WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS

Similar documents
NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS

DATA CENTER IPS COMPARATIVE ANALYSIS

ENTERPRISE EPP COMPARATIVE REPORT

DATA CENTER IPS COMPARATIVE ANALYSIS

2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles

2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles

DATA CENTER IPS COMPARATIVE ANALYSIS

How To Create A Firewall Security Value Map (Svm) 2013 Nss Labs, Inc.

WEB APPLICATION FIREWALL PRODUCT ANALYSIS

ENTERPRISE EPP COMPARATIVE ANALYSIS

SSL Performance Problems

Evolutions in Browser Security

Breach Found. Did It Hurt?

TEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0

Internet Advertising: Is Your Browser Putting You at Risk?

Multiple Drivers For Cyber Security Insurance

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

TEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0

How To Sell Security Products To A Network Security Company

NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

BROWSER SECURITY COMPARATIVE ANALYSIS

Cloud- Based Security Is Here to Stay

TEST METHODOLOGY. Data Center Firewall. v2.0

Mobile App Containers: Product Or Feature?

TEST METHODOLOGY. Web Application Firewall. v6.2

CORPORATE AV / EPP COMPARATIVE ANALYSIS

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

ADDENDUM ThomasNet Mirrored Site Program

GENERAL TARIFF. 2) Internet Service is provided at C&W's discretion, depending on the availability of suitable facilities and equipment.

Why Is DDoS Prevention a Challenge?

The CISO s Guide to the Importance of Testing Security Devices

An Old Dog Had Better Learn Some New Tricks

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

END USER LICENSE AGREEMENT

Compatibility Matrix. VPN Authentication by BlackBerry. Version 1.7.1

Compliance in the Age of Cloud

Terms & Conditions. Introduction. The following terms and conditions govern your use of this website (VirginiaHomeRepair.com).

Copyright Sagicor Life Insurance Company. All rights reserved.

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

TEST METHODOLOGY. Network Firewall Data Center. v1.0

Income Inequality And State Tax Revenue Trends

EMBARCADERO ONLINE PRODUCT CERTIFICATION AGREEMENT

Dell Statistica. Statistica Document Management System (SDMS) Requirements

BlackBerry Business Cloud Services. Version: Release Notes

Business User Agreement

Sukuk Liquidity Trends

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

AGREEMENT BETWEEN USER AND Global Clinical Research Management, Inc.

RELOCATEYOURSELF.COM B.V - TERMS OF USE OF SERVICES

Application to access Chesters Trade

Terms & Conditions Template

ASYMMETRIC DIGITAL SUBSCRIBER LINE INTERNET ACCESS TERMS

Bank Independent Online Financial Management Addendum

The Credit Control, LLC Web Site is comprised of various Web pages operated by Credit Control, LLC.

TERMS & CONDITIONS: LIMITED LICENSE:

Securing Amazon It s a Jungle Out There

Covered California. Terms and Conditions of Use

BlackBerry Professional Software For Microsoft Exchange Compatibility Matrix January 30, 2009

Security Analytics Engine 1.0. Help Desk User Guide

E-Sign Disclosure & E-Statements Terms and Conditions

Spotlight Management Pack for SCOM

TERMS AND CONDITIONS

TEST METHODOLOGY. Endpoint Protection Evasion and Exploit. v4.0

Best Practices for Log File Management (Compliance, Security, Troubleshooting)

Provider secure web portal & Member Care Information portal Registration Form

Software- Defined Networking: Beyond The Hype, And A Dose Of Reality

Laddering a Portfolio of Municipal Bonds

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

AN INSIDE LOOK AT S&P MILA 40

Automated Benchmarking Service Supporting data transfer to the EPA Portfolio Manager system

PointCentral Subscription Agreement v.9.2

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

MBIA U.K. Insurance Ltd.

Release Notes. BlackBerry Web Services. Version 12.1

AGREEMENT BETWEEN USER AND International Network of Spinal Cord Injury Nurses

Dell InTrust Preparing for Auditing CheckPoint Firewall

Interactive Brokers LLC

A Closer Look at Interest Rate Floors

ZIMPERIUM, INC. END USER LICENSE TERMS

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

BlