Tag: Ransomware

Identifying Key Features in Cloud Network Firewalls

Posted on by CyberRatings.org

Today, we focus on the essential features to consider when choosing a cloud network firewall. This guide is tailored for IT professionals, network administrators, and cybersecurity enthusiasts who are evaluating cloud firewall options.

Key Features of Cloud Network Firewalls

  1. Advanced Threat Protection (ATP)
    • Importance: ATP is vital for defending against sophisticated cyber threats, including zero-day attacks, ransomware, and other advanced malware.
    • Consideration: Look for firewalls offering comprehensive ATP with continuous updates to protect against the latest threats.
  2. Intrusion Detection and Prevention Systems (IDPS)
    • Importance: IDPS is critical for identifying and mitigating attacks before they penetrate the network.
    • Consideration: Ensure the firewall provides real-time monitoring and can effectively respond to both known and emerging threats.
  3. Scalability and Elasticity
    • Importance: Cloud environments demand firewalls that can scale dynamically with fluctuating traffic and changing organizational needs.
    • Consideration: Choose firewalls that offer auto-scaling capabilities to ensure seamless security across fluctuating workloads.
  4. Stateful and Stateless Inspection
    • Importance: Stateful inspection tracks the state of active connections, while stateless inspection analyzes packet headers.
    • Consideration: A robust firewall should offer both stateful and stateless inspection capabilities, allowing for thorough traffic analysis and enhanced security.
  5. TLS/SSL Inspection
    • Importance: With a significant amount of malicious traffic now encrypted TLS/SSL inspection is crucial for uncovering hidden threats.
    • Consideration: Look for firewalls that can decrypt and inspect encrypted traffic without significantly impacting performance.
  6. Quality of Service (QoS) and Traffic Prioritization
    • Importance: QoS ensures critical applications receive the bandwidth they need, even during high traffic periods.
    • Consideration: Choose a firewall that can prioritize traffic based on business needs and application criticality.
  7. Multi-Factor Authentication (MFA)
    • Importance: MFA adds an additional layer of security for accessing firewall settings, reducing the risk of unauthorized changes.
    • Consideration: Ensure the firewall supports MFA for administrative access.
  8. Integration with Cloud Services
    • Importance: Effective integration ensures that the firewall works seamlessly with existing cloud services.
    • Consideration: Opt for firewalls that offer native integration with your cloud platform for streamlined security management.
  9. Logging and Reporting
    • Importance: Detailed logs and reports are essential for compliance, auditing, and understanding network traffic patterns.
    • Consideration: Select a firewall that offers comprehensive logging and reporting capabilities with easy-to-understand formats.
  10. Centralized Management
    • Importance: Centralized management simplifies the administration of multiple firewalls across different environments.
    • Consideration: A firewall with a centralized management console is ideal for streamlined policy updates and monitoring.
  11. High Availability and Redundancy
    • Importance: Ensuring continuous operation, high availability, and redundancy are critical for maintaining network integrity and uptime.
    • Consideration: Look for firewalls that offer failover capabilities and can operate in a high-availability setup.
  12. Customization and Flexibility
    • Importance: Every organization has unique security needs. Customizable firewalls allow for tailored security policies.
    • Consideration: Choose a firewall that allows for custom rule creation and offers flexibility in its security settings.

Making the Right Choice

When selecting a cloud network firewall, consider not only the current needs of your organization but also future scalability and integration requirements. The right firewall should enhance your security posture without compromising on performance or flexibility.

cyberratings.org/ has tested the leading Cloud Network Firewalls. Test results and a comparative report are available online for members.

Stay with us as we continue to unravel the intricacies of cloud network security, equipping you with the knowledge and skills to make informed decisions in this critical aspect of cybersecurity.

MEF: Ransomware-as-a-Service — Securing the Enterprise

Posted on by CyberRatings.org

CyberRatings.org Chairman and CEO, Vikram Phatak, discusses the current cybercrime ecosystem and explores the shift to innovative cloud services, which reduces complexity but adds a new level of due diligence for the enterprise. How can organizations ensure cloud services are secure and performing as ordered while protecting the enterprise network?

