Publications

Advanced Cloud Firewall (ACFW) CyberRisk Validation Reports 2024

Many years ago, bring your own device (BYOD) and its twin, work from home (WFH) began whittling away at the network perimeter. More recently the adoption of cloud services has added an expanded perimeter that requires specialized security technologies to address the new attack vectors that are being exploited by state-sponsored attackers as well as opportunistic cybercriminals. A critical piece of these cloud-centric defenses are Advanced Cloud Firewalls (ACFWs). As is the case with all security products, the efficacy of these solutions is paramount. However, operational efficiency is also critical. Operational efficiency encompasses a wide array of aspects ranging from deployment to policy management to business continuity management, and much more. The higher the operational efficiency the less total cost of ownership (TOC) and the less the odds mistakes causing security lapses induced by complexity.

Twelve leading ACFW solutions were tested against multiple distinct enterprise-centric categories, involving attack vectors of more than 1000 real-world operational scenarios. Twelve classes of operational metrics were evaluated for each product. The comparative report provides a high-level comparison the security efficacy and operational efficiency of the tested ACFWs

Default configurations and rule sets were used for the majority of the products in this test. “Detect Only” mode settings that were part of default configurations were modified to “Block” mode, with default rulesets and publicly available vendor recommendations used as applicable.

Cloud Web Application Firewall (WAF) CyberRisk Validation Reports 2022

Bring Your Own Device (BYOD) and the remote workforce have dissolved the network perimeter and expanded the enterprise attack surface. While we combat the rise in threats to our cloud and hybrid environments, cost savings and operational simplicity drive organizations to adopt cloud-native and cloud-driven application architectures. These include API-driven, multi-tenant and multiuser applications. The ubiquitous adoption of the cloud is not without challenges. Web application-based vulnerabilities are among the top breach vectors. Cloud-based web application firewalls (WAFs) are designed to protect web applications without interrupting business continuity in the cloud-first world.

More than 9,000 attacks were tested against each of the 14 products validated. Individual reports simplify and summarize our findings and include group averages for context. Individual reports for the 14 tested solutions are published below. The comparative report provides a high-level comparison for security efficacy, operational efficiency, and return on security investment (ROSI).

Default configurations and rule sets were used for the majority of the products in this test. “Detect Only” mode settings that were part of default configurations were modified to “Block” mode, with default rulesets and publicly available vendor recommendations used as applicable.

Current Methodologies Under Test

Cloud Web Application Firewall (WAF) CyberRisk Validation Reports 2021

The remote workforce has transformed the network perimeter and driven organizations to the cloud. Attackers have also adapted to the new IT landscape. Web application-based vulnerabilities are among the top breach vectors. The Web Application Firewall (WAF) remains the most frequently used security control to protect web applications against attacks. To help organizations, SecureIQLab has validated the security efficacy and operational efficiency of nine popular web application firewalls. This effort will help organizations understand the return on security investment for WAF solutions and evolve their network defenses to prevent web servers and their applications from being exploited.

More than 22,000 attacks were tested against each of the products validated. Individual reports simplify and summarize our findings and include group averages for context. Individual reports for the nine tested solutions are projected to publish over the next few weeks and culminate with a comparative report. The comparative report will provide a high-level comparison for security efficacy, operational efficiency, and return on security investment.

Default configurations and rule sets were used for the majority of the products in this test. However, any “Detect Only” mode settings that were part of default configurations were modified to “Block” mode, with default rulesets used as applicable.


Cloud WAF CyberRisk Validation Methodology

Attackers have moved up the stack. They are no longer simply attacking the web server and its underlying operating systems; they are attacking the web applications running on the web server that are front-ending critical corporate data. Such applications are often incredibly complex and difficult to secure effectively, and simple coding errors can render them wide open to remote exploits. To help organizations regain the upper hand against current attacks, SecureIQLab has undertaken the validation of popular web application firewalls in an effort to help enterprises understand the return on security investment for WAF solutions and evolve their network defenses to prevent web servers and their applications from being exploited.

CLICK HERE FOR DOWNLOAD

SecureIQLab CyberRisk Validation Roadmap

Our NGFW firewall-based tests will be focused on three key criteria: Security, Compliance, and enterprise centric workflows.

The evaluation of Cloud WAF will be based on blocking attacks against application and API based security threats, seamless integration, and deployment and scalability handling. We will also validate against compliance.

The evaluation of XDR will be based on blocking blended attacks across multiple security layers – email, endpoint, server, cloud workload, and network. Alerts will be evaluated from an operational perspective.

Healthcare focused ransomware test 

A combination of four solutions will be evaluated: Firewall, SWG, CASB and ZTNA