Tag: Secure Access Service Edge

A New Independent RFP for SASE Buyers

Posted on by CyberRatings.org

Secure Access Service Edge (SASE) has emerged as a critical architecture for enterprises seeking to meet the challenges of modern perimeterless access, requiring them to seamlessly unify networking and security. However, purchasing a SASE solution can be one of the most high-impact yet complex decisions that IT teams face today. Effective SASE requires the integration of multiple underlying technologies to be successful: SD-WAN, Firewall-as-a-Service, Zero Trust, Secure Web Gateway, Cloud Access Security Brokers, Data Loss Prevention, and Sandboxing.

Properly evaluating a product or solution combining this much functionality and internal level of integration is daunting and resource intensive.

This SASE RFP is the brainchild of Matt Palmer, founder of Decision Insights, a new research platform designed for how enterprise IT buying works in today’s world. Their mission is to help IT buyers make informed decisions, faster.

Matt’s vision is similar to ours at CyberRatings. We help enterprises make better decisions through objective and rigorous testing and auditing of security technologies, products, and services. The SASE RFP includes an editorial on why independent testing matters and why many buyers are now relying on verified testing results based on evidentiary data before making their final product selection. The RFP also takes a deep technical dive to help teams understand how to verify functionality and security claims.

We’re delighted to be working with SDxCentral, Decision Insights and Keysight on this new SASE RFP framework. The evaluation kit is a downloadable RFP template from DecisionInsights.ai, built specifically for buyers and spun out of SDxCentral. The kit comes complete with a vendor response spreadsheet and step-by-step guides to help teams run a well-organized and well-documented evaluation process that covers the critical care-abouts in selecting a SASE offering.

To get started visit the Independent RFP for SASE Buyers at SDxCentral.

The CyberRatings Team

MEF: 15 Leading Technology and Service Providers Achieve SASE Certification in Industry’s Only Independent Certification Program

Posted on by CyberRatings.org

DALLAS, Texas, October 29, 2024 – MEF, a global consortium of network, cloud, security, and technology providers driving enterprise digital transformation, today announced significant advancements in its MEF 3.0 Secure Access Service Edge (SASE) Certification Program. Technology providers Fortinet and Versa have achieved full SASE certification, while service providers AT&T, BT, Colt, Comcast Business, Console Connect, Liberty Latin America, Lumen, Orange Business, TPG, and Verizon have also earned full SASE certification. Additionally, technology providers Broadcom Inc. and Palo Alto Networks, and service provider Sparkle, are expected to achieve full SASE certification shortly. Organizations that achieve SASE certification through MEF’s rigorous independent program receive a rating on product effectiveness and are listed in MEF’s registry of certified companies. SASE certification is now available to all MEF members.

Read the full press release here.

Versa Security Service Edge (SSE) and Versa Zero Trust Network Access (ZTNA) Earn “AAA” ratings in CyberRatings.org SSE and ZTNA Tests

Posted on by CyberRatings.org

Austin, TX – October 24, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Versa Security Service Edge (SSE) and Versa Zero Trust Network Access (ZTNA). Both products earned “AAA” ratings.

An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet. Versa’s SSE achieved an overall 99.96% Protection Rate for blocking 100% of Exploits, 99.96% of Malware and 100% of Evasions. The product was thoroughly tested to determine how it handled TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Versa resisted 1,124 out 1,124 evasions.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Versa’s ability to block attacks while permitting legitimate traffic achieving 99.72% for browsing and 99.2.0% for file downloads without any false positive events being encountered.

Versa’s ZTNA was tested to determine how it handled authentication and identity, managed resource access, processed routing and policy enforcement, and if it supported TLS/SSL 1.2 and 1.3 cipher suites. In all four cases, the ZTNA achieved 100%.

“Versa handled our variety of use cases with ease and demonstrated that they could block attacks under a wide range of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

CyberRatings is testing several other SSE and ZTNA vendors this year along with Software-Defined Wide Area Network (SD-WAN), bringing together the Secure Access Service Edge (SASE) package of test results to be published in the coming months.

Keysight provided its CyPerf tool to test performance, TLS/SSL functionality, stability and impairment. TeraPackets provided their Threat Replayer tool for packet capture replay.

The in-depth test reports are available at CyberRatings.org.

CyberRatings.org Publishes Security Service Edge (SSE) “Mini-Test” Results Designed to Answer One Question: Are They Secure by Default?

Posted on by CyberRatings.org

Austin, TX – October 3, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has published its first “Mini-Test.” This Mini-Test for Security Service Edge (SSE) products was focused on answering the question, “How secure are users if they rely on the vendors’ default configurations?” Tests showed four SSE products blocked between 89.90% to 96.74% of malware downloads, but three failed to block any malware at all (i.e. 0%).

