Austin, TX – January 21, 2025 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed a follow up independent “Mini-Test” of Google Cloud Platform’s Next-Generation Firewall (GCP NGFW). This new test follows the same methodology for the test results of three Cloud Service Providers (CSPs) published November 26, 2024. The security effectiveness score for Google’s cloud firewall improved from 50.57% to 86.97%.
“Last November’s cloud native firewall test results from Cloud Service Providers surprised a lot of people, including the product team at Google,” said Vikram Phatak, CEO of CyberRatings.org. “They wanted to understand what had caused their low score, and after reviewing use cases with them, one key recommendation was to modify their firewall’s default behavior,” adds Phatak.
By applying Google’s guidance to modify the firewall’s behavior to block exploits targeting low to high severity vulnerabilities (vs. the default of just triggering alerts for low to medium, and only blocking for high), security effectiveness increased dramatically. Testing was conducted using the same set of exploits as the original test in November using the KeySight CyPerf 5.0 strikes library. Only known Common Vulnerabilities and Exposures (CVEs) from the last ten years with a severity of medium or higher were used to assess security effectiveness, usability, and protection. The exploits (CVE) targeted servers and cloud workload deployments.
“This improvement underscores the value of fine-tuning security settings based on vendor best practice recommendations to maximize protection,” said Ian Foo, CTO and EVP of Product at CyberRatings. “The collaboration exemplifies how open communication, and shared goals can drive positive outcomes. At CyberRatings, we’re proud to work with organizations like Google to help ensure enterprise users benefit from secure and effective cloud-native solutions,” adds Foo.
This updated test for GCP remains in part one of a two-part test. Part two (the comprehensive comparative test) will include a higher number of exploits, along with evasions and malware as outlined in the Cloud Network Firewall Methodology v3.0. The second part of the test is expected to publish in March, comparing cloud service provider native solutions against market leading third-party cloud network firewall providers.
The native firewalls were tested using Keysight’s CyPerf v5.0 software testing platform. Enterprises can easily replicate the results with a 2-week free trial from Keysight. Further details of the strike library can be found here: https://www.keysight.com/us/en/products/network-test/cloud-test/cyperf.html
The test report is available for free at cyberratings.org.