Market Overview

NSS Labs Expands 2018 NGFW Group Test with SSL/TLS Security and Performance Test Reports

Share:

AUSTIN, Texas, July 24, 2018 (GLOBE NEWSWIRE) -- NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the release of its secure sockets layer (SSL)/transport layer security (TLS) performance test reports. The SSL performance testing was conducted during the 2018 Next Generation Firewall Group Test, announced earlier this month. With the increased use of SSL/TLS in the traffic traversing the modern network, an NGFW must be able to inspect encrypted content. 

SSL and TLS protocols are the foundation of e-commerce security, encrypting the transfer of sensitive data, verifying the authenticity of websites, and ensuring the integrity of exchanged information. Threat actors are increasingly using SSL/TLS to deliver malicious attacks. Gartner estimates that in 2017 more than half of the network attacks targeting enterprises used encrypted traffic to bypass security controls.1

According to NSS Labs research, 41.7% of enterprises deploy dedicated SSL/TLS appliances.2 Use of the SSL protocol and its current iteration, TLS is rising dramatically in response to an increasing need for online privacy. In 2016, NSS Labs found that HTTPS (SSL/TLS-encrypted) traffic grew 90% year over year and 50% of enterprise traffic was encrypted.3

With this increase in SSL/TLS traffic, enterprises are finding that the performance of their NGFWs is being impacted. The NSS Labs' 2018 SSL/TLS Performance Tests determined how 10 of the industry's leading NGFW products performed in the following key areas:

  • Cipher Functionality Confirm and validate the device under test is correctly decrypting and (if applicable) inspecting SSL/TLS traffic.
  • Performance – A performance baseline using various types of HTTP traffic is established for the device. The device is then measured with HTTPS-based real-world performance in order to establish comparative metrics for the device (with or without SSL decryption/inspection). This ensures the device is not bypassing the decryption/inspection process to demonstrate better performance.

Key Findings:

  •  Although results are not directly comparable, the following was observed when measuring product performance with SSL/TLS turned off versus with SSL/TLS turned on:
   
  • There was a 92% drop in the average connection rate of the tested products, connection degradation ranged from 84% to 99%.
  • Latency in the average application response time of the tested products increased by 672%; latency ranged from 99% to 2,910%.
  • There was a 60% drop in the average throughput of the tested products, throughput degradation ranged from 13% to 95%.
  •  Not all tested products support the top 30 cipher suites from the Alexa Top 1 Million, as of 12/31/2017
  •  Some tested products support emergent ciphers

"Encryption does not protect us from all threats and in fact can make it easier for the adversary. Enterprises must be aware of and concerned if they are not decrypting and inspecting SSL traffic from untrusted sources," said Jason Brvenik, Chief Technology Officer at NSS Labs. "The NSS Labs SSL/TLS Test Reports provide valuable insights to help enterprises plan accordingly as they upgrade and refresh their architectures to expand visibility across encrypted traffic."

 The following products were tested:

  • Barracuda Networks CloudGen Firewall F800.CCE v7.2.0
  • Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance vR80.20
  • Cisco Firepower 4120 Security Appliance v6.2.2
  • Forcepoint NGFW 2105 Appliance v6.3.3 build 19153 (Update Package: 1056)
  • Fortinet FortiGate 500E V5.6.3GA build 7858
  • Palo Alto Networks PA-5220 PAN-OS 8.1.1
  • SonicWall NSa 2650 SonicOS Enhanced 6.5.0.10-73n
  • Sophos XG Firewall 750 SFO v17 MR7
  • Versa Networks FlexVNF 16.1R1-S6
  • WatchGuard M670 v12.0.1.B562953

NSS Labs is committed to providing empirical data and objective group test results that enable organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.

Click here for more information on this test and the test methodology used or to purchase the individual test reports. 

Additional Resources: 

1. Gartner "Protecting from a Growing Attack Vector, Encrypted Attacks" March 2016
2. NSS Labs "Security Controls in the US Enteerprise: SSL/TLS Appliances" September 2017
3. NSS Labs "NSS Labs Predicts 75% of Web Traffic Will Be Encrypted by 2019" November 2016

About NSS Labs, Inc.
NSS Labs, Inc. is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. Our mission is to advance transparency and accountability within the cybersecurity industry. Our unmatched foundation in security testing, along with our extensive research and global threat analysis capabilities, provide the basis for NSS Labs' Cloud Platform for Continuous Security Validation. This cloud platform empowers enterprises with objective, empirical data and allows them to gain continuous visibility, gather actionable insights, and rationalize investments in their cyber programs. The cloud platform lets enterprises know where they stand by continuously validating the effectiveness of their security products and assessing the impact of unmitigated risks to the enterprise stack. This gives business leaders the relevant information they need to substantiate their security investments. CISOs, Chief Security Architects, SOC and Threat Analysts, and information security professionals from many of the world's largest and most demanding enterprises rely on trusted information from NSS Labs. For more information, visit www.nsslabs.com.

Contact:
Jessica Johannes
Phone: +1 512-498-7076
jjohannes@nsslabs.com  

Primary Logo

View Comments and Join the Discussion!