“For products whose default configurations offered 0% protection, we made minor configuration changes to determine how much the protection could improve,” said Vikram Phatak, CEO of CyberRatings.org. “With those changes, we were able to achieve over 90% block rate on average. For products that offered effective defaults, no further adjustments were made.”

Research indicates that most customers expect cybersecurity vendors to ship with a high level of protection enabled by default. CISA states: “Secure-by-Default” means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure-by-Default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls.”

SSE solutions are a subset of Secure Access Service Edge (SASE) that focus primarily on security services delivered through the cloud. SSE encompasses critical security functions such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), and Zero Trust Network Access (ZTNA), which work together to protect users, devices, and applications across distributed networks. SSE solutions improve flexibility and scalability, enabling enterprises to enforce security policies regardless of user location or device. SSE is particularly beneficial for organizations with a remote or hybrid workforce, as it provides consistent protection against threats, controls access to cloud services and ensures data security without relying on traditional network boundaries.

While some SSEs offer moderate malware protection by default, others do not. End-users should verify the security level their organizations require and assess whether the vendor’s default configuration meets their needs. If it does not, it is advisable to implement the vendor’s recommended configurations for an optimized solution. It should not be assumed that any vendor solution will be secure by default. 

Key Findings:

  • The level of security offered by default varies greatly across SSE vendors. Three out of seven SSE vendors tested offered no security by default.
  • In some cases, minor changes from a vendor’s supplied default configuration dramatically improved the security posture of an SSE solution. We observed improvements in malware blocking from 0% to >90% on average.
  • SSE customers should not assume any level of security by default without verification.
  • SSE customers should understand where the SSE they use stands by default, and whether that default offers the required level of security for their environment.
  • SSE customers should be aware of the potential default options and their implications during any guided setup offered, which may not provide the required level of security. This can be a risk when leveraging non-technical staff for initial setup and configuration.

SSE “Mini-Test” Results:

Further details can be found in the report at CyberRatings.org.

Keysight provides technology and support for CyberRatings testing programs.

MEF: Leading Technology Providers Achieve First Milestone in SASE Certification Program

Posted on by CyberRatings.org

LOS ANGELES, Calif., August 28, 2024 – MEF, a global consortium of network, cloud, security, and technology providers accelerating enterprise digital transformation, today announced new certifications in the first module of its Secure Access Service Edge (SASE) products and services certification program. SD-WAN certification was achieved by Broadcom, Inc., Fortinet, and Versa. Palo Alto Networks is expected to achieve its SD-WAN certification shortly. Certified technology providers have received a rating on product effectiveness and will be listed in MEF’s registry of certified organizations. MEF’s SASE certification program is now generally available to technology and service provider members.

Enterprises worldwide have adopted SD-WAN to enable digital transformation, addressing changing workforce needs and cloud migration. SD-WAN offers improved application performance, centralized management, optimized connectivity, agility, security, cost, and other benefits. As a key component of SASE, SD-WAN has become increasingly integrated with cybersecurity solutions to protect distributed environments.

Read the full press release here.

MEF: SASE standardization and certification drive adoption

Posted on by CyberRatings.org

Industry trade group MEF released its “State of the Industry Report: SASE” report underscoring the role of its standards-based secure access service edge (SASE) certification program in helping enterprise networking and cybersecurity decision-makers identify effective solutions.

MEF emphasized the importance of industry standards and certification programs in ensuring consistent terminology and validated security effectiveness, which it claims will help build trust in SASE solutions and accelerate their adoption across the industry.

Read the full article here.

Zscaler Zero Trust Exchange Earns “AAA” Rating in CyberRatings.org Security Service Edge Threat Protection Test.

Posted on by CyberRatings.org

Austin, TX – June 11, 2024 – cyberratings.org/ (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Zscaler’s Zero Trust Exchange Security Service Edge (SSE). An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet. Zscaler received a “AAA” rating for Security Service Edge after achieving a 98.0% Protection Rate for blocking 98.05% of Exploits, 99.93% of Malware and 100% of Evasions.

The product was subjected to thorough testing using both clear text and encrypted traffic to provide a more realistic rating based on modern network traffic. Zscaler’s Zero Trust Exchange was measured against how it defended against 205 exploits, 7,140 malware samples and whether any of 1,124 evasions could bypass its protection using clear text and TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Zscaler resisted 1,124 out 1,124 evasions.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Zscaler’s ability to block attacks while permitting legitimate traffic achieving 99.86% for browsing and 96.85% for file downloads.

“Zscaler handled all use cases with ease and demonstrated that they could block attacks under a wide variety of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of cyberratings.org/.

CyberRatings is on track to test several other SSE vendors this year for Threat Protection along with Software-Defined Wide Area Network (SD-WAN), and Zero Trust Network Access (ZTNA) bringing together the Secure Access Service Edge (SASE) package of test results later in the year.

What is Security Service Edge (SSE)?

