Cloud-native firewalls offered by major service providers performed significantly worse in vulnerability testing compared to third-party firewalls when targeted with advanced attack methods, according to the latest results from nonprofit assessment firm CyberRatings.org.
“Best-of-suite (native) solutions need significant improvement compared to best-of-breed (third party) cloud network firewalls,” CyberRatings says in an April 2 report detailing takeaways from testing conducted on 10 firewall solutions.
The latest testing results build on a November 2024 report that detailed the “first phase” of cloud-native firewall evaluation from the nonprofit and revealed shortcomings in firewall solutions native to Google, Amazon Web Services and Microsoft cloud offerings.
The new report is more extensive and goes into how some firewalls fail to protect against “evasion” techniques that hackers use to conceal their activities.
The report says, “Cybersecurity testing that ignores evasion techniques can misrepresent security effectiveness, as products may remain vulnerable to attacks that bypass standard detection.”
Evasions can be used to “disguise or manipulate malicious network traffic, enabling threats to slip past firewall defenses unnoticed,” according to an April 1 blog post from the nonprofit.
CyberRatings says in a release, “In the Cloud Service Provider Native Firewall test from November 2024 only 522 exploits were used in the Part 1 ‘Mini-Test’, but not evasions. For this round of testing, a greater number of exploits were deployed, and evasions were introduced to the test samples.”
The report finds, “Native cloud firewalls,” including those provided by AWS, Google Cloud Platform and Microsoft Azure, “offer a convenient alternative but failed to deliver security effectiveness, scoring 0% in this test.”
To evaluate the firewall offerings, CyberRatings tested the security solutions against “2,028 attack samples from widely exploited vulnerabilities in enterprise environments,” as well as “2,500 attacks spanning 27 evasion techniques tested across multiple network layers to bypass firewall defenses.”
The cloud service giants had low security rating due to their ineffectiveness at “blocking exploits and evasions,” according to CyberRatings. The report notes, “While GCP offers a high exploit block rate of 96.60%, it failed to block several critical evasions, lowering its security effectiveness.”
The Google, AWS and Microsoft Azure solutions specifically “failed to address [Open Systems Interconnection] layer 3 to layer 7 evasion tactics, allowing attacks to bypass existing defenses,” the report says. Cisco’s firewall also failed to block these tactics, according to the report.
“Cisco’s high costs, low throughput, and below average security effectiveness means customers pay a premium for a lower performing product,” the report says.
CyberRatings suggests organizations using any of the low-performing products as a “primary” tool for security “[c]onsider switching to a more secure alternative.”
Meanwhile, the report says, “Third-party firewalls from Check Point, Fortinet, Juniper Networks, Palo Alto Networks, and Versa Networks demonstrated the highest security effectiveness, making them the most reliable options for blocking exploits and evasion tactics.”
The report also dives deeper into each solution’s ability to provide secure routing and access control, encryption, traffic capacity and the rate at which legitimate network traffic was erroneously disallowed, in order to allow organizations “to make informed decisions when selecting a cloud network firewall for modern enterprise environments.” -- Jacob Livesay (jlivesay@iwpnews.com)