Tag: Software-Defined Wide Area Network

CyberRatings.org Removes Paywall, Making All Cybersecurity Product Test Reports Free to Access

Posted on by CyberRatings.org

AUSTIN, Texas – November 4, 2025 — CyberRatings.org, the nonprofit member organization dedicated to promoting transparency and accountability in cybersecurity products, today announced a major step forward in its mission to empower organizations with trusted, independent data. All cybersecurity product test reports, previously available only through paid access, are now free to view and download on the CyberRatings.org website.

This initiative reflects CyberRatings’ unwavering commitment to transparency and its belief that informed decisions are the cornerstone of effective cybersecurity. By removing the paywall, CyberRatings ensures that enterprises, vendors, analysts, and the broader cybersecurity community can freely access vital data and insights.

“A rising tide lifts all boats,” said Vikram Phatak, CEO of CyberRatings.org. “By opening access to our reports, we’re inviting the global cybersecurity community to learn from our data, compare results, and collectively improve defenses.”

The decision reflects CyberRatings.org’s belief that greater transparency and access to independent data strengthen the entire cybersecurity community. Through rigorous evaluations of products and services—spanning enterprise, cloud, and small business firewalls; security service edge; software-defined wide area networks (SD-WAN); AI Protection; and more—CyberRatings delivers unbiased data that helps organizations understand real-world performance.

Since its inception, CyberRatings.org has worked to build trust through independence and openness. Earlier this year, the organization named NSS Labs as its official testing partner, reinforcing its dedication to credible, data-driven assessments that serve the public interest.

Visitors can now access all reports at cyberratings.org free of charge.

A New Independent RFP for SASE Buyers

Posted on by CyberRatings.org

Secure Access Service Edge (SASE) has emerged as a critical architecture for enterprises seeking to meet the challenges of modern perimeterless access, requiring them to seamlessly unify networking and security. However, purchasing a SASE solution can be one of the most high-impact yet complex decisions that IT teams face today. Effective SASE requires the integration of multiple underlying technologies to be successful: SD-WAN, Firewall-as-a-Service, Zero Trust, Secure Web Gateway, Cloud Access Security Brokers, Data Loss Prevention, and Sandboxing.

Properly evaluating a product or solution combining this much functionality and internal level of integration is daunting and resource intensive.

This SASE RFP is the brainchild of Matt Palmer, founder of Decision Insights, a new research platform designed for how enterprise IT buying works in today’s world. Their mission is to help IT buyers make informed decisions, faster.

Matt’s vision is similar to ours at CyberRatings. We help enterprises make better decisions through objective and rigorous testing and auditing of security technologies, products, and services. The SASE RFP includes an editorial on why independent testing matters and why many buyers are now relying on verified testing results based on evidentiary data before making their final product selection. The RFP also takes a deep technical dive to help teams understand how to verify functionality and security claims.

We’re delighted to be working with SDxCentral, Decision Insights and Keysight on this new SASE RFP framework. The evaluation kit is a downloadable RFP template from DecisionInsights.ai, built specifically for buyers and spun out of SDxCentral. The kit comes complete with a vendor response spreadsheet and step-by-step guides to help teams run a well-organized and well-documented evaluation process that covers the critical care-abouts in selecting a SASE offering.

To get started visit the Independent RFP for SASE Buyers at SDxCentral.

The CyberRatings Team

CyberRatings.org Announces Test Results for Fortinet Unified Secure Access Service Edge (FortiSASE)

Posted on by CyberRatings.org

Austin, TX – December 4, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Fortinet Unified Secure Access Service Edge (FortiSASE).

The FortiSASE was tested for Security Service Edge (SSE) Threat Protection, and measured on how it defended against 205 exploits, 7,140 wild malware samples and whether any of 1,124 evasions could bypass its protection. The product was also tested on how it handled TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Fortinet resisted 1,124 out of 1,124 evasions.

