November 7, 2017

Forcepoint NGFW excels in security. Yet again.

Jim Fulton

Forcepoint’s mission is to help people rethink cybersecurity – to take a new approach that is far more secure, efficient and resilient for today’s rapidly shifting world. This was the founding principle of our next generation firewall, and today we’re pleased to announce yet more proof that Forcepoint NGFW is the industry’s strongest network security device. It’s also another example of how good things often come in threes, as we’ll see at the end.

Highest-Rated Security Effectiveness on 2017 NSS Labs NGIPS Test

There’s a gaping difference between hype and reality in the network security market that has never been more clear. Many vendors claim to deliver strong security, but Forcepoint has the proof. Once again, Forcepoint NGFW excelled in security effectiveness. This time it’s in NSS Labs’ 2017 Next Generation Intrusion Prevention System (NGIPS) Test, the leading independent examination of IPS systems.

Of the nine products they tested, Forcepoint NGFW:

  • Blocked 99.91% of all exploits (there were just 3 misses, which we  updated dynamically within hours)
  • Blocked 100% of all 157 evasions tested
  • Had one of the lowest total cost of ownership (TCO) scores
  • Received NSS Labs’ coveted “RECOMMENDED” rating yet again

2nd Year in a Row that Forcepoint NGFW Outperformed Even Special-Purpose IPS Devices

In this year’s NGIPS Test, NSS Labs tested nine different products, including a variety of dedicated IPS-only boxes. Forcepoint NGFW achieved a 99.9% security effectiveness score, the second year in a row we've scored over 99%. 

But, unlike many firewalls that require add-on blades or expensive licenses, Forcepoint NGFW includes the full power of its IPS at no extra charge. And, we also provide full firewall capabilities, VPN connectivity that can be set up in minutes, multi-link network clustering, and interactive dashboards that provide visibility all throughout your network – from your data centers and office networks to branch locations and the cloud.

Forcepoint Excels in Security Against Evasions, Exploits, and Malware

NSS Labs tests are so important because they provide one of the most realistic measures of what products are likely to face in the real world. This year, NSS Labs increased their focus on evasion techniques, the methods that attackers use to disguise exploits and malware. Many vendors tout their ability to catch exploits, but only if those exploits aren’t obscured by evasions. As NSS Labs points out:

“Failure of a security device to correctly identify a specific type of evasion potentially allows an attacker to use an entire class of exploits for which the device is assumed to have protection. This renders the device virtually useless. Many of the techniques used in this test have been widely known for years and should be considered minimum requirements for the NGIPS product category.

Providing exploit protection results without fully factoring in evasion can be misleading.”

– NSS Labs, Next Generation Intrusion Prevention System (NGIPS) Test Report, p. 8

The Security Value Map that NSS Labs published with the test illustrates just how misleading such claims about exploit protection can be. In the absence of evasions, all of the products did relatively well in catching exploits. However, once evasions were turned on, the effectiveness of all but four products dropped significantly. When this happens, attackers can pass right through the security device to deliver exploits to their targets. This puts any unpatched systems at risk from even older, well-known exploits, let alone zero-day attacks.

Why does Forcepoint do so well against evasions? Well, we literally wrote the book on them (Advanced Evasion Techniques for Dummies) and we offer the industry’s only software-based, ready-made evasion test lab, Evader. We see them as one of the three things that modern network security must protect against in order to defeat exploits and malware. Now, we’re pleased to be able to say that we offer the #1 security for each stage in defending your network:

  • Evasions – Blocked all 137 evasions in NSS Labs 2017 NGFW Test
  • Exploits – Block rate of 99.91% in NSS Labs 2017 NGIPS Test
  • Malware – We offer Lastline's breach detection technology, which excels at stopping advanced malware.

If you’d like to learn more, please download Forcepoint’s detailed NGIPS test results.

This December, join Forcepoint at Black Hat Europe 2017 to learn more about the evasion vulnerabilities NSS found across many leading NGIPS devices and see a demonstration of tools available to test your network security for vulnerabilities to evasions.

Jim Fulton

Jim Fulton serves as VP Product Marketing & Analyst Relations, focused on SASE, SSE and Zero Trust data security. He has been delivering enterprise access and security products for more than 20 years and holds a degree in Computer Science from MIT.

Read more articles by Jim Fulton

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.