TCO per Protected Mbps Ranged
between US$2 to US$57
7 out of 10
Products Achieved a
The Security Effectiveness of
Verified Products Ranged
Between 25% and 99.7%
The next generation firewall (NGFW) is the first line of defense against today’s threats and is a critical component of any defense-in-depth strategy. The NGFW market is one of the largest and most mature in the cybersecurity industry. NGFW technologies have evolved from packet filtering and circuit-level gateways to application layer (proxy-based) and dynamic packet filtering firewalls that use port and protocol combinations to create and enforce access control policy between trusted and untrusted networks.
Traditional FWs relied on common application ports to determine which applications were running and which attacks to watch for, but the NGFW can identify and allow, block, or limit applications regardless of the ports and protocols used.
NGFW must also be capable of performing deep packet inspection on all packets, on all ports, and over all protocols in order to determine which applications are running over which ports and thus secure them effectively. Also, the expanded use of SSL/TLS in much of the traffic traversing the modern network makes it necessary to inspect encrypted content.
NSS Labs' Next Generation Firewall (NGFW) Group Test evaluates market-leading NGFW products on security effectiveness, performance, stability and reliability, and total cost of ownership (TCO). The NGFW Group Test provides individual Test Reports and Comparative Reports that enable enterprises to make informed decisions to evolve and rationalize their cyber risk programs.
Individual Test Reports
Test Reports provide detailed analysis for each product tested. Data from these reports is used in the NSS Labs Comparative Reports.
Test Reports enable enterprise security teams to understand the impact of features and limitations across different products. These reports are used to shortlist products for further evaluation and proof-of concept testing.