FortiSASE received a “AAA” rating after achieving a 98.53% Protection Rate for blocking 99.02% of Exploits, 99.50% of Malware and 100% of Evasions. TLS/SSL Functionality scored at 100%.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Fortinet’s ability to block attacks while permitting legitimate traffic, achieving 100% for browsing and 99.83% for file downloads.

FortiSASE also received a “AAA” rating for Zero Trust Network Access (ZTNA). Authentication & Identity were 100%, Resource Access achieved 100%, Routing & Policy Enforcement tested at 95% and TLS/SSL Functionality scored at 100%.

“Fortinet handled our variety of use cases with ease and demonstrated that they could block attacks under a wide range of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

CyberRatings is on track to test several other SSE vendors for Threat Protection along with Software-Defined Wide Area Network (SD-WAN), and Zero Trust Network Access (ZTNA) bringing together the Secure Access Service Edge (SASE) package of test results to be published in the coming months.

Keysight provided its CyPerf tool to test performance and TLS/SSL functionality. TeraPackets provided its Threat Replayer tool for exploit packet capture replay.

Versa Security Service Edge (SSE) and Versa Zero Trust Network Access (ZTNA) Earn “AAA” ratings in CyberRatings.org SSE and ZTNA Tests

Posted on by CyberRatings.org

Austin, TX – October 24, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Versa Security Service Edge (SSE) and Versa Zero Trust Network Access (ZTNA). Both products earned “AAA” ratings.

An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet. Versa’s SSE achieved an overall 99.96% Protection Rate for blocking 100% of Exploits, 99.96% of Malware and 100% of Evasions. The product was thoroughly tested to determine how it handled TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Versa resisted 1,124 out 1,124 evasions.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Versa’s ability to block attacks while permitting legitimate traffic achieving 99.72% for browsing and 99.2.0% for file downloads without any false positive events being encountered.

Versa’s ZTNA was tested to determine how it handled authentication and identity, managed resource access, processed routing and policy enforcement, and if it supported TLS/SSL 1.2 and 1.3 cipher suites. In all four cases, the ZTNA achieved 100%.

“Versa handled our variety of use cases with ease and demonstrated that they could block attacks under a wide range of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

CyberRatings is testing several other SSE and ZTNA vendors this year along with Software-Defined Wide Area Network (SD-WAN), bringing together the Secure Access Service Edge (SASE) package of test results to be published in the coming months.

Keysight provided its CyPerf tool to test performance, TLS/SSL functionality, stability and impairment. TeraPackets provided their Threat Replayer tool for packet capture replay.

The in-depth test reports are available at CyberRatings.org.

CyberRatings.org Announces Test Results for VMware VeloCloud SD-WAN by Broadcom

Posted on by CyberRatings.org

Austin, TX – October 22, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of VMware VeloCloud SD-WAN by Broadcom.

This is the third Software-Defined Wide Area Network (SD-WAN) test to be announced by CyberRatings this year. In August, CyberRatings published the SD-WAN test results for Forcepoint and Versa Networks.

SD-WAN technology helps organizations achieve operational savings by enabling remote configuration of new locations rather than requiring engineers to be onsite. Many vendors offer zero-touch provisioning (ZTP), where onsite engineering expertise is optional, other than the ability to connect a device to the appropriate internal and external links and power up the device. Once online, the device will call “home” to either headquarters or a cloud configuration service to download the operational configuration.

We tested five devices, a high availability pair at corporate headquarters and then three remote locations: 1) a regional office, 2) a remote branch office and 3) a retail storefront. Each use case was tested for traffic content, throughput, transport, and impairments to see how the SD-WAN performed. A “AAA” score was based on Management, Routing & Access Control, Stability & Reliability, and the Mean Opinion Score (MOS).

Maximum MOS scores for Voice Over IP (VoIP/audio) are 4.41 and 4.53 for video. The VMware VeloCloud SD-WAN solution achieved a 4.39 MOS score for audio and a 4.39 score for video.

