Tag: Zscaler

SDxCentral: SSE protection found uneven across major vendors

Posted on by CyberRatings.org

Researchers reported major disparity in security effectiveness of security service edge (SSE) protection across major vendors.

Non-profit cyberratings.org/ (CyberRatings) found security effectiveness ranged from less than 3% to 100% in its testing of vendor products, with only Fortinet, Palo Alto Networks, Versa Networks, and Zscaler earning a “recommended” rating.

In contrast, SSE products from Cisco, Cloudflare, and Skyhigh were tagged with a “caution” label, indicating “below-average” security effectiveness with the recommendation that end users “should consider seeking other solutions.” The ratings were put down due to “failures in critical tests.”

Read the full article here.

CyberRatings.org Test Results Reveal Critical Failures in SSE

Posted on by CyberRatings.org

Austin, TX – July 16, 2025 – CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing insight into the capabilities of cybersecurity products and services through independent testing, today announced the comparative results of its latest Security Service Edge (SSE) evaluation. The findings expose a striking disparity in product performance: Security Effectiveness ranged from 2.95% to 100%, underscoring just how uneven SSE protection remains across vendors.

Only Fortinet, Palo Alto Networks, Versa Networks, and Zscaler earned a Recommended rating, while products from Cisco, Cloudflare, and Skyhigh were rated Caution due to failures in critical tests.

Despite meeting our inclusion criteria and high market interest, we were unable to include Cato Networks and Netskope in this test. Netskope’s high entry level licensing cost and their lack of responsiveness to our inquiries to purchase their product rendered it inaccessible. Cato was explicit in their refusal to engage with us or allow us to procure licensing for any form of independent third-party validation.

“With cloud-delivered products rapidly evolving through continuous integration and deployment, customers have little visibility into what changes under the hood,” said Vikram Phatak, CEO of CyberRatings.org. “Only by conducting regular independent testing can enterprises ensure they’re not left vulnerable to silent failures that could go unnoticed for months.”

Of all the SSE test criteria, blocking evasions had the most impact on security effectiveness. Evasion techniques are used by threat actors to disguise or modify attacks, so they slip past defenses. While most products excelled at blocking known malware and exploits, three failed to stop evasions — exposing organizations to entire classes of undetected attacks.

These independent tests uniquely stress real-world evasion techniques that standard evaluations often overlook — the techniques cybercriminals rely on to bypass security measures.

The SSE evaluation was designed to reflect modern, adversarial conditions and covered:

  • Malware: 6,184 malware samples in active use by global threat actors.
  • Exploits: 205 exploits of known vulnerabilities.
  • Evasions: 1,154 evasions spanning 37 categories of techniques.
  • False Positives: 1,514 legitimate files and applications, verifying security measures do not impact users and operations.
  • TLS/SSL: Encrypted attacks using cipher suites that represent ~97% of real-world HTTPS traffic.

Security Service Edge is inherently complex — a multi-layered technology stacked atop ever-changing cloud environments. Customers typically have minimal visibility into how these systems operate and testing them independently is challenging. This double-layered opacity makes third-party validation essential to diagnose performance issues, fine-tune policy enforcement, and ensure real security outcomes. CyberRatings strongly urges organizations to adopt periodic or ongoing third-party testing to ensure consistent protection and compliance.

NSS Labs is the Official Testing Partner of CyberRatings. Keysight’s CyPerf tool was used for performance and TLS/SSL functionality, and TeraPackets Threat Replayer tool was used for exploit replay validation.

CyberRatings.org Announces Test Results for Zscaler Zero Trust Exchange

Posted on by CyberRatings.org

Austin, TX – June 2, 2025 – CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing insight into the capabilities of cybersecurity products and services through independent testing, has released additional results from its Security Service Edge (SSE) and Zero Trust Network Access (ZTNA) testing. This latest test focused on another leading product: Zscaler Zero Trust Exchange (ZTE).

