Next Generation Firewall Solution Testing: Performance, Compliance and Advantages Executive Summary Miercom was engaged by Zscaler to conduct independent performance testing and an assessment of key features and capabilities of the Zscaler Internet Security platform, comparing its cloud-based Zscaler Next Generation Firewall product to competing vendors that use traditional hardware and software devices. In late April 2015, Miercom tested the Zscaler Next Generation Firewall against three competitive next generation firewall (NGFW) products, all products were provided by Zscaler. The products were all evaluated using a set of security and compliance criteria combining Zscaler’s proprietary test suite and Miercom’s independent test harness. The tests focused on the following performance areas: ? ? Security: ability to provide protection against basic and advanced threats Compliance: ability to enforce typical data loss prevention and access policies As part of the security test section of this study, Miercom assessed malware efficacy using its own sample set. The effectiveness of each security solution was tested, and the results were combined with a Total Cost of Ownership assessment provided by Zscaler to create a map demonstrating relative value. Key Findings ? ? ? The Zscaler Next Generation Firewall exhibits a high-value, low-cost option for enterprises looking for an extra layer of security with very low deployment impact in comparison to traditional hardware-based solutions Cloud-based solutions have the advantage of scanning traffic in real-time to give global, up-to-date protection to any user at all times Zscaler performed very well against advanced malware samples, scoring 100% in blocking AETs and APTs, and 97% against active threats. Its SSL decryption provides a novel approach to detect malware sent over the internet. Based on the impressive results of our testing, we award the Miercom Performance Verified Certification to the Zscaler Next Generation Firewall, having turned in an outstanding performance in Miercom"s ongoing network security study. Robert Smithers CEO Miercom Zscaler Cloud Service Copyright © 2015 Miercom 3 DR150406D 4 December 2015 Next Generation Firewall Cyber-attacks have historically been noisy and opportunistic, focusing on server-side vulnerabilities, and traditional firewalls focused on blocking IP addresses, ports and protocols. But the world has changed. Today, attackers that once targeted enterprise servers have now realized that it is far easier to exploit client machines, thanks to weak defenses and naive users. Increasingly sophisticated cyber-threats are using more complex attack methodologies like protocol tunneling and port hopping to fool traditional firewalls. Defending against these complex attack methodologies requires a new generation of firewall that understands users and can defend against application-based attacks. More specifically, a Next Generation Firewall must be able to: ? ? ? ? ? ? ? ? Identify applications with full application context awareness Identify and block threats that try to use “known good” ports and protocols Identify and block threats that try to use evasive tactics such as non-standard ports or “port hopping” Identify and block threats that try to use SSL Identify users, groups and locations and apply policy regardless of IP address Identify and block outbound data leaks Identify and block outbound botnet command and control communications Provide global visibility and granular policy management And do all of this while delivering extremely high throughput and reliability at a reasonable cost. Zscaler Cloud Service Copyright © 2015 Miercom 4 DR150406D 4 December 2015 Please complete the form to gain access to this content Access Now Related Resources Accelerating Secure Digital Transformation Busque estas diez capacidades imprescindibles Ricerca queste 10 funzionalità indispensabili Recherchez ces 10 caractéristiques indispensables Look for these 10 Must-Have Capabilities 10 unverzichtbare Merkmale einer unternehmenstauglichen ZTNA-Lösung Informe de riesgos de VPN de 2023 por Cybersecurity Insiders Report 2023 sui rischi della VPN di Cybersecurity Insiders Rapport 2023 sur les risques liés aux VPN par Cybersecurity Insiders 2023 Cybersecurity Insiders VPN Risk Report Report zu VPN-Risiken 2023 von Cybersecurity Insiders Cómo Zscaler cumple la promesa de la confianza cero en su arquitectura In che modo Zscaler onora la promessa dell’architettura Zero Trust Comment Zscaler honore la promesse de l’architecture Zero Trust How Zscaler Delivers on the Promise of the Zero Trust Architecture Zscaler: eine Lösung, die hält, was Zero Trust verspricht Ofrecer una seguridad incomparable y un valor económico superior con Zscaler Zero Trust Exchange Zscaler Zero Trust Exchange: una sicurezza ineguagliabile con un valore economico superiore Garantir une sécurité inégalée et une rentabilité optimale avec Zscaler Zero Trust Exchange Delivering Unparalleled Security with Superior Economic Value Erstklassige Sicherheit und überdurchschnittlicher wirtschaftlicher Nutzen mit der Zscaler Zero Trust Exchange
Executive Summary Miercom was engaged by Zscaler to conduct independent performance testing and an assessment of key features and capabilities of the Zscaler Internet Security platform, comparing its cloud-based Zscaler Next Generation Firewall product to competing vendors that use traditional hardware and software devices. In late April 2015, Miercom tested the Zscaler Next Generation Firewall against three competitive next generation firewall (NGFW) products, all products were provided by Zscaler. The products were all evaluated using a set of security and compliance criteria combining Zscaler’s proprietary test suite and Miercom’s independent test harness. The tests focused on the following performance areas: ? ? Security: ability to provide protection against basic and advanced threats Compliance: ability to enforce typical data loss prevention and access policies As part of the security test section of this study, Miercom assessed malware efficacy using its own sample set. The effectiveness of each security solution was tested, and the results were combined with a Total Cost of Ownership assessment provided by Zscaler to create a map demonstrating relative value. Key Findings ? ? ? The Zscaler Next Generation Firewall exhibits a high-value, low-cost option for enterprises looking for an extra layer of security with very low deployment impact in comparison to traditional hardware-based solutions Cloud-based solutions have the advantage of scanning traffic in real-time to give global, up-to-date protection to any user at all times Zscaler performed very well against advanced malware samples, scoring 100% in blocking AETs and APTs, and 97% against active threats. Its SSL decryption provides a novel approach to detect malware sent over the internet. Based on the impressive results of our testing, we award the Miercom Performance Verified Certification to the Zscaler Next Generation Firewall, having turned in an outstanding performance in Miercom"s ongoing network security study. Robert Smithers CEO Miercom Zscaler Cloud Service Copyright © 2015 Miercom 3 DR150406D 4 December 2015 Next Generation Firewall Cyber-attacks have historically been noisy and opportunistic, focusing on server-side vulnerabilities, and traditional firewalls focused on blocking IP addresses, ports and protocols. But the world has changed. Today, attackers that once targeted enterprise servers have now realized that it is far easier to exploit client machines, thanks to weak defenses and naive users. Increasingly sophisticated cyber-threats are using more complex attack methodologies like protocol tunneling and port hopping to fool traditional firewalls. Defending against these complex attack methodologies requires a new generation of firewall that understands users and can defend against application-based attacks. More specifically, a Next Generation Firewall must be able to: ? ? ? ? ? ? ? ? Identify applications with full application context awareness Identify and block threats that try to use “known good” ports and protocols Identify and block threats that try to use evasive tactics such as non-standard ports or “port hopping” Identify and block threats that try to use SSL Identify users, groups and locations and apply policy regardless of IP address Identify and block outbound data leaks Identify and block outbound botnet command and control communications Provide global visibility and granular policy management And do all of this while delivering extremely high throughput and reliability at a reasonable cost. Zscaler Cloud Service Copyright © 2015 Miercom 4 DR150406D 4 December 2015