In this Executives at the Edge episode, host Pascal Menezes explores these topics and more with Vikram Phatak of CyberRatings.org:

  • How has cybercrime changed and what does today’s cybercrime ecosystem look like?
  • What impact does the move to cloud services have on securing an enterprise network and its managed services?
  • Does SASE have a role to play in delivering secure cloud services to organizations?
  • How can enterprises gain visibility into their managed services to ensure they are performing as ordered?
  • Are certified services and technologies a nice-to-have or a need-to-have?

Listen to the podcast here.

MEF’s Executives at the Edge podcast with Vikram Phatak

Posted on by CyberRatings.org

Our CEO, Vikram Phatak recently did a podcast with Pascal Menezes, CTO of MEF. We wanted to reiterate some of the insights shared by Vik on this podcast and encourage you to listen to the entire interview on MEF’s ExecutivesAtTheEdge podcast.

The topic – “Ransomware-as-a-Service: Securing the Enterprise” – is a discussion on how organizations can ensure cloud services are secure and performing as designed while protecting the enterprise network.

From our point of view, it’s important to understand how your security products are protecting the enterprise. Having an empirical score on that performance will help you make your own decisions about which products are a good fit for your organization.

In the podcast Vik discusses our testing program and how we rate security products. With metrics over time such as time to detect, you can also get a good idea of how your security vendor is managing the ever-changing vulnerability landscape.

We hope you enjoy the podcast. If you have any questions about our testing and ratings programs, please reach out to info@cyberratings.org.

Best regards,

Carma Austin
Executive Vice President and Co-Founder

Endpoint Protection / Anti-Virus Products Tested for Malware Protection

Posted on by CyberRatings.org

AUSTIN, Texas – August 25, 2022 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has published results of its Q2 2022 Endpoint Protection Comparative Test.

Focused on endpoint products that feature anti-virus protection, the products tested were Avast Free Antivirus, AVG AntiVirus Free, ESET Internet Security, McAfee Total Protection, Norton 360, Microsoft Defender, Sophos Home Premium and Trend Micro Maximum Security.

“The bad guys are getting bolder and malware / ransomware campaigns continue to get more sophisticated,” said Vikram Phatak, CEO of CyberRatings.org. “Most infections occur in the first few hours after a new campaign is launched. The time it takes for a security product to block the attack matters a lot,” adds Phatak. “That is why we tested not only how much malware a product blocks, but how quickly it blocks an attack.”

Over 40,000 live tests were performed on each product, providing a ±0.49% margin of error. Trend Micro Maximum Security offered the most protection, blocking 97.97% of malware. Sophos Home Premium provided the second-highest protection, blocking 97.47%, followed by Microsoft Defender at 97.13%. Sophos was the quickest to add protection for previously unblocked malware, closely followed by Trend Micro.

With more businesses embracing remote work, a user’s protection is likely limited to the web browser and their endpoint protection product. Therefore, it’s important to be informed about which products are performing as advertised.

The Comparative Test Reports provide metrics for products blocking malware over time, average time a product added protection and average time it took a product to add protection.

The test was funded by CyberRatings.org and no vendor paid to be in or out of the test. As a service to the community, CyberRatings.org is providing these reports for free.

The following endpoint protection / anti-virus products were tested:

  • Avast Free Antivirus – v22.4.6011 (build 22.4.7175.725)
  • AVG AntiVirus Free – v22.4.3231 (build 22.4.7175.725)
  • ESET Internet Security – v15.1.12.0
  • McAfee Total Protection – v16.0 R46
  • Norton 360 (latest updates)
  • Sophos Home Premium – v4.1.0
  • Trend Micro Maximum Security – v17.7.1243
  • Windows Defender – Antimalware Client v4.18.2203.5

CyberRatings.org Announces New Web Browser Test Results for 2022

Posted on by CyberRatings.org

AUSTIN, Texas – August 16, 2022 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has published the results of its 2022 Web Browser Security Test. Google Chrome, Microsoft Edge, and Mozilla Firefox were tested for Phishing Protection and Malware Protection running on Windows 10 and 11.