“VMware’s SD-WAN is a full-featured solution that proved to be highly efficient,” said Vikram Phatak, CEO of CyberRatings.org. “Enterprises should have this product on their shortlist.”

Key Findings for VMware VeloCloud SD-WAN by Broadcom:

  • Management and Deployment: Effectively supported Zero Touch Provisioning (ZTP), facilitating remote configuration and deployment across multiple branches.
  • Routing and Policy Enforcement: Successfully enforced simple and complex network policies, including site-to-site VPNs and direct internet access, ensuring secure and efficient traffic routing.
  • Quality of Experience: Delivered mostly consistent MOS for audio and video, even when subjected to various WAN impairments such as packet loss, delay, and reordering.
  • Capacity and Performance: Handled traffic loads well and achieved high throughput with minimal latency.
  • Stability and Reliability: Maintained operational stability under extended adverse conditions and high traffic loads preserving state and ensuring the continued passage of traffic.

Keysight provided its CyPerf, BreakingPoint and Network Emulator tools to test performance, TLS functionality, stability and impairment.

The in-depth test report with scores for Management, Routing & Access Control, Stability & Reliability, and the Mean Opinion Score (MOS) are available at CyberRatings.org.

MEF: Leading Technology Providers Achieve First Milestone in SASE Certification Program

Posted on by CyberRatings.org

LOS ANGELES, Calif., August 28, 2024 – MEF, a global consortium of network, cloud, security, and technology providers accelerating enterprise digital transformation, today announced new certifications in the first module of its Secure Access Service Edge (SASE) products and services certification program. SD-WAN certification was achieved by Broadcom, Inc., Fortinet, and Versa. Palo Alto Networks is expected to achieve its SD-WAN certification shortly. Certified technology providers have received a rating on product effectiveness and will be listed in MEF’s registry of certified organizations. MEF’s SASE certification program is now generally available to technology and service provider members.

Enterprises worldwide have adopted SD-WAN to enable digital transformation, addressing changing workforce needs and cloud migration. SD-WAN offers improved application performance, centralized management, optimized connectivity, agility, security, cost, and other benefits. As a key component of SASE, SD-WAN has become increasingly integrated with cybersecurity solutions to protect distributed environments.

Read the full press release here.

CyberRatings.org Announces SD-WAN Test Results for Forcepoint and Versa Networks.

Posted on by CyberRatings.org

Austin, TX – August 26, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of two market-leading Software-Defined Wide Area Network (SD-WAN) products: Forcepoint FlexEdge Secure SD-WAN and Versa Networks Secure SD-WAN.

SD-WAN technology helps organizations achieve operational savings by enabling remote configuration of new locations rather than requiring engineers to be onsite. Many vendors offer zero-touch provisioning (ZTP), where onsite engineering expertise is optional, other than the ability to connect a device to the appropriate internal and external links and power up the device. Once online, the device will call “home” to either headquarters or a cloud configuration service to download the operational configuration.

The testing combination of devices consisted of a high availability pair at the head-end, corporate headquarters representing Branch 1, a regional office (Branch 2), and a retail outlet (Branch 3). Each use case was tested for traffic content, throughput, transport, and impairments to see how the SD-WAN performed. A “AAA” score was based on Management, Routing & Access Control, Stability & Reliability, and the Mean Opinion Score (MOS).

Maximum MOS scores for Voice Over IP (VoIP/audio) are 4.41 and 4.53 for video. Forcepoint achieved a 4.40 MOS score for audio and a 4.48 score for video. Versa’s MOS score for audio was 4.41 and 4.37 for video.

“These are mature, full-featured SD-WAN products that proved to be highly efficient,” said Vikram Phatak, CEO of CyberRatings.org. “Enterprises should have them on their shortlist.”