Zscaler achieved a Security Effectiveness score of 100%, successfully blocking 100% of exploits, malware and evasions in the SSE test. The test report provides details on product performance across multiple threat categories, with scoring weighted by attack severity. The SSE evaluation covered:

  • TLS/SSL: Top 5 Ciphers used (accounts for ~97% of HTTPS traffic).
  • Malware: 6,184 attack samples sourced from current malware campaigns.
  • Exploits: 205 attack samples from widely exploited vulnerabilities in enterprise environments.
  • Evasions: 1,154 attacks spanning 37 evasion techniques.
  • False Positives: 1,514 samples from various business-critical files and applications, ensuring security measures did not disrupt legitimate traffic.

The ZTNA results confirmed that Zscaler demonstrated strong capabilities by effectively enforcing policies and managing access according to predefined rules, policies, and user roles, achieving 100% in all categories tested. The ZTNA test covered:

  • Authentication & Identity
  • Routing & Access Control
  • Resource Access (Zero Trust Network Access capabilities)
  • TLS/SSL Support

Of the SSE test criteria, meeting the threshold of blocking evasions had the most impact on scores.  Evasion techniques are used by attackers to disguise or obfuscate attacks so that they bypass detection. SSE products must not be tricked by evasions—failure exposes organizations to entire classes of undetected threats. Zscaler scored 100% in blocking all 1,154 evasion attempts.

Security Service Edge is a complex multi-layered security technology built on top of complex, ever-changing cloud technologies. Customers have minimal visibility into their operation and architecture, and testing is challenging. This double-layered opacity limits an organization’s ability to diagnose performance issues, fine-tune policy enforcement, or validate security outcomes.

“The only way to know if an SSE offering works properly is to test it,” said Vikram Phatak, CEO of CyberRatings.org. Our test determined that Zscaler provides exceptional security effectiveness and strong coverage across a wide variety of threat categories.”

CyberRatings is on track to test several other SSE vendors for Threat Protection along with a Comparative Report to be published this summer.

In addition to in-house testing technologies, CyberRatings used Keysight’s CyPerf tool to test performance and TLS/SSL functionality as well as TeraPackets Threat Replayer tool for exploit packet capture replay.

Unpacking Zscaler’s Stellar AAA Rating in CyberRatings 2024 SSE Test

Posted on by CyberRatings.org

CyberRatings.org (“CyberRatings”), the premier non-profit security testing organization, has awarded the Zscaler Zero Trust Exchange an “AAA” rating in its 2024 Threat Protection Test. This top rating underscores Zscaler’s exceptional out-of-the-box security efficacy, which stands at 98%.

The test encompassed over one thousand evasion techniques, all of which were successfully blocked by Zscaler, including sophisticated, multi-layered evasions that employ various techniques.

Watch the webinar here.

Zscaler Zero Trust Exchange Earns “AAA” Rating in CyberRatings.org Security Service Edge Threat Protection Test.

Posted on by CyberRatings.org

Austin, TX – June 11, 2024 – cyberratings.org/ (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent test of Zscaler’s Zero Trust Exchange Security Service Edge (SSE). An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet. Zscaler received a “AAA” rating for Security Service Edge after achieving a 98.0% Protection Rate for blocking 98.05% of Exploits, 99.93% of Malware and 100% of Evasions.

The product was subjected to thorough testing using both clear text and encrypted traffic to provide a more realistic rating based on modern network traffic. Zscaler’s Zero Trust Exchange was measured against how it defended against 205 exploits, 7,140 malware samples and whether any of 1,124 evasions could bypass its protection using clear text and TLS/SSL 1.2 and 1.3 cipher suites.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion. Zscaler resisted 1,124 out 1,124 evasions.

The combined measurements to determine the overall Protection Rate also included false positives, which is a key to correctly identifying and allowing legitimate traffic while protecting against malware, exploits, and phishing attacks. False positive tests assessed Zscaler’s ability to block attacks while permitting legitimate traffic achieving 99.86% for browsing and 96.85% for file downloads.

“Zscaler handled all use cases with ease and demonstrated that they could block attacks under a wide variety of conditions. Their offering should be on everyone’s short list,” said Vikram Phatak, CEO of cyberratings.org/.

CyberRatings is on track to test several other SSE vendors this year for Threat Protection along with Software-Defined Wide Area Network (SD-WAN), and Zero Trust Network Access (ZTNA) bringing together the Secure Access Service Edge (SASE) package of test results later in the year.

