CyberRatings.org, a non-profit organization based in Austin, Texas, recently conducted an independent “Mini-Test” focusing on the security effectiveness of Cloud Service Provider (CSP) Native Firewalls from major players like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). The results of the test revealed a varying range of security effectiveness, from as low as 0.38% to a high of 50.57%.
In today’s increasingly cloud-centric business environment, organizations often find themselves at a crossroads when it comes to choosing the right security solution for their cloud infrastructure. They have the option to either rely on firewalls directly provided by Cloud Service Providers or opt for independent security vendor offerings available through the respective CSP’s marketplace. The key factor in this decision-making process is the security effectiveness of the chosen firewall solution, as it directly impacts the organization’s ability to defend against cyber threats.
The CyberRatings.org test involved putting CSP firewalls to the test against 522 different exploits using Keysight’s CyPerf v5.0 software testing platform. The purpose of this test was to provide an evidence-based assessment of how well these native solutions could withstand real-world security threats. Only known Common Vulnerabilities and Exposures (CVEs) from the past decade with a severity level of medium or higher were used to evaluate security effectiveness, usability, and overall protection. The types of exploits targeted servers, making them particularly relevant to cloud workload deployments.
Vikram Phatak, the CEO of CyberRatings.org, emphasized that this test was intentionally designed to be entry-level, focusing on straightforward exploits without employing any evasions commonly used by attackers to bypass security measures. The results of the test raised concerns regarding the number of missed exploits by the native cloud firewalls. Until these solutions can demonstrate a higher level of security effectiveness in thwarting cyber threats, the organization recommends that customers consider third-party providers with a proven track record in the cybersecurity space.
This initial test is just the first part of a two-part evaluation. The upcoming second part will involve a higher number of exploits, including evasions and malware, to provide a more comprehensive assessment. Additionally, the second phase of the test will compare the security capabilities of cloud service provider native solutions against those of leading third-party cloud network firewall providers.
Enterprises interested in replicating the test results can do so with a 2-week free trial of Keysight’s CyPerf v5.0 software testing platform. Further details and information about the strike library used in the testing process can be accessed on Keysight’s website.
The detailed test report, along with the findings and recommendations from CyberRatings.org, is available for free on their official website.
CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through their research and testing programs. Their mission is to offer enterprises independent, objective ratings of security product efficacy to help them make informed decisions. For more information about CyberRatings.org and how to become a member, visit their website and follow them on LinkedIn.
In conclusion, the recent Mini-Test conducted by CyberRatings.org sheds light on the varying levels of security effectiveness among Cloud Service Provider Native Firewalls. It underscores the importance of thorough testing and evaluation when selecting cybersecurity solutions for cloud infrastructure, encouraging businesses to prioritize security efficacy in their decision-making process.