Security Service Edge (SSE) Threat Protection

Security Service Edge (SSE) solutions leverage the cloud’s scalability, flexibility, and operational benefits to deliver security – Access Control, Authentication and Identity, Data Loss Prevention (DLP), DNS protection, Encryption (TLS/SSL), Exploit detection and prevention, Malware and Phishing protection (including via Browser Isolation), Cloud Access / Application control (CASB), and the ability to implement Zero Trust Network Access (ZTNA).

We have categorized these SSE capabilities into the following:

• Platform: Access Control, Authentication and Identity, Encryption (TLS/SSL), ZTNA
• Threat Prevention: Exploit and Malware Prevention, Evasions
• Data Protection: Data Loss Prevention, Cloud Access / Application control (CASB)

This test focuses on the Threat Prevention portion of the service.

In 2024, CyberRatings.org performed an independent test of Security Service Edge (SSE) products against the SSE Threat Protection Methodology v2.1.

An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet.

The products were subjected to thorough testing to determine how they handled TLS/SSL 1.2 and 1.3 cipher suites, how they defended against 205 exploits and 7,140 malware samples, and whether any of 1,124 evasions could bypass protection. Both clear text and encrypted traffic were measured to provide a more realistic rating based on modern network traffic.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion.

In addition to the reports, the detailed methodology is available with a free subscription and focuses on functionality and performance related to the Threat Prevention portion of the service, including URL Filtering, Browser Isolation, and Sandboxing. This test methodology provides general information, including a description and purpose of the platform as well as the test approach.

Read the reports to see how they performed.

We would like to issue a special thank you to Keysight for providing their CyPerf tool for us to test SSE. We would also like to thank TeraPackets for providing us with their Threat Replayer tool.