News
NGFW achieves highest security effectiveness
July 2018 by Marc Jacob
While next generation firewalls (NGFWs) have historically been thought of as security products, it’s surprising how few vendors deliver security that actually works.
We’ve spent the last decade researching, developing, and creating technology for defeating ever-increasing advanced threats. With Forcepoint NGFW, we didn’t just sprinkle security on top of high-performance networking (see below); we built it right into our multi-ISP connectivity, delivered via high-availability clustered gateways that are centrally managed, even at enterprise scale.
As a result, Forcepoint NGFW’s integrated defenses against evasion techniques and exploits have once again received NSS Labs’ highest rating of “RECOMMENDED,” continuing an unbroken streak that spans every NGFW Group Test in the last 6 years that NSS Labs has performed.
Top Security Efficacy, Better-than-Expected Throughput
This is the third NSS Labs Group Test in a row in which Forcepoint NGFW received the highest security efficacy score. This year’s test was significantly more difficult—there were 39% more evasion tests—but Forcepoint NGFW still stopped 99.7% of all attacks and even blocked 100% of evasions. As
Vikram Phatak, CEO at NSS Labs, notes, “The Forcepoint NGFW 2105 had the highest security effectiveness in the NSS Labs 2018 NGFW Group Test and its throughput was rated even higher than Forcepoint’s claimed performance.”
That last part is worth noting. The throughput measured by NSS Labs outperformed even our own published rates, achieving 102% for unencrypted traffic and 148% for SSL/TLS traffic. Outperforming a claim—you don’t see that happen often!
We also scored well on NSS Labs’ “weighted cost of ownership” measurement, even though our centralized management is geared towards administering hundreds or thousands of devices rather than setting up single units.
It’s certainly nice to see other vendors finally starting to take evasions seriously (for which we give a lot of credit to NSS Labs). At this stage, there is no excuse for any vendor to perform poorly on evasions. We’ve all known about them for years, including that they can’t just be addressed through old approaches like signatures. Unfortunately, even vendors who manage to pass NSS Labs’ tests are often still vulnerable (and we have the video of them letting in ransomware to prove it), so it pays to be diligent.