Posted on by CyberRatings.org

In the ever-evolving cybersecurity landscape, Security Service Edge (SSE) has emerged as a pivotal component, especially in the context of Zero Trust architectures. Let’s dive into what SSE is, understand why it’s increasingly relevant in today’s cloud-centric world, and its integral role in supporting Zero Trust Network Access (ZTNA).

SSE in the Cloud Era

The shift from traditional, on-premises security models to cloud-based solutions has been a significant evolutionary step in cybersecurity. Driven by the increasing reliance on cloud services, remote workforces, and the strategic shift to cost-effective operations, this transition necessitates a more flexible and comprehensive approach to security.

Technical Overview of SSE

SSE, as part of the Secure Access Service Edge (SASE) framework, offers an array of security functions vital for cloud environments:

  1. Access Control: Manages who can access network resources, ensuring that only authorized users and devices gain entry.
  2. Authentication: Verifies user and device identities, serving as a gatekeeper for accessing network resources.
  3. Identity Management: Integrates with third-party services like Okta, Ping, and Microsoft AD, managing user identities and permissions.
  4. Data Loss Prevention (DLP): Protects sensitive data from unauthorized access and breaches.
  5. DNS Protection: Secures against threats exploiting Domain Name System vulnerabilities.
  6. Encryption (TLS/SSL): Encrypts data in transit, ensuring secure communication over the internet.
  7. Threat Protection: Defends against exploits and malware, two critical and pervasive cyber threats.

SSE and Zero Trust Network Access

The Zero Trust model, predicated on the principle of “never trust, always verify,” aligns perfectly with SSE’s capabilities. Zero Trust Network Access (ZTNA) is a security solution that provides secure remote access to applications and services based on defined access control policies. SSE’s integration of Access Control, Authentication, Identity Management, along with its advanced threat protection and DLP capabilities, forms a strong foundation for implementing ZTNA.

By incorporating these elements, SSE facilitates a Zero Trust approach where access is strictly controlled and monitored based on user identity and context. This ensures that users have the necessary permissions and that their activities are continuously authenticated, authorized, and encrypted.

Conclusion

In conclusion, SSE is more than just a set of security tools; it represents a comprehensive approach that is crucial for adapting to the cloud-based, digitally transformed era. Its role in supporting Zero Trust Network Access further underscores its significance in today’s cybersecurity landscape. Understanding and effectively implementing SSE is key to maintaining robust and flexible security postures, especially as organizations navigate the complexities of modern digital environments and the challenges they pose. With its integration of essential security functionalities and support for Zero Trust principles, SSE is at the forefront of evolving cybersecurity strategies, ensuring organizations can confidently and securely operate in the cloud era.

CyberRatings.org Announces SD-WAN Test Results for Fortinet

Posted on by CyberRatings.org

Austin, TX – October 3, 2023 – CyberRatings.org/ (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has issued a Recommended Rating for Fortinet’s Software-Defined Wide Area Network (SD-WAN) Fortigate 100F model as a high availability pair at the head-end, along with Fortigate 70F models at corporate headquarters, a regional office, and a retail outlet. A product with the “Recommended” rating has the highest rating assigned by CyberRatings.

SD-WAN technology helps organizations achieve operational savings by enabling remote configuration of new locations rather than requiring engineers to be on site. Many vendors, such as Fortinet, offer zero-touch provisioning, where on site engineering expertise is optional other than the ability to power up the device and connect to the appropriate internal and external links. Once online, the device will call “home” through a cloud configuration service to gather the configuration details.

An SD-WAN offers traditional routing and policy control features including basic application identification, policy controls, stateful network controls and a virtual private network (VPN). It prioritizes applications, has remote configuration capabilities and should have a predictable performance experience for users. SD-WANs have highly resilient remote office connectivity.

To assess the SD-WAN, the traffic content, throughput, transport, and impairments were tailored for each use case to provide insight into how the SD-WAN would perform under various conditions. Management, routing and stateful access control, encryption, application identification and prioritization, WAN maximum capacity, stability and reliability, and rated throughput were all rigorously tested.

“The Fortinet SD-WAN handled all use cases with ease and proved to be highly reliable and capable. It should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

SD-WAN is a component of the Secure Access Service Edge (SASE) security model which integrates multiple security services in a cloud-native platform. The SD-WAN report published today by CyberRatings is part of the independent, third party testing program that CyberRatings provides to the industry at large.

In addition, CyberRatings and MEF, a global industry association of network, cloud, security and technology providers, signed an agreement in August to launch a new SASE Certification Program for MEF technology and service provider members worldwide. The SASE certification program, based upon CyberRatings’ methodologies and test programs, will issue a rating on product and service effectiveness of SD-WAN, Security Service Edge (SSE Threat Protection), Zero Trust Network Access (ZTNA) and SASE. Participants in the beta program were announced today.

CyberRatings members can read Fortinet’s SD-WAN report here.