CDSA

NSS Labs Announces Web Application Firewall Group Test Results

NSS Labs has announced the results of its second Web Application Firewall (WAF) Group Test. A growing segment of the security market, WAFs employ a wide range of functions to work in conjunction with perimeter firewalls and intrusion prevention system (IPS) technologies to provide protection specifically for web applications. Of the five market-leading WAF vendors whose products had results published today, four products received a Recommended rating, while one product received a Caution rating.

Websites are exposed to web-based application attacks designed to bypass data center firewalls (DCFWs) and data center intrusion prevention systems (DCIPS). WAF products protect web servers by inspecting HTTP communication for malicious content. Although WAF products can be used as transparent bridges to inspect traffic, many enterprises are utilizing WAFs as reverse proxies that sit between the user and web server, allowing inspection of encrypted traffic. The ability of WAFs to inspect encrypted traffic has become increasingly important, as at least 75% of all web traffic will be encrypted by 2019.

To validate their security effectiveness, WAF products were tested for their ability to successfully identify and protect against targeted exploits, including known vulnerabilities and coding errors. Products were also tested against the Open Web Application Source Project (OWASP) Top Ten, and false positive testing was conducted to determine whether they could support SSL encryption and identify legitimate traffic. Total cost of ownership (TCO) was calculated based on Protected Mbps to provide enterprises with insight into cost and to create a normalized comparison across products.

Key findings include:

  • Overall Security Effectiveness ranged from 92.45% to 98.11%, with four of the five tested products achieving a rating greater than 98%.
  • TCO per Protected CPS ranged from US $0.37 to US $25.01, with most tested products costing less than US$7.00 per Protected CPS.
  • The average Security Effectiveness rating was 96.98%; four devices received an above-average Security Effectiveness rating, and one received a below-average Security Effectiveness rating.
  • The average TCO per Protected CPS was US$8.21; four products were rated as having above-average value, and one was rated as having below-average value.

“In 2016, close to half of the network attacks targeting web applications came in through HTTP traffic and SSL vectors,” said Vikram Phatak, CEO at NSS Labs. “WAF devices are important lines of defense to secure critical web commerce operations and combat these attacks. The WAF Group Test results underscore the need for objective, vendor-neutral insights to help enterprises select the right solutions to strengthen their security posture.”

The five market leaders in the WAF Group Test include:

  • Citrix NetScaler Web Application Firewall (AppFirewall) MPX 5910 v11.1.51.1006
  • F5 BIG-IP 10050S Application Security Manager (ASM) v12.1.1.0.0.184
  • Fortinet FortiWeb-3000E v5.5.5
  • Radware AppWall 1008 v7.3.4
  • Symantec Blue Coat ProxySG v6.6.5.1

As with all NSS Labs Group Tests, there was no fee for participation, and the Test Methodology is available in the public domain to provide transparency and help enterprises understand the factors behind the results. The “no fee for participation” and “public domain” are part of NSS Labs commitment to provide empirical data and objective group test results that enable security organizations to make educated decisions about purchasing and optimizing security infrastructure products and services.

A free download of the Security Value Map™ (SVM) graphic can be found here. For more information, or to purchase NSS Labs Test Reports, click here. To learn more about the WAF Test Methodology and the WAF Group Test results, please click here.

  • linkedin
  • fb
  • twitter
  • google plus
  • email

TOP HEADLINES

  • Oracle’s Profits Jump 15% as Big Companies Migrate to the Cloud (Forbes)Oracle reported better-than-expected earnings in i more...

  • Cisco Introduces New ‘Intent-Based’ Access Networking Products, Services (Forbes)Cisco says the three main differentiators with the more...

  • Could Blockchain Improve Advertising Transparency? IBM’s Rangaiah Thinks So (Beet.TV)Who would ever have thought that the world’s big more...

  • The Whole Analytics Perspective on Amazon’s Whole Foods Buy (CMS Wire)With Whole Foods as a subsidiary, those cloud oper more...

  • Virtual Reality is a Disappointment? Not in the World of Video Gamers (New York Times)Before the end of this year, people will be able t more...

  • DAM Hard for Big Agency (DMN)TBWA turned to "hyperscale" enterprise content man more...

  • Verizon Takes ‘One Fiber’ to More Cities (Light Reading)Verizon's One Fiber initiative in Boston wasn't a more...

  • IBM CEO Ginni Rometty Says 80% of the World’s Data is Where the ‘Real Gold’ Is (CNBC)IBM is one of few institutional companies that are more...

  • Sen. Orrin Hatch Urges MPAA to Allow Filtering on Streaming Services (Variety)Sen. Orrin Hatch waded into the controversy around more...

  • Spotify is Testing ‘Sponsored Songs’ in Playlists (The Verge)Spotify users have noticed a new opt-out setting a more...

  • YouTube’s New L.A. Studio Will Help Creators Crank Out VR Videos (Adweek)YouTube wants to help creators make more VR video, more...

  • Twitter Chief Jack Dorsey: ‘We’re Doubling Down on Adtech’ (The Drum)Twitter’s co-founder and chief executive Jack Do more...


OUR MEMBERS