The Malware tests ran for 24 days with 96 discrete test runs. Phishing tests ran for 20 days with 80 discrete test runs. The reports include measurements of protection against fresh new attacks, consistency of protection over time, and how effective the browser protection was overall.

The ability to warn potential victims that they are about to land on a malicious website or click on a suspicious URL puts web browsers in a unique position to protect the user from an attack. Websites that trick users into downloading malware and phishing campaigns often used for criminal activity have short lifespans, so it is essential that the URL is discovered and added to the reputation system as quickly as possible. A good reputation system must be both accurate and fast to achieve high catch rates.

“Phishing attacks pose a significant risk to individuals and organizations by threatening to compromise or acquire sensitive personal and corporate information,” said Vikram Phatak, CEO of CyberRatings.org. “Phishing and Ransomware attacks continue to rise year over year. Consumers should not override the warnings offered by their web browser protection but instead take advantage of the free offering.”

Key Take-Aways

Malware protection

  • Microsoft Edge – 97.0%
  • Google Chrome – 88.4%
  • Mozilla Firefox – 84.6%

Phishing protection

  • Microsoft Edge – 91.6%
  • Mozilla Firefox – 90.0%
  • Google Chrome – 89.6%

Average time to block a URL from malware

  • Microsoft Edge 0:56:51
  • Google Chrome 4:46:39
  • Mozilla Firefox 5:18:40

Average time to block a phishing URL

  • Microsoft Edge 0:44:07
  • Mozilla Firefox 1:23:37
  • Google Chrome 2:19:13

The Comparative Test Reports provide detailed results for each product. As a service to the community, CyberRatings.org is providing these reports for free.

The following browsers were tested:

  • Google Chrome: Version 0.1210.53- 102.0.5005.115
  • Microsoft Edge: Version 0.1210.47 – 102.0.1254.39
  • Mozilla Firefox: Version 0.1 – 101.0.1

CyberRatings.org Announces New Web Browser Test Results for 2021

Posted on by CyberRatings.org

AUSTIN, Texas  – July 13, 2021 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has published the results of its 2021 Web Browser Security Test. Microsoft Edge, Google Chrome and Mozilla Firefox were tested for Phishing Protection and Malware Protection.

Key Take-Aways

  • Microsoft Edge is based on Chromium, the same code base as Google Chrome. Where they differ is in features such as Anti-Malware and Anti-Phishing reputation systems.
  • Malware: At 97.4% Microsoft Edge provided users with more protection than Google Chrome (86.3%) and Mozilla Firefox (81.8%).
  • Phishing: At 92.3% Microsoft Edge provided users with more protection than Google Chrome (84.6%) and Mozilla Firefox (83.2%).
  • The results were consistent throughout the test with no disruptions in service.
  • Web Browser protection is free, and consumers should take advantage of it.

The ability to warn potential victims that they are about to stray onto a malicious website puts web browsers in a unique position to combat malware. Websites that trick (socially engineer) users to download malware have short lifespans, so it is essential that the site is discovered and added to the reputation system as quickly as possible. A good reputation system must be both accurate and fast to realize high catch rates.

Phishing attacks pose a significant risk to individuals and organizations by threatening to compromise or acquire sensitive personal and corporate information. Email, instant messages, SMS messages and links (URLs) on social networking sites are all vectors for phishing attacks. A browser’s ability to block malicious URLs was measured every six hours to determine how long it would take a vendor to add protection.

“Threat actors are shifting tactics with increasing focus on Ransomware. Ransomware almost always starts with phishing / social engineering. Phishing doubled in 2020 and so far, is up year over year,” said Vikram Phatak, CEO of CyberRatings.org. “Now, more than ever, consumers should not override the warnings offered by their web browser.”

The Comparative Test Reports provide detailed results including block rates for each product and data recording consistency of protection over time. As a service to the community, CyberRatings.org is providing these reports for free.

The following browsers were tested:

  • Google Chrome: Version 90.0.4430.212 – 91.0.4472.19
  • Microsoft Edge: Version 91.0.864.19 – 91.0.864.37
  • Mozilla Firefox: Version 88.0.1 – 88.0.1