Overall Security Effectiveness ranged from 58.1% to 99.6%.
AUSTIN, Texas – February 29, 2016 – NSS Labs, the world’s leading information security research and advisory company, today released its latest next generation firewall (NGFW) Security Value Map™ (SVM) and Comparative Analysis Report series, evaluating 13 leading NGFW products for security effectiveness, performance, and total cost of ownership (TCO). These 13 products account for 96% of the NGFW market share.
The NGFW market was $4.45B in 2015, and is expected to grow to $8.55B in 2019, a CAGR of 17.7%. The combination of size, growth rate, and importance of this market space has attracted new players, including first-time entrants from Chinese firms Huawei Technologies and Hillstone Networks.
This is the first NGFW Group Test to integrate the Cyber Advanced Warning SystemTM (CAWS) for continuous testing during the months of December 2015 and January 2016, making it the only multi-vendor test in the world conducted with both an exhaustive exploit library and hundreds of drive-by exploits being used in active campaigns by threat actors. CAWS provided valuable insight into how products perform over time, the speed at which vendors respond to new attacks, and overall consistency of protection. Some products proved highly consistent while others did not. Daily block rates ranged from 26.9% to 100%.
This is also the first year NSS conducted research into ‘street prices’, capturing vendor discounts in competitive bid situations. Solution discounts ranged from 5% to 58%, while hardware-only discounts ranged from 5% to 65%.
Additional test highlights include:
- 7 of 13 products achieved Recommended status.
- Overall Security Effectiveness ranged from 58.1% to 99.6%.
- CAWS live testing revealed that no single product blocked all attacks.
- Average Total Cost of Ownership (TCO) per protected megabit per second was US$27, with individual vendor TCO ranging from US$6 to US$97.
“This year’s NGFW Group Test is our largest ever,” said Mike Spanbauer, Vice President, Security, Test & Advisory for NSS Labs. “Given the number of vendor participants, and integrated visibility into live threat performance, we are providing security decision makers with the most comprehensive purchase and continuous risk management insight available.”
The following products were included in the 2016 NGFW Group Test:
- Barracuda Networks F600.E20 v6.1.1-071
- Check Point Software Technologies 13800 Next Generation Firewall Appliance vR77.20
- Cisco ASA 5585-X SSP-60 v18.104.22.168
- Cisco FirePOWER Appliance 8350 v22.214.171.124
- Cyberoam – Cyberoam CR2500iNG-XP v10.6.3
- Dell SonicWALL SuperMassive E10800 SonicOS Enhanced v126.96.36.199-177o
- Forcepoint Stonesoft Next-Generation Firewall 1402 v5.8.5
- Fortinet FortiGate 3200D v5.2.4, build 5069
- Hillstone Networks SG-6000-E5960 v5.5 SG6000-M-2-5.5R1P2.2
- Huawei Technologies USG6650 vV500R001C00SPC010T
- Juniper Networks SRX5400E JUNOS Software Release v12.3X48
- Palo Alto Networks PA-7050 v6.0.11-h1
- WatchGuard Technologies XTM 1525 v11.9.4 build 486684
The NGFW individual test reports, comparative reports and the Security Value Map™ can be found at www.nsslabs.com.