End users are finding that NGFWs are no longer as limiting in their performance or capability trade-offs as they once were. NSS Labs discovered that many enterprises are choosing NGFW over traditional firewalls for a variety of reasons without feeling that they are compromising on features or performance. Some NGFW solutions scale to tens of gigabits which satisfies the needs of all but the most demanding enterprise WAN connections.
NSS Labs regularly released NGFW Security Value Mapâ„¢, Comparative Analysis Reports, and Product Analysis Reports. These results help guide security professionals in the enterprise to make informed decisions when evaluating the many offerings in the industry.
NSS Labs designed the test to focus on the following four areas:
- Security effectiveness
- Performance
- Stability
- Total Cost of Ownership (TCO)
Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced the company received its eleventh ‘Recommended’ rating from NSS Labs. Check Point’s latest results earned its fifth ‘Recommended’ rating in the NSS Labs Next Generation Firewall Test, delivering top results with the highest block rate (99.8%) from the NSS Labs Exploit Library and tied for the highest security effectiveness score (99.6%).
Hillstone Networks Next-Generation Firewall's high marks include lowest for Total Cost of Ownership (TCO) per Protected Mbps, blocking 99.6% of exploits from the NSS exploit library and blocking 98.32% of live exploits over a 2-month period from December 1, 2015 – January 31, 2016.
NSS 2016 NGFW Group Test SVM |
2014
NSS Labs said the Palo Alto PA-3020 Appliance passed stability and reliability tests, and enforced firewall policies. It also correctly enforced complex outbound and inbound policies, the firm said. The appliance fell short in detecting evasion measures often used by attackers to bypass firewalls. Using RPC and IP Fragmentation attacks, NSS Labs was able to conduct a bypass. The appliance also took a performance hit, earning a 719-Mbps rating while the vendor claimed 1-Gbps performance.
NSS 2014 NGFW Group Test SVM |
2013
WatchGuard's XTM 2050 appliance got poor marks and earned a caution designation after it fell well below competitors.
NSS 2013 NGFW Group Test SVM |
2012
NSS 2012 NGFW Group Test SVM |
2011
NSS 2011 NGFW Group Test SVM |
Reference:
Palo Alto for NGFW facts from Checkpoint view