Next Generation Firewall (NGFW)
In the ninth NSS Labs NGFW Group Test, 12 of the industry’s leading NGFW products were tested to compare capabilities across multiple use cases. Products were assessed for security effectiveness, total cost of ownership (TCO), and performance.
Firewalls are the most widely deployed network security devices. Enterprises expect modern firewalls (NGFWs) to prevent exploits and malware from infecting critical systems.
What We Tested
Enterprises expect when they purchase products that they will remain viable over multiple years.
While it is tempting to draw conclusions from one test, NSS recommends enterprises favor vendors that consistently engage and improve over time. When in doubt, an NSS analyst is available to answer questions.
Scripting evasions are challenging for NGFWs since they require real-time code analysis in order to determine whether a function is legitimate or obfuscating an attack.
Vendor claims to protect vulnerabilities (regardless of the exploit specifics) are largely dependent on the nature of the vulnerability and whether it lends itself to such protection. Test results found all products had room for improvement when confronted with unknown variants of known exploits.
Research indicates that over 70% of Internet traffic is encrypted using TLS/SSL. NSS recommends measuring the performance of devices both with and without TLS/SSL enabled. Failure to do so could result in unexpected performance bottlenecks.