Tag: Zero Trust

CyberRatings.org Announces Test Results for Zscaler Zero Trust Exchange

Posted on by CyberRatings.org

Austin, TX – June 2, 2025 – CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing insight into the capabilities of cybersecurity products and services through independent testing, has released additional results from its Security Service Edge (SSE) and Zero Trust Network Access (ZTNA) testing. This latest test focused on another leading product: Zscaler Zero Trust Exchange (ZTE).

Zscaler achieved a Security Effectiveness score of 100%, successfully blocking 100% of exploits, malware and evasions in the SSE test. The test report provides details on product performance across multiple threat categories, with scoring weighted by attack severity. The SSE evaluation covered:

  • TLS/SSL: Top 5 Ciphers used (accounts for ~97% of HTTPS traffic).
  • Malware: 6,184 attack samples sourced from current malware campaigns.
  • Exploits: 205 attack samples from widely exploited vulnerabilities in enterprise environments.
  • Evasions: 1,154 attacks spanning 37 evasion techniques.
  • False Positives: 1,514 samples from various business-critical files and applications, ensuring security measures did not disrupt legitimate traffic.

The ZTNA results confirmed that Zscaler demonstrated strong capabilities by effectively enforcing policies and managing access according to predefined rules, policies, and user roles, achieving 100% in all categories tested. The ZTNA test covered:

  • Authentication & Identity
  • Routing & Access Control
  • Resource Access (Zero Trust Network Access capabilities)
  • TLS/SSL Support

Of the SSE test criteria, meeting the threshold of blocking evasions had the most impact on scores.  Evasion techniques are used by attackers to disguise or obfuscate attacks so that they bypass detection. SSE products must not be tricked by evasions—failure exposes organizations to entire classes of undetected threats. Zscaler scored 100% in blocking all 1,154 evasion attempts.

Security Service Edge is a complex multi-layered security technology built on top of complex, ever-changing cloud technologies. Customers have minimal visibility into their operation and architecture, and testing is challenging. This double-layered opacity limits an organization’s ability to diagnose performance issues, fine-tune policy enforcement, or validate security outcomes.

“The only way to know if an SSE offering works properly is to test it,” said Vikram Phatak, CEO of CyberRatings.org. Our test determined that Zscaler provides exceptional security effectiveness and strong coverage across a wide variety of threat categories.”

CyberRatings is on track to test several other SSE vendors for Threat Protection along with a Comparative Report to be published this summer.

In addition to in-house testing technologies, CyberRatings used Keysight’s CyPerf tool to test performance and TLS/SSL functionality as well as TeraPackets Threat Replayer tool for exploit packet capture replay.

Zscaler Zero Trust Exchange Earns “AAA” Rating in CyberRatings.org Security Service Edge Threat Protection Test.

Posted on by CyberRatings.org

Austin, TX – June 11, 2024 – cyberratings.org/ (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Zscaler’s Zero Trust Exchange Security Service Edge (SSE). An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet. Zscaler received a “AAA” rating for Security Service Edge after achieving a 98.0% Protection Rate for blocking 98.05% of Exploits, 99.93% of Malware and 100% of Evasions.

The product was subjected to thorough testing using both clear text and encrypted traffic to provide a more realistic rating based on modern network traffic. Zscaler’s Zero Trust Exchange was measured against how it defended against 205 exploits, 7,140 malware samples and whether any of 1,124 evasions could bypass its protection using clear text and TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Zscaler resisted 1,124 out 1,124 evasions.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Zscaler’s ability to block attacks while permitting legitimate traffic achieving 99.86% for browsing and 96.85% for file downloads.

“Zscaler handled all use cases with ease and demonstrated that they could block attacks under a wide variety of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of cyberratings.org/.

CyberRatings is on track to test several other SSE vendors this year for Threat Protection along with Software-Defined Wide Area Network (SD-WAN), and Zero Trust Network Access (ZTNA) bringing together the Secure Access Service Edge (SASE) package of test results later in the year.

What is Security Service Edge (SSE)?

Posted on by CyberRatings.org

In the ever-evolving cybersecurity landscape, Security Service Edge (SSE) has emerged as a pivotal component, especially in the context of Zero Trust architectures. Let’s dive into what SSE is, understand why it’s increasingly relevant in today’s cloud-centric world, and its integral role in supporting Zero Trust Network Access (ZTNA).

