Next Generation Firewall Solution Testing: Performance, Compliance and Advantages Executive Summary Miercom was engaged by Zscaler to conduct independent performance testing and an assessment of key features and capabilities of the Zscaler Internet Security platform, comparing its cloud-based Zscaler Next Generation Firewall product to competing vendors that use traditional hardware and software devices. In late April 2015, Miercom tested the Zscaler Next Generation Firewall against three competitive next generation firewall (NGFW) products, all products were provided by Zscaler. The products were all evaluated using a set of security and compliance criteria combining Zscaler’s proprietary test suite and Miercom’s independent test harness. The tests focused on the... Executive Summary Miercom was engaged by Zscaler to conduct independent performance testing and an assessment of key features and capabilities of the Zscaler Internet Security platform, comparing its cloud-based Zscaler Next Generation Firewall product to competing vendors that use traditional hardware and software devices. In late April 2015, Miercom tested the Zscaler Next Generation Firewall against three competitive next generation firewall (NGFW) products, all products were provided by Zscaler. The products were all evaluated using a set of security and compliance criteria combining Zscaler’s proprietary test suite and Miercom’s independent test harness. The tests focused on the following performance areas: ? ? Security: ability to provide protection against basic and advanced threats Compliance: ability to enforce typical data loss prevention and access policies As part of the security test section of this study, Miercom assessed malware efficacy using its own sample set. The effectiveness of each security solution was tested, and the results were combined with a Total Cost of Ownership assessment provided by Zscaler to create a map demonstrating relative value. Key Findings ? ? ? The Zscaler Next Generation Firewall exhibits a high-value, low-cost option for enterprises looking for an extra layer of security with very low deployment impact in comparison to traditional hardware-based solutions Cloud-based solutions have the advantage of scanning traffic in real-time to give global, up-to-date protection to any user at all times Zscaler performed very well against advanced malware samples, scoring 100% in blocking AETs and APTs, and 97% against active threats. Its SSL decryption provides a novel approach to detect malware sent over the internet. Based on the impressive results of our testing, we award the Miercom Performance Verified Certification to the Zscaler Next Generation Firewall, having turned in an outstanding performance in Miercom"s ongoing network security study. Robert Smithers CEO Miercom Zscaler Cloud Service Copyright © 2015 Miercom 3 DR150406D 4 December 2015 Next Generation Firewall Cyber-attacks have historically been noisy and opportunistic, focusing on server-side vulnerabilities, and traditional firewalls focused on blocking IP addresses, ports and protocols. But the world has changed. Today, attackers that once targeted enterprise servers have now realized that it is far easier to exploit client machines, thanks to weak defenses and naive users. Increasingly sophisticated cyber-threats are using more complex attack methodologies like protocol tunneling and port hopping to fool traditional firewalls. Defending against these complex attack methodologies requires a new generation of firewall that understands users and can defend against application-based attacks. More specifically, a Next Generation Firewall must be able to: ? ? ? ? ? ? ? ? Identify applications with full application context awareness Identify and block threats that try to use “known good” ports and protocols Identify and block threats that try to use evasive tactics such as non-standard ports or “port hopping” Identify and block threats that try to use SSL Identify users, groups and locations and apply policy regardless of IP address Identify and block outbound data leaks Identify and block outbound botnet command and control communications Provide global visibility and granular policy management And do all of this while delivering extremely high throughput and reliability