Key Findings for both the Forcepoint and Versa Networks products:

  • Management and Deployment: Effectively supported Zero Touch Provisioning (ZTP), facilitating remote configuration and deployment across multiple branches.
  • Routing and Policy Enforcement: Successfully enforced simple and complex network policies, including site-to-site VPNs and direct internet access, ensuring secure and efficient traffic routing.
  • Quality of Experience: Delivered consistent MOS for audio and video, even when subjected to various WAN impairments such as packet loss, delay, and reordering.
  • Capacity and Performance: Handled traffic loads well and achieved high throughput with minimal latency.
  • Stability and Reliability: Maintained operational stability under extended adverse conditions and high traffic loads preserving state and ensuring the continued passage of traffic.

Keysight provided its CyPerf, BreakingPoint and Network Emulator tools to test performance, TLS functionality, stability and impairment.

The in-depth Forcepoint and Versa Networks SD-WAN test reports with scores for Management, Routing & Access Control, Stability & Reliability, and the Mean Opinion Score (MOS) are available at CyberRatings.org.

Best Practices for Enterprise Firewall Deployment in 2024

Posted on by CyberRatings.org

As previously announced, the security industry is working towards a secure-by-default configuration.

This is still an ongoing process; however, we already see vendors making improvements from when we published the cloud network firewall group test. In that test, we found that not all products were secure by default. Therefore, we documented the changes we made and published them. We are doing the same for this group test.

Last year, the Cybersecurity & Infrastructure Security Agency (CISA), along with ten U.S. and international partners, published guidelines for their “Secure by Design, Secure by Default” principle. In their April 2023 publication, they stated the following:

“Secure-by-Default” means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure-by-Default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls.

This guide should complement what the vendors already provide to their customers. Please refer to the links below for the best practices and guides for each vendor we tested. We have also included extra information for one vendor: Cisco.

The following steps were taken for each firewall:

  • Deploy the firewall in our lab in Austin, Texas (we are using Fortinet for this example).
  • Connect the interfaces required for the topology. This information can be found in each vendor guide.
  • Register the device to the centralized management system where needed. For our test, we only used centralized management for Cisco and Versa Networks. For Cisco, it is required to get some functionality working; more on this below. For Versa Networks, it’s both recommended and needed from a licensing perspective. This is information that is found in each vendor guide.
  • Validation of licenses, which, in turn, enable software updates, threat updates, etc. This information is found in each vendor guide.
  • Define access policies:
    • Trust to untrust
    • Untrust to trust
  • Define IPS policies:
    • Enable threat signatures, advanced protection, cloud lookup, etc. Each product handles this differently, but this information is in their guides.
  • Upload the required server certs, keys, and CA certs if necessary. This information is available in each vendor guide.
  • Define TLS decryption policies for versions 1.2 and 1.3. Configure them to decrypt all traffic. We make a few exceptions to test if the product can bypass decryption based on specific IP addresses or domain names. If something cannot be decrypted or is using an older TLS/SSL version or an insecure cipher, then the product is set to block.
  • Link IPS and TLS policies to the overall access policy.
  • Validate configuration:
    • Make sure you can pass traffic.
    • Make sure you can block attacks by sending something malicious. Tune out false positives where possible. If we couldn’t do so without disabling security or if it was practically impossible, we listed the false positive rate in the test report. Please refer to individual test reports for more details.

For each firewall listed below, we have included a link to best practices and additional information.

Firewalls Tested:

 

Check Point Quantum Force 19200 plus

https://www.checkpoint.com/downloads/products/quantum-force-19200-datasheet.pdf

Firmware: R81.20 Jumbo Hotfix Take 45
IPS Version: 635242922
Configuration: 2 x 40G – 1 port-pairs

Follow their instructions; the product doesn’t require any special configuration.

Documentation: https://support.checkpoint.com

 

Cisco Firepower 2130

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

Firmware: Threat Defense v7.3.1 (build 19)
IPS Version: 384
Configuration: 4 x 10G – 2 port-pairs

Follow their instructions; the product requires special configuration; see below.

