CyberRatings, the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent “Mini-Test” of Cloud Service Provider (CSP) Native Firewalls from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Security effectiveness protection ranged from 0.38% to 50.57%.
Cyber Technology Insights: Spectro Cloud, HPE Launch “Edge in a Box” for Kubernetes
In today’s cloud-centric environment, businesses often face a critical choice regarding the security of their cloud infrastructure. They can rely on firewalls offered directly by Cloud Service Providers (CSPs) or use independent security vendor firewall offerings typically available through the respective CSP’s marketplace. Security effectiveness is a crucial factor in selecting the right firewall solution, as it directly impacts the organization’s ability to protect against cyber threats.
The CSP firewalls were tested against 522 exploits using Keysight’s CyPerf v5.0 software testing platform, offering an evidence-based look at how well these native solutions withstand real-world security threats. Only known Common Vulnerabilities and Exposures (CVEs) from the last ten years with a severity of medium or higher were used to assess security effectiveness, usability, and protection. The exploit (CVE) types targeted servers and are typically relevant to cloud workload deployments.
Mini-Test Results:
| Exploit Testing | AWS Network Firewall | Microsoft Azure Firewall Premium | Google Cloud NGFW Enterprise Firewall |
| Number of Exploits | 522 | 522 | 522 |
| Number of Blocked Exploits | 2 | 126 | 264 |
| Number of Missed Exploits | 520 | 396 | 258 |
| Exploit Block Rate | 0.38 % | 24.14 % | 50.57 % |
“This was designed to be an entry level test,” said Vikram Phatak, CEO of CyberRatings.org. “The exploits were straightforward; we didn’t apply any evasions which is normally how attackers bypass security products. The number of missed exploits is concerning. Until cloud native firewalls demonstrate they have a higher level of security effectiveness to protect against cyber threats, we strongly recommend that customers consider third-party providers with a proven track record.”
This test is part one of a two-part test. Part two will include a higher number of exploits, along with evasions and malware. The second part of the test will also compare cloud service provider native solutions against market leading third-party cloud network firewall providers.
Cyber Technology Insights: Most Targeted: Hacker Focus on American Company Profile
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com
Source – Prnewswire
