July 17, 2018

NGFW achieves highest security effectiveness

Jim Fulton

While next generation firewalls (NGFWs) have historically been thought of as security products, it’s surprising how few vendors deliver security that actually works.

We’ve spent the last decade researching, developing, and creating technology for defeating ever-increasing advanced threats. With Forcepoint NGFW, we didn’t just sprinkle security on top of high-performance networking (see below); we built it right into our multi-ISP connectivity, delivered via high-availability clustered gateways that are centrally managed, even at enterprise scale.

As a result, Forcepoint NGFW’s integrated defenses against evasion techniques and exploits have once again received NSS Labs’ highest rating of “RECOMMENDED,” continuing an unbroken streak that spans every NGFW Group Test in the last 6 years that NSS Labs has performed.

Top Security Efficacy, Better-than-Expected Throughput

This is the third NSS Labs Group Test in a row in which Forcepoint NGFW received the highest security efficacy score. This year’s test was significantly more difficult—there were 39% more evasion tests—but Forcepoint NGFW still stopped 99.7% of all attacks and even blocked 100% of evasions. As Vikram Phatak, CEO at NSS Labs, notes, “The Forcepoint NGFW 2105 had the highest security effectiveness in the NSS Labs 2018 NGFW Group Test and its throughput was rated even higher than Forcepoint’s claimed performance.”

That last part is worth noting. The throughput measured by NSS Labs outperformed even our own published rates, achieving 102% for unencrypted traffic and 148% for SSL/TLS traffic. Outperforming a claim—you don’t see that happen often!

We also scored well on NSS Labs’ “weighted cost of ownership” measurement, even though our centralized management is geared towards administering hundreds or thousands of devices rather than setting up single units.

It’s certainly nice to see other vendors finally starting to take evasions seriously (for which we give a lot of credit to NSS Labs). At this stage, there is no excuse for any vendor to perform poorly on evasions. We’ve all known about them for years, including that they can’t just be addressed through old approaches like signatures. Unfortunately, even vendors who manage to pass NSS Labs’ tests are often still vulnerable (and we have the video of them letting in ransomware to prove it), so it pays to be diligent.

If you’d like to learn more, you can download the results of NSS Labs’ Forcepoint NGFW test.

Jim Fulton

Jim Fulton serves as VP Product Marketing & Analyst Relations, focused on SASE, SSE and Zero Trust data security. He has been delivering enterprise access and security products for more than 20 years and holds a degree in Computer Science from MIT.

Read more articles by Jim Fulton

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.