NSS Labs finds most Firewalls vulnerable to attack

Corporate networks and data are under attack more than ever, and the threats continue to change as do vendor solutions. Firewalls will continue to play a key role in layered defenses. An essential part of layered security, firewalls must be stable, fast, and easy to deploy and maintain.

During Q1 2011, NSS Labs performed the industry’s most rigorous test of leading firewall solutions. This report has been produced for our enterprise subscribers, as part of NSS Labs’ independent testing information services. Leading vendors were invited to participate fully at no cost, and NSS Labs received no vendor funding.

Disturbing findings: 5 out of 6 firewalls certified by other labs let external hackers in.
The good news is: The Palo Alto Networks firewalls passed all of NSS Labs security and stability tests and even more important - also earned the status of RECOMMENDED.

There are several important conclusions of the test:

• Palo Alto is one of only 2 recommended firewalls by NSS.  This recommendation is for a traditional network firewall test.
• Palo Alto has, by far, the most cost-effective firewall in NSS testing at $10 per protected Mbps.  The closest competitor is 80% more expensive, at $18 per protected Mbps.  The only other “Recommended” firewall was $22 per protected Mbps – more than twice the cost.
• Palo Alto Networks showed rapid response in protecting our customers. 

Initially, Palo Alto Networks was susceptible to a TCP Split Handshake evasion. When test results were posted, Palo Alto provided a work-around to protect customers.  But within a week of the test results, we posted an update with a permanent fix, and NSS had re-tested, confirming that customers are protected with this release.

Click to read the Palo Alto Networks Press Release

Click to find the complete NSS Labs Test Results