Documentation: https://www.cisco.com/c/en/us/support/security/firepower-ngfw/products-installation-and-configuration-guides-list.html

We also registered the Cisco Secure Firewall Threat Defense into the Cisco Secure Firewall Management Center (FMC). We enabled TLS 1.2 and 1.3 following Cisco’s instructions. This included updating from Snort v2 to Snort v3, which is required to enable TLS 1.3—as per Cisco: “You must be using Snort 3 to match TLS 1.3 connections.” See https://www.cisco.com/c/en/us/td/docs/security/firepower/730/fdm/fptd-fdm-config-guide-730/fptd-fdm-ssl-decryption.html for more details. This link also provides information about how to make TLS 1.2 and TLS 1.3 work, while also blocking other SSL/TLS version.

Note: Cisco does not support the CHACHA20 cipher suites despite claiming otherwise.

The following screenshot shows the instructions required for achieving our test’s use case.

 

Forcepoint 3410 NGFW

https://www.forcepoint.com/sites/default/files/resources/datasheets/datasheet-forcepoint-ngfw-3400-series-appliance-en_0.pdf

Firmware: 7.1.1 build 29059
IPS Version: 1707
Configuration: 2 x 40G – 1 port-pairs

Follow their instructions; the product doesn’t require any special configuration.

Note: From version 7.1, Forcepoint Next Generation Firewall is rebranded to Forcepoint FlexEdge Secure SD-WAN.

Documentation: https://support.forcepoint.com/s/article/FlexEdge-Secure-SD-WAN

 

Fortinet FortiGate-900G

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-900g-series.pdf

Firmware: v7.4.4 GA
IPS Version: 27.00783
Configuration: 4 x 10G – 2 port-pairs

Follow their instructions; the product doesn’t require any special configuration.

Documentation: https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/954635/getting-started

 

Juniper Networks SRX4600

https://www.juniper.net/us/en/products/security/srx-series/srx4600-firewall-datasheet.html

Firmware: JUNOS 22.4X3.1 srx4600
IPS Version: 3701
Configuration: 2 x 40G – 2 port-pairs

Follow their instructions; the product doesn’t require any special configuration.

Documentation: https://www.juniper.net/documentation/product/us/en/srx4600/junos-os/

 

Palo Alto Networks PA-450

https://docs.paloaltonetworks.com/hardware/pa-400-hardware-reference/pa-400-firewall-specifications

Firmware: 11.1.1
IPS Version: Threat Version: 2024-05-14 (8849-8746)

AntiVirus Version: 2024-05-14 (4818-5336)
Configuration: 4 x 1G – 2 port-pairs

Follow their instructions; the product doesn’t require any special configuration.

Evasion defenses are now enabled by default, using their latest update. To verify this is the case, please follow the instructions below.

Documentation: https://docs.paloaltonetworks.com/best-practices

Next, you will have to follow the detailed instructions as documented by Palo Alto Networks: https://docs.paloaltonetworks.com/advanced-threat-prevention/administration/threat-prevention/best-practices-for-securing-your-network-from-layer-4-and-layer-7-evasions

After following those instructions, issue the commands in the command line interface (CLI).

To do this:

  • You will have to enable SSH on the device.
  • Then, log in to the device with your admin credentials.
  • Then, run the following commands:

Set system setting ctd block-on-base64-decode-error enable
set system setting ctd block-on-bdat-chunk-decode-error enable
set system setting ctd block-on-chunk-decode-error enable
set system setting ctd block-on-qp-decode-error enable
set system setting ctd block-on-utf-decode-error enable
set system setting ctd block-on-uu-decode-error enable
set system setting ctd block-on-zip-decode-error enable

set deviceconfig setting session resource-limit-behavior bypass

 

Sangfor NGAF 5300

https://www.sangfor.com/sites/default/files/2022-06/NGAF_DS_P_NGAF53-Datasheet_20220531.pdf

Firmware AF 8.0.85.1029 Build 20240423
IPS Version 2024-04-23 (Vulnerability Database)
Configuration 2 x 10G – 1 port-pairs

Follow their instructions; the product doesn’t require any special configuration.