at a reasonable cost. Zscaler Cloud Service Copyright © 2015 Miercom 4 DR150406D 4 December 2015 Read more... Security in Unison Click for more details.. Read more... Security Authentication & Access Systems Autonomous Testing Cloud Security Compliance Cyber Data Centre Security Data Compliance Digital Security Endpoint Firewall Hacking IOT Security IT Threats & Vulnerabilities Malware Mobile Security Modern Management Network Security Operational Technology Phishing Ransomware SD-WAN Security Awareness Training Security Monitoring SIEM Threat Detection Threat Modeling Threat Prevention Web Application Security XDR Zero Day Zero Trust Vendors 01 Telecom 8x8 AB Tasty AB Tasty US Absolute Software Acuity ADAMOS Adobe x Microsoft (TMP) Amazon Amazon Local Amdocs Anaplan EMEA Aptible Aptitude Software APTTUS ATT Auth0 AWS (TMP) Azelis (TMP) B-Stock Backbase Barracuda Networks Barracuda Networks Inc (CS) Behavox Betterup Binary Tree BlackBerry BMC Software Boeing (CS) Brightcove Inc. VMware BT Capgemini Capita Plc Caretower Checkpoint Software Tech. Cigniti Technologies Limited Cintra CIO Crowd Cisco Cisco (Rombii) Cisco (TMP) Citrix (TMP) Citrix Systems Claranet Clear Skye CloverETL Cognizant Cognizant (Rombii) Colt Technology Services Commaxx AB Commvault Comptel Confluent ConnectWise Content Square (TMP) Contrast Security Corelight Couchbase CVENT Cylance BlackBerry Cylance Dataminr DataWatch Datto Decca Design Dell Dell Software Delphix BAE Systems Digicert Diligent Dimension Data DTN (Omo) Dynatrace Egnyte Emmes (TMP) Enigma Marketing Servics Epicor Esko Exclusive Networks Ltd Firemon Forcepoint (90) ForeScout Technologies, Inc. Forgerock Fortinet Fortinet B.V. Fortinet Germany Fortinet International INC – Dubai Fortinet Netherlands Fortinet Networks Romania SRL Fortinet Poland Fortinet Security Italy S.R.L Fortinet Security Spain S.L. Fortinet Singapore Fortinet Switzerland Fortinet Technologies India Fortinet UK Ltd - GBP Fortinet USA FullStory Fusion GBS Genetec Gigamon GitHub GXO (90) HealthComp (TMP) Hitachi HP HP APAC (Rombii) Idox Illumio Illumio Inc Immersive Labs Infinidat Infor (Parent) Infor UK Ingram Micro Intel (Parent) Interxion Intuit Intuit (TMP) IRIS Software (TMP) IriusRisk ITAS K2 Kappa Data Kaseya International Kingpin Parent Lenovo Lexmark Lidera LIGLINT LivePerson Ltd Logitech LogRhythm LogRhythm LogRhythm Lookout Lucanet Lumen Malwarebytes Malwarebytes Malwarebytes Marin Software Matrixx Software McAfee McAfee McAfee McDonald Butler Media Plan (TEST) Medidata Medidata USA Mendix Menlo Security Microsoft Microsoft Ireland Operations Ltd. Microsoft UK Microsoft US Monotype Moogsoft MSFT (TMP) Musarubra UK (McAfee UK) MYOB NanoRep Navisite New Relic (TMP) New Signature Nexthink NICE inContact Nice Systems Nintex Nordcloud Noveau NTT NTT Data NTT DATA Nutanix Nuvias Octopus EV One Identity One Identity US OneLogin Optimizely DE Optimizely NL OpusCapita AB OVH Cloud Pagerduty Palo Alto Networks PANW (TMP) Payoneer Payoneer (TMP) Percipient Pitney Bowes Planful Plume Design Pollen8 Pro-Active Business Information Ltd Proofpoint Proofpoint Australia Proofpoint Sweden Proofpoint UK PROS Publicis Sapient Publicis Sapient (TMP) Pure Storage Purechannels PWC QinetiQ Qlik (Parent) Quadient UK Quadrotech Qualys Limited Qualys US Quest Quest US Quest (TMP) Rapid7 Recorded Future Red Hat RedHat (TMP) Relay42 Reltio Resolve.io Rhipe Riverbed Technology Sage Sage Salesforce Salesforce.com (Parent) Salesforce.org SAP SAP (CS) SAP (Rombii) SAP (TMP) SEC Datacom Seequent SentinelOne Silver Peak Simms Sitecore Siteimprove Slack Technologies Slack Technologies GMBH Slack Technologies Limited (IE) Slack UK Limited Smith Cooper SolCyber Managed Security Services, Inc. Solutions for accounting Sonicwall SonicWall - EMEA - UK SonicWall Sprinklr Starlink Sy4Security a/s Talion Digicert Synapse 360 Systematika T-Mobile Tata Communications Tata Consultancy Services TCS TD Synnex France Tenable The Marketing Practice The Marketing Practice (Marketing) Thomson Reuters Thoughtspot ThoughtWorks (TMP) ThreatQuotient Trellix Trend Micro Trend Micro Trimble Inc (90) Udacity Unit4 Veeam Verizon Version1 Virgin Media O2 Business Virtual Instruments West Coast Cloud Yash YNV Group ysura GmbH Zimperium ZoomInfo ZScaler Zscaler Netherlands B.V.