CyberRatings.org Announces Test Results and Ratings. Security Service Edge (SSE) Focused on Firewall as a Service

Posted on by CyberRatings.org

AUSTIN, Texas – June 7, 2022 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has published its Security Service Edge (SSE) rating for Zscaler. CyberRatings conducted an independent test of Zscaler’s Firewall as a Service (FWaaS) with Zscaler earning a ‘AAA’ rating overall. Management, Routing and Policy Enforcement, Zero Trust Network Access (ZTNA), SSL/TLS Functionality and Performance were tested.

SSE technology is new to the market with security vendors continuing to introduce their technology offerings in the space. First introduced by Gartner in a late 2019 blog post as Secure Access Service Edge (SASE) technologies include SD-WAN, SWG, CASB, ZTNA and FWaaS as core abilities. Gartner then introduced Security Service Edge (SSE) in 2021 as a subset of SASE which excluded the SD-WAN.

“This SSE test is the first of its kind. The complexity of testing new technologies in a cloud service meant we couldn’t just use the same test tools and procedures. Everything needed to be reimagined,” said Vikram Phatak, CEO of CyberRatings.org. “We collaborated with Keysight’s network and cloud product teams over many months to develop tools that could address this challenge,” added Phatak.

Keysight developed CyPerf in order to test cloud performance (including the performance of TLS / SSL encrypted traffic) cipher suite support, policy enforcement and stability / reliability.

“The distributed nature of hybrid/cloud networks calls for a new way of testing,” said Ram Periakaruppan vice president and general manager, Keysight’s Network Test and Security Solutions. “Keysight developed its industry-first cloud-native CyPerf test solution to help users validate services like SSE, software-defined wide area network (SD-WAN), and cloud network firewall. We are excited to partner with CyberRatings in testing the SSE technology.”

CyberRatings has a three-phase plan for testing SSE products, with FWaaS and ZTNA as the first phase. Phase two will include testing detection / prevention of exploits, malware, and evasions. The third phase will address data protection, exfiltration and compliance.

CyberRatings Announces First-of-its-kind Cloud Test Focused on FWaaS and ZTNA

Posted on by CyberRatings.org

AUSTIN, Texas – July 19, 2021 – CyberRatings.org, the non-profit entity dedicated to providing transparency on cybersecurity product efficacy, has published its first Secure Access Service Edge (SASE) rating. CyberRatings conducted an independent test of Zscaler’s Firewall as a Service (FWaaS), including its Zero Trust Network Access (ZTNA) capabilities using Zscaler Internet Access and Zscaler Private Access. Zscaler earned a ‘AA’ rating overall, with components of the test achieving ‘AA’ to ‘AAA’ ratings.

SASE technology is relatively new to the market, introduced by Gartner in a late 2019 blog post. It is a new package of technologies delivered as a service:

  • Access control (FWaaS and ZTNA)
  • Threat protection (Secure Web Gateway, anti-malware, and intrusion prevention)
  • Data protection (Cloud Access Security Broker and Data Loss Prevention)

“The pandemic accelerated adoption of new technologies such as SASE that securely enable a distributed workforce,” said Vikram Phatak, CEO of CyberRatings.org. “This first-of-its-kind test provides the cybersecurity industry with a reliable and independent way to evaluate SASE offerings.”

Because these technologies are so new, CyberRatings spent several months working with Keysight’s network and cloud product teams to develop the apparatus to test FWaaS and ZTNA. Keysight provided CyPerf for testing stability and reliability, TLS / SSL functionality, and application performance.

“The distributed nature of hybrid/cloud networks calls for a new way of testing,” said Ram Periakaruppan vice president and general manager, Keysight’s Network Test and Security Solutions. “Keysight developed its industry-first cloud-native CyPerf test solution to help users validate services like SASE, software-defined wide area network (SD-WAN), and cloud network firewall. We are excited to partner with CyberRatings in this first independent test of SASE technology.”

CyberRatings has a three-phase plan for testing SASE products, with FWaaS and ZTNA as the first phase. Phase two will include testing discovery and handling of exploits, malware, and evasions. The third phase will address cloud access security broker (CASB) and data leak protection (DLP).