Documentation: https://community.sangfor.com/plugin.php?id=sangfor_databases%3Aindex#?Product=NGAF&Document=Configuration%20Guide&Language=English

 

Versa Networks CSG5000

https://versa-networks.com/documents/datasheets/versa-csg5000-series.pdf

Firmware versa-flexvnf-20240405-041659-5186a33-22.1.4-B
IPS Version 6446
Configuration 5 x 10G – 5 port-pairs (limited to 40G)

Follow their instructions; the product doesn’t require any special configuration.

Documentation: https://academy.versa-networks.com/versa-academy-library/

Documentation: https://docs.versa-networks.com

Zscaler Zero Trust Exchange Earns “AAA” Rating in CyberRatings.org Security Service Edge Threat Protection Test.

Posted on by CyberRatings.org

Austin, TX – June 11, 2024 – cyberratings.org/ (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Zscaler’s Zero Trust Exchange Security Service Edge (SSE). An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet. Zscaler received a “AAA” rating for Security Service Edge after achieving a 98.0% Protection Rate for blocking 98.05% of Exploits, 99.93% of Malware and 100% of Evasions.

The product was subjected to thorough testing using both clear text and encrypted traffic to provide a more realistic rating based on modern network traffic. Zscaler’s Zero Trust Exchange was measured against how it defended against 205 exploits, 7,140 malware samples and whether any of 1,124 evasions could bypass its protection using clear text and TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Zscaler resisted 1,124 out 1,124 evasions.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Zscaler’s ability to block attacks while permitting legitimate traffic achieving 99.86% for browsing and 96.85% for file downloads.

“Zscaler handled all use cases with ease and demonstrated that they could block attacks under a wide variety of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of cyberratings.org/.

CyberRatings is on track to test several other SSE vendors this year for Threat Protection along with Software-Defined Wide Area Network (SD-WAN), and Zero Trust Network Access (ZTNA) bringing together the Secure Access Service Edge (SASE) package of test results later in the year.

Exploring the Landscape of Cloud Network Firewalls Available on AWS

Posted on by CyberRatings.org

Today we focus on the diverse array of Cloud Network Firewalls available on Amazon Web Services (AWS). This comprehensive overview aims to inform IT professionals, network administrators, security analysts, and cybersecurity enthusiasts about the various firewall options on AWS, beyond just AWS’s native offerings.

Cloud Network Firewalls on AWS: A Broad Spectrum

AWS hosts a range of third-party cloud network firewalls, each offering unique features and capabilities tailored to different organizational needs. Here’s a rundown of some key players:

  1. Arista Networks Cloud Network Firewall
    Arista Networks provides a cloud network firewall offering for AWS environments, with a focus on traffic management and security. Its features include firewall capabilities, detailed traffic inspection, and policy enforcement tools. The offering is designed for compatibility with complex network architectures, providing various deployment options to meet diverse cloud security requirements.
  2. Barracuda CloudGen Firewall
    The Barracuda CloudGen Firewall, designed for AWS, offers security for cloud-connected networks. Its features encompass threat protection, VPN connectivity, and application-based traffic management. The firewall is developed to adapt to the evolving requirements of cloud infrastructures and includes centralized management for administration across distributed network setups.
  3. Check Point CloudGuard
    Check Point CloudGuard is a network security offering for AWS, including features like intrusion prevention, identity awareness, and anti-bot technology. It is designed for AWS service integration, aiming to protect cloud assets. CloudGuard supports auto-scaling to adapt its security measures in response to network traffic variations. This offering is intended for cloud environments, providing capabilities for managing security policies and handling network traffic.
  4. Cisco Cloud Network Firewall
    Known for its firepower series and ASA (Adaptive Security Appliances), Cisco offers a cloud network firewall tailored for AWS environments, equipped with features to manage network traffic and enforce security policies. This offering includes capabilities for inspecting and controlling traffic flow, as well as implementing security rules across cloud deployments. Designed to integrate with AWS, Cisco’s firewall aims to provide network security management suited to various cloud infrastructure requirements.
  5. Forcepoint Cloud Network Firewall
    Forcepoint’s cloud network firewall for AWS offers capabilities like SD-WAN integration and centralized management to safeguard network perimeters in cloud environments. The Forcepoint offering is structured to provide security management for cloud-based networks. It incorporates features for monitoring network activities and implementing security protocols to address potential threats.
  6. Fortinet FortiGate-VM: The Fortinet FortiGate-VM is a virtual firewall solution tailored for AWS environments, providing a range of network security capabilities. It offers features such as intrusion prevention, web filtering, and SSL inspection, aimed at safeguarding virtualized and cloud infrastructures. Key aspects include its ability to scale dynamically with AWS workloads, integration with AWS services for enhanced management and monitoring, and support for centralized control through Fortinet’s FortiManager. FortiGate-VM is designed to address various security requirements for AWS deployments, from basic VPC protection to advanced threat prevention, catering to diverse network architectures and compliance needs. As with any cloud network firewall solution, its effectiveness and suitability can vary based on specific organizational requirements and network configurations.
  7. Hillstone Networks: Focused on visibility and control, Hillstone offers advanced features for threat detection and mitigation. The offering includes capabilities for inspecting network activities and enforcing relevant security measures. Hillstone’s firewall is developed to support the security needs of cloud deployments, providing functionalities that facilitate the management of network traffic and the implementation of security policies in cloud environments.
  8. Juniper Networks vSRX Cloud Network Firewall
    Juniper Networks offers the vSRX Cloud Network Firewall for AWS, providing network traffic management and policy enforcement. This firewall includes features for monitoring network activities and implementing security protocols. The vSRX offering is designed for AWS environments, aiming to address various network security management needs in cloud infrastructures.
  9. Palo Alto Networks VM-Series
    The VM-Series from Palo Alto Networks is a cloud network firewall available on AWS, focusing on network traffic security and policy management. It offers features for inspecting network traffic and applying security rules. The VM-Series is developed to integrate with AWS, providing network security capabilities for different cloud deployment scenarios.
  10. Sophos UTM and XG Firewalls
    Sophos offers the UTM and XG Firewalls for AWS environments, delivering features to manage network security and traffic. These firewalls include tools for network activity monitoring and security protocol enforcement. Both the UTM and XG Firewalls by Sophos are structured to support security management in cloud-based networks, with functionalities aimed at maintaining network integrity and implementing necessary security measures.
  11. Versa Networks Cloud Network Firewall
    Versa Networks specializes in next-generation firewall capabilities integrated with SD-WAN, suitable for enterprises looking for a combination of security and network optimization. Its cloud network firewall solution for AWS is equipped to handle network security and traffic control. Versa Networks’ firewall is tailored for AWS cloud environments, focusing on meeting diverse network security management requirements in cloud infrastructures.

Choosing the Right Cloud Network Firewall on AWS

Selecting the right cloud network firewall on AWS depends on specific security requirements, scalability needs, and integration capabilities. Factors to consider include:

  • Security Features: Assess the firewall’s capability to protect against the specific threats your organization faces.
  • Performance and Scalability: Ensure the firewall can handle your current and projected traffic volumes without compromising performance.
  • Integration with AWS Services: Look for firewalls that offer seamless integration with other AWS services for streamlined security management.
  • Cost: Consider both upfront and ongoing costs associated with each firewall solution.

Conclusion

The choice of a cloud network firewall on AWS should be guided by your organization’s unique security, performance, and budgetary requirements. Each of the mentioned firewalls brings distinct advantages and specialties to the table, catering to a wide range of cloud-based security needs.

Stay tuned for our Cloud Network Firewall test results coming in March.