SSE in the Cloud Era

The shift from traditional, on-premises security models to cloud-based solutions has been a significant evolutionary step in cybersecurity. Driven by the increasing reliance on cloud services, remote workforces, and the strategic shift to cost-effective operations, this transition necessitates a more flexible and comprehensive approach to security.

Technical Overview of SSE

SSE, as part of the Secure Access Service Edge (SASE) framework, offers an array of security functions vital for cloud environments:

  1. Access Control: Manages who can access network resources, ensuring that only authorized users and devices gain entry.
  2. Authentication: Verifies user and device identities, serving as a gatekeeper for accessing network resources.
  3. Identity Management: Integrates with third-party services like Okta, Ping, and Microsoft AD, managing user identities and permissions.
  4. Data Loss Prevention (DLP): Protects sensitive data from unauthorized access and breaches.
  5. DNS Protection: Secures against threats exploiting Domain Name System vulnerabilities.
  6. Encryption (TLS/SSL): Encrypts data in transit, ensuring secure communication over the internet.
  7. Threat Protection: Defends against exploits and malware, two critical and pervasive cyber threats.

SSE and Zero Trust Network Access

The Zero Trust model, predicated on the principle of “never trust, always verify,” aligns perfectly with SSE’s capabilities. Zero Trust Network Access (ZTNA) is a security solution that provides secure remote access to applications and services based on defined access control policies. SSE’s integration of Access Control, Authentication, Identity Management, along with its advanced threat protection and DLP capabilities, forms a strong foundation for implementing ZTNA.

By incorporating these elements, SSE facilitates a Zero Trust approach where access is strictly controlled and monitored based on user identity and context. This ensures that users have the necessary permissions and that their activities are continuously authenticated, authorized, and encrypted.

Conclusion

In conclusion, SSE is more than just a set of security tools; it represents a comprehensive approach that is crucial for adapting to the cloud-based, digitally transformed era. Its role in supporting Zero Trust Network Access further underscores its significance in today’s cybersecurity landscape. Understanding and effectively implementing SSE is key to maintaining robust and flexible security postures, especially as organizations navigate the complexities of modern digital environments and the challenges they pose. With its integration of essential security functionalities and support for Zero Trust principles, SSE is at the forefront of evolving cybersecurity strategies, ensuring organizations can confidently and securely operate in the cloud era.

CyberRatings.org Announces Zero Trust Network Access (ZTNA) Test Results for Versa Networks

Posted on by CyberRatings.org

Austin, TX – August 09, 2023 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has issued a Recommended Rating for Versa Networks Zero Trust Network Access (ZTNA) solution.

CyberRatings tested Versa’s ZTNA across multiple use cases to determine how it handled authentication and identity, resource access, routing, policy enforcement, and TLS/SSL 1.2 and 1.3 cipher suites. Both clear text and encrypted traffic were measured for performance. For this test, CyberRatings tested up to 1 Gbps.

Zero Trust is a security model that replaces legacy models that assumes anything inside a network is safe. Trust should never be assumed, and access is granted on a least-privileged basis.

ZTNA offerings help IT teams implement Zero Trust principles. They are based on a user-to-application model and provide secure granular access to internal applications and resources for remote users and devices based on identity, context, and policy. As a result, ZTNA is gaining popularity as a solution that can protect networks from today’s threats, especially as multi-cloud use and remote work continue to decentralize IT infrastructure and dissolve the traditional network perimeter.

ZTNA is a component of the Secure Access Service Edge (SASE) security model, which integrates multiple security services in a cloud-native platform.

“Versa’s ZTNA handled all use cases with ease and proved to be highly consistent and reliable. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

CyberRatings is kicking off a series of ZTNA tests and certifications. A recent announcement from CyberRatings and MEF, a global industry association of network, cloud, security and technology providers accelerating enterprise digital transformation, outlined a new Secure Access Service Edge (SASE) Certification Program for MEF technology and service provider members worldwide.  The Beta program will begin in August with testing and certification of SD-WAN, followed by SSE Threat Protection and ZTNA.  Once the Beta program is completed later this year, certification will be available to the MEF membership at large in Q1 2024.

CyberRatings members can read the report here.

Executives from CyberRatings are attending the Black Hat conference in Las Vegas. To connect, please write to [email protected].