Photo credit: www.darkreading.com

Independent Evaluation of Cloud Service Provider Firewalls Unveils Varied Security Efficacies

AUSTIN, Texas, Nov. 26, 2024 /PRNewswire/ — CyberRatings.org, a non-profit organization committed to enhancing trust in cybersecurity solutions, has released findings from its independent “Mini-Test” assessing the effectiveness of native firewalls provided by major cloud service providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). The results showcased a significant range in security protection, with effectiveness rates recorded between 0.38% and 50.57%.

As organizations increasingly migrate their operations to the cloud, the decision on how to secure their infrastructures has become paramount. Businesses can choose to implement the firewalls native to their cloud service providers or opt for third-party firewall solutions available through the respective CSP marketplaces. Understanding the security effectiveness of these options is vital, as it directly influences an organization’s defense against cyber threats.

CyberRatings conducted extensive testing using Keysight’s CyPerf v5.0 software, subjecting the CSP firewalls to 522 known exploits. The assessment specifically focused on Common Vulnerabilities and Exposures (CVEs) identified in the last decade, emphasizing those with a medium or higher severity rating. This approach provided insights into how well the native firewalls could endure actual security challenges, particularly in scenarios relevant to cloud workload deployments.

Vikram Phatak, CEO of CyberRatings.org, commented on the test’s design, stating, “This was intended to be an entry-level evaluation. The exploits employed were straightforward, and we did not implement any evasive techniques that attackers often use to bypass security measures. The results, particularly the number of missed exploits, are worrying. Until these cloud-native options prove to be more effective in safeguarding against cyber risks, we highly advise customers to explore third-party firewall providers with established records of success.”

This “Mini-Test” represents the first phase of a broader evaluation. The subsequent part of the testing will introduce a larger pool of exploits, including evasive tactics and malware. This next phase aims to juxtapose cloud service native solutions directly against leading third-party cloud network firewall options in the marketplace.

The testing utilized Keysight’s CyPerf v5.0 platform, which facilitates easy replication of results. Organizations interested in exploring this testing methodology can take advantage of a two-week free trial offered by Keysight. Additional information regarding the strike library can be accessed at Keysight’s website.

The comprehensive test report can be found at cyberratings.org, providing free access to those looking to enhance their understanding of cybersecurity effectiveness.

About CyberRatings.org

CyberRatings.org is a 501(c)6 non-profit organization focused on fostering confidence in cybersecurity products and services via dedicated research and testing initiatives. The organization offers independent and objective evaluations of the efficacy of various security products, empowering enterprises to make well-informed decisions regarding their cybersecurity strategies. To learn more about membership opportunities, visit www.cyberratings.org and connect with them on LinkedIn.

SOURCE CyberRatings.org

Source
www.darkreading.com