CyberRatings.org and NSS Labs Announce 2025 Enterprise Firewall Test Results
Security Effectiveness Ranges from 46.37% to 99.59%
安全有效性範圍從46.37%到99.59%
AUSTIN, Texas, Nov. 5, 2025 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing confidence in cybersecurity products and services through independent testing, today announced the results of its latest Enterprise Firewall (EFW) evaluation. Tests were conducted by NSS Labs and are now available at no cost on the CyberRatings.org website.
德克薩斯州奧斯汀,2025年11月5日/PRNewswire/--CyberRatings.org(CyberRatings),致力於通過獨立測試提供對網絡安全產品和服務信心的非營利組織,今天宣佈了其最新的企業防火牆(EFW)評估結果。測試由NSS Labs執行,現在可以在CyberRatings.org網站上免費獲取。
NSS Labs performed independent evaluations of seven leading Enterprise Firewall products using the Enterprise Firewall Test Methodology v3.0. The testing revealed a striking disparity in performance — Security Effectiveness ranged from 46.37% to 99.59%.
NSS Labs使用企業防火牆測試方法v3.0對七款領先的企業防火牆產品進行了獨立評估。測試揭示了性能上的顯著差異——安全有效性從46.37%到99.59%不等。
Attackers are bypassing defenses. Only three of seven products earned a Recommended rating.
攻擊者正在繞過防禦系統。只有三款產品獲得了推薦評級。
Firewalls were tested under encrypted enterprise-grade workloads using 3,326 exploits, 11,311 malware samples, 5,752 evasion techniques spanning 53 evasion categories, 6,481 false-positive samples, and 55 performance tests. Each firewall was required to maintain operational stability throughout testing.
防火牆在加密的企業級工作負載下進行了測試,共使用了3,326個漏洞利用、11,311個惡意軟件樣本、5,752種規避技術,覆蓋53種規避類別、6,481個誤報樣本以及55項性能測試。每個防火牆在測試過程中都必須保持操作穩定性。
Key Findings
主要發現
- Attackers Are Bypassing Defenses:
While average exploit and malware block rates exceeded 96%, three widely deployed vendors failed critical evasion tests that significantly reduced their effectiveness. Only three of seven products earned a Recommended rating. - Evasion Vulnerabilities:
Common transport and network-layer evasions, techniques that can be applied to nearly every attack, bypassed some of the world's most widely used firewalls. - Encrypted Threats:
More than 95% of global web traffic is encrypted. Detecting attacks hidden within TLS/SSL sessions remains a crucial differentiator; some products showed marked performance degradation when inspecting encrypted traffic. - Accuracy Matters:
One product recorded only 80% false-positive accuracy, potentially increasing operational costs and reducing trust in security alerts as customers disable protections to reduce noise.
- 攻擊者正在繞過防禦:
儘管平均漏洞和惡意軟件攔截率超過96%,但三家廣泛部署的供應商未能通過關鍵的規避測試,這大大降低了它們的有效性。只有三款產品獲得了推薦評級。 - 規避漏洞:
常見的傳輸和網絡層規避技術,這些技術幾乎可以應用於每一種攻擊,繞過了世界上一些最廣泛使用的防火牆。 - 加密威脅:
全球超過95%的網絡流量是加密的。檢測隱藏在TLS/SSL會話中的攻擊仍然是一個關鍵的差異化因素;一些產品在檢查加密流量時表現出明顯的性能下降。 - 準確性至關重要:
一款產品記錄的誤報準確率僅爲80%,這可能會增加運營成本,並因客戶禁用保護措施以減少噪音而降低對安全警報的信任。
"Enterprise Firewalls are constantly evolving to combat new attacker techniques and tools but sometimes that evolution takes a wrong turn," said Vikram Phatak, CEO of CyberRatings.org. "A vendor can have a near-perfect detection engine but if attackers can bypass that engine it gives them a clear path through your defenses."
Vikram Phatak,CyberRatings.org的首席執行官表示:「企業防火牆不斷演進,以應對新的攻擊技術和工具,但有時這種演變會走上錯誤的道路。」 「供應商可能擁有近乎完美的檢測引擎,但如果攻擊者可以繞過該引擎,就會爲他們提供一條穿過防禦的清晰路徑。」
The test results are as follows:
測試結果如下:
| Enterprise Firewall (EFW) |
Rating |
Security Effectiveness |
False Positive Accuracy |
| Check Point CP-CGS-9300 |
Recommended |
99.59 % |
99.35 % |
| Cisco Firepower 2130 |
Caution |
57.34 % |
79.94 % |
| Forcepoint 2210 |
Neutral |
99.53 % |
95.22 % |
| Fortinet FortiGate-200G |
Caution |
79.24 % |
99.41 % |
| Juniper Networks SRX4300 |
Recommended |
99.16 % |
98.43 % |
| Palo Alto Networks PA-1410 |
Caution |
46.37 % |
99.66 % |
| Versa Networks CSG5200 |
Recommended |
99.43 % |
99.63 % |
| 企業防火牆 (EFW) |
評級 |
安全有效性 |
誤報準確性 |
| Check Point CP-CGS-9300 |
推薦 |
99.59 % |
99.35 % |
| 思科Firepower 2130 |
警告 |
57.34 % |
79.94 % |
| Forcepoint 2210 |
中性 |
99.53 % |
95.22 % |
| 飛塔信息 FortiGate-200G |
警告 |
79.24 % |
99.41 % |
| 瞻博網絡 SRX4300 |
推薦的 |
99.16 % |
98.43 % |
| Palo Alto Networks PA-1410 |
警告 |
46.37 % |
99.66 % |
| Versa Networks CSG5200 |
推薦 |
99.43 % |
99.63 % |
NSS Labs is the Official Testing Partner of CyberRatings, generating the test results and reports for CyberRatings publications. NSS Labs developed tools and Keysight's CyPerf tool were used to test the security, performance, TLS functionality, and stability of Enterprise Firewalls.
NSS Labs 是 CyberRatings 的官方測試合作伙伴,爲 CyberRatings 的出版物生成測試結果和報告。 NSS Labs 開發的工具和 Keysight 的 CyPerf 工具被用於測試企業防火牆的安全性、性能、TLS 功能和穩定性。
The Enterprise Firewall Test Reports, Comparative Report and Security Map are available at CyberRatings.org.
《企業防火牆測試報告》、《對比報告》和《安全地圖》可在 CyberRatings.org 獲取。
About CyberRatings.org
關於 CyberRatings.org
CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member, visit and follow us on LinkedIn.
CyberRatings.org 是一家 501(c)6 非營利組織,致力於通過我們的研究和測試項目對網絡安全產品和服務提供信心。我們爲企業提供獨立、客觀的安全產品有效性評級,以幫助做出明智的決策。要成爲會員,請訪問 並在 LinkedIn 上關注我們。
SOURCE CyberRatings.org
資料來源:CyberRatings.org
21%
21%
譯文內容由第三人軟體翻譯。