Firewall
  • Endpoint Protection
  • Enterprise Firewall (formerly NGFW)
  • Software-Defined Wide Area Network (SD-WAN)
  • Security Service Edge (SSE) Threat Protection
  • Zero Trust Network Access (ZTNA)
Mini TestsHow effective are the Cloud Service Provider (CSP) native cloud firewall offerings?What does "Secure by Default" mean for Security Service Edge solutions?Our Ratings SystemResearch

Services

  • Test Tools
  • CyPerf Trial

Media

  • Blog
  • Press
  • Podcasts & Videos

About Us

  • Our Mission
  • Leadership

Research & Testing

  • Browser Security
  • Cloud Network Firewall
  • Endpoint Protection
  • Enterprise Firewall (formerly NGFW)
  • Software-Defined Wide Area Network (SD-WAN)
  • Security Service Edge (SSE) Threat Protection
  • Zero Trust Network Access (ZTNA)
Mini TestsHow effective are the Cloud Service Provider (CSP) native cloud firewall offerings?What does "Secure by Default" mean for Security Service Edge solutions?Our Ratings SystemResearch

Services

  • Test Tools
  • CyPerf Trial

Media

  • Blog
  • Press
  • Podcasts & Videos

About Us

  • Our Mission
  • Leadership

Copyright © 2022 - 2025 CyberRatings.org, All Rights Reserved. Use of this site governed by the Terms of Service

Privacy PolicyCopyright & Quote PolicyCookie Policy
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
body::-webkit-scrollbar { width: 7px; } body::-webkit-scrollbar-track { border-radius: 10px; background: #f0f0f0; } body::-webkit-scrollbar-thumb { border-radius: 50px; background: #dfdbdb }