Tag: Versa Networks

MEF and CyberRatings Kick-Off Beta Program of the SASE Certification Designed to Increase Market Confidence in Cybersecurity Solutions

Posted on by CyberRatings.org

Dallas, Texas, 3 October 2023 – MEF, a global industry association of network, cloud, security, and technology providers accelerating enterprise digital transformation, and CyberRatings.org (CyberRatings), dedicated to providing confidence in cybersecurity products and services through its research and testing programs, today announced the kick-off of its beta program for certification of Secure Access Service Edge (SASE) products and services. Participants in the beta program include MEF Technology Advisory Board (TAB) member companies Cisco, Fortinet, Juniper Networks, Palo Alto Networks, Versa Networks, and VMware. The SASE certification program is supported by MEF’s Board of Directors which includes senior executives from AT&T Business, Colt Technology Services, Comcast Business, Liberty Latin America, Lumen, Microsoft, PCCW Global, Orange, Sparkle and Verizon Business.

Read the full press release here.

CyberRatings.org Announces Zero Trust Network Access (ZTNA) Test Results for Versa Networks

Posted on by CyberRatings.org

Austin, TX – August 09, 2023 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has issued a Recommended Rating for Versa Networks Zero Trust Network Access (ZTNA) solution.

CyberRatings tested Versa’s ZTNA across multiple use cases to determine how it handled authentication and identity, resource access, routing, policy enforcement, and TLS/SSL 1.2 and 1.3 cipher suites. Both clear text and encrypted traffic were measured for performance. For this test, CyberRatings tested up to 1 Gbps.

Zero Trust is a security model that replaces legacy models that assumes anything inside a network is safe. Trust should never be assumed, and access is granted on a least-privileged basis.

ZTNA offerings help IT teams implement Zero Trust principles. They are based on a user-to-application model and provide secure granular access to internal applications and resources for remote users and devices based on identity, context, and policy. As a result, ZTNA is gaining popularity as a solution that can protect networks from today’s threats, especially as multi-cloud use and remote work continue to decentralize IT infrastructure and dissolve the traditional network perimeter.

ZTNA is a component of the Secure Access Service Edge (SASE) security model, which integrates multiple security services in a cloud-native platform.

“Versa’s ZTNA handled all use cases with ease and proved to be highly consistent and reliable. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

CyberRatings is kicking off a series of ZTNA tests and certifications. A recent announcement from CyberRatings and MEF, a global industry association of network, cloud, security and technology providers accelerating enterprise digital transformation, outlined a new Secure Access Service Edge (SASE) Certification Program for MEF technology and service provider members worldwide.  The Beta program will begin in August with testing and certification of SD-WAN, followed by SSE Threat Protection and ZTNA.  Once the Beta program is completed later this year, certification will be available to the MEF membership at large in Q1 2024.

CyberRatings members can read the report here.

Executives from CyberRatings are attending the Black Hat conference in Las Vegas. To connect, please write to info@cyberratings.org.

Enterprise Firewall Comparative Test Results Show That Encryption and Evasions Matter

Posted on by CyberRatings.org

AUSTIN, Texas – RSAC 2023 – April 25, 2023 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of eight market leading security vendors in its Enterprise Firewall comparative evaluation. Six products received Recommended ratings with high security effectiveness scores ranging from 94.05% to 99.94%.

Security Effectiveness tests measured how well the enterprise firewall controlled network access/applications and prevented exploits/evasions, all while remaining resistant to false positives. Products were subjected to thorough testing to determine their support for TLS/SSL 1.2 and 1.3 cipher suites, how they defended against 1,724 exploits, whether protection could be bypassed by any of 1,482 evasions, and if the devices would remain stable under adverse conditions.

Performance was measured using both clear text and encrypted traffic in order to provide more realistic ratings that are based on modern network traffic. Performance was measured with security enabled, and security effectiveness was measured while under moderate performance load. This was to ensure vendors did not take security shortcuts to improve performance nor enable overly aggressive security protections that would adversely impact performance. Connection rates and throughput of TLS 1.2 and TLS 1.3 encrypted traffic were significantly lower. Average connection rates of encrypted traffic were between 65% to 86.5% lower than unencrypted traffic.