Executive Summary Miercom was engaged by Zscaler to conduct independent performance testing and an assessment of key features and capabilities of the Zscaler Internet Security platform, comparing its cloud-based Zscaler Next Generation Firewall product to competing vendors that use traditional hardware and software devices. In late April 2015, Miercom tested the Zscaler Next Generation Firewall against three competitive next generation firewall (NGFW) products, all products were provided by Zscaler. The products were all evaluated using a set of security and compliance criteria combining Zscaler’s proprietary test suite and Miercom’s independent test harness. The tests focused on the...
Executive Summary Miercom was engaged by Zscaler to conduct independent performance testing and an assessment of key features and capabilities of the Zscaler Internet Security platform, comparing its cloud-based Zscaler Next Generation Firewall product to competing vendors that use traditional hardware and software devices. In late April 2015, Miercom tested the Zscaler Next Generation Firewall against three competitive next generation firewall (NGFW) products, all products were provided by Zscaler. The products were all evaluated using a set of security and compliance criteria combining Zscaler’s proprietary test suite and Miercom’s independent test harness. The tests focused on the following performance areas: ? ? Security: ability to provide protection against basic and advanced threats Compliance: ability to enforce typical data loss prevention and access policies As part of the security test section of this study, Miercom assessed malware efficacy using its own sample set. The effectiveness of each security solution was tested, and the results were combined with a Total Cost of Ownership assessment provided by Zscaler to create a map demonstrating relative value. Key Findings ? ? ? The Zscaler Next Generation Firewall exhibits a high-value, low-cost option for enterprises looking for an extra layer of security with very low deployment impact in comparison to traditional hardware-based solutions Cloud-based solutions have the advantage of scanning traffic in real-time to give global, up-to-date protection to any user at all times Zscaler performed very well against advanced malware samples, scoring 100% in blocking AETs and APTs, and 97% against active threats. Its SSL decryption provides a novel approach to detect malware sent over the internet. Based on the impressive results of our testing, we award the Miercom Performance Verified Certification to the Zscaler Next Generation Firewall, having turned in an outstanding performance in Miercom"s ongoing network security study. Robert Smithers CEO Miercom Zscaler Cloud Service Copyright © 2015 Miercom 3 DR150406D 4 December 2015 Next Generation Firewall Cyber-attacks have historically been noisy and opportunistic, focusing on server-side vulnerabilities, and traditional firewalls focused on blocking IP addresses, ports and protocols. But the world has changed. Today, attackers that once targeted enterprise servers have now realized that it is far easier to exploit client machines, thanks to weak defenses and naive users. Increasingly sophisticated cyber-threats are using more complex attack methodologies like protocol tunneling and port hopping to fool traditional firewalls. Defending against these complex attack methodologies requires a new generation of firewall that understands users and can defend against application-based attacks. More specifically, a Next Generation Firewall must be able to: ? ? ? ? ? ? ? ? Identify applications with full application context awareness Identify and block threats that try to use “known good” ports and protocols Identify and block threats that try to use evasive tactics such as non-standard ports or “port hopping” Identify and block threats that try to use SSL Identify users, groups and locations and apply policy regardless of IP address Identify and block outbound data leaks Identify and block outbound botnet command and control communications Provide global visibility and granular policy management And do all of this while delivering extremely high throughput and reliability at a reasonable cost. Zscaler Cloud Service Copyright © 2015 Miercom 4 DR150406D 4 December 2015