Evasions were measured by taking several previously blocked attacks and then applying evasion techniques to those baseline samples. This ensured that any misses were due to the evasions, not the baseline samples. Several vendors missed evasions, with one vendor missing 72 evasions.

Key Findings:

  • Encryption matters: Roughly 80% of web traffic is encrypted. The top four cipher suites account for over 95% of HTTPS traffic.
    • Decryption is not on by default: Firewalls will not see attacks delivered via HTTPS unless configured to do so.
    • There is a performance cost when TLS/SSL is turned on. Sometimes performance is significantly different.
  • When a “known good” exploit is blocked by a firewall, applying an evasion technique to that exploit is often easier for an attacker than finding a new exploit that isn’t blocked by that firewall.
    • Many firewall evasion defenses are not on by default, potentially leaving customers at significant risk.
    • Most enterprises are not testing for evasions.
    • Some products have concerning gaps when it comes to evasions.
  • At times, CyberRatings found multiple signatures/rules for the same CVE, with some more effective than others.
    • Attempts to provide rapid coverage for vulnerabilities that are not fully understood can result in multiple exploit-specific signatures that may be inaccurate, ineffective, or prone to false positives.
    • A single poorly written signature/rule can significantly impact performance.

“Firewalls are the keystone of most network security programs,” said Vikram Phatak, CEO of CyberRatings.org. “It is concerning that some market share leaders are falling behind. CISOs should put pressure on those vendors to improve and look at alternatives in case they don’t.”

The following products were evaluated:

  • Check Point Quantum QLS250 Lightspeed R81.20
  • Cisco Firepower 2130 v7.3.1-19
  • Forcepoint 2205 NGFW version 7.0.1.28052
  • Fortinet FortiGate 600F v6.4.12 build5431 (GA)
  • Juniper Networks SRX4600 22.3R1.12
  • Palo Alto Networks PA-3220 v10.2.3
  • Sangfor NGAF 5300 AF8.0.47.1004
  • Versa Networks CSG5000 versa-flexvnf-22.1.1-B

CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall

Posted on by CyberRatings.org

AUSTIN, Texas – December 1, 2022 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has completed an independent test of eight market leading security vendors in its first-ever Cloud Network Firewall comparative evaluation. Forcepoint, Fortinet and Juniper’s test reports were published earlier in the year, all with ‘AAA’ ratings. In this latest release of test reports, Check Point and Versa Networks received a ‘AAA’ rating. Palo Alto Networks received an ‘AA,’ Sophos an ‘A,’ and Cisco ‘CC.’

The test covered capabilities considered essential in a firewall including basic routing, access control, SSL / TLS decryption, threat prevention (exploits), evasion, performance, stability and reliability, and management. Amazon Web Services (AWS) was the public cloud service chosen to run the test. Ratings were calculated using a scale from 0 to 800.

Key Findings include:

  • Cloud services assume a shared security model, where cloud providers are responsible for the infrastructure and customers are responsible for securing the applications running on the infrastructure.
  • Roughly 80% of web traffic is encrypted and firewall decryption is not on by default: Firewalls will not see/block attacks delivered via (encrypted) HTTPS unless configured to do so.
  • Security vendors are used to controlling the platform on which their products are installed. In the cloud, they do not have that control; vendors are learning how to operate under these new conditions and there will be challenges.
  • Supply Chain attacks are on the rise. Using the cloud means relying on third parties to maintain software supply chain integrity. APIs, code reuse, open-source libraries, not maintained code, and other shared resources introduce unknown risks.

Security effectiveness scores ranged from 27% to 100%. The security effectiveness tests verified how effectively the firewall protected control network access, applications, and users while preventing threats (exploits and evasions), blocking malicious traffic while under extended load, and remaining resistant to false positives. Exploit block rates ranged from 88.3% to 100%. All products achieved 100% for resistance to evasion techniques.

“Security is your problem, not Amazon’s,” said Vikram Phatak, CEO of CyberRatings.org. “If you are migrating your data center to the cloud, create a plan for securing it,” Phatak added. “And if you needed a firewall for your data center, you probably need one for your cloud deployment.”

There are different ways consumers can purchase security products for the cloud. The individual test reports reflect the bring-your-own-license model while the comparative report illustrates the pay-as-you-go pricing. Both pricing models provide consumers with options to compare pricing on items important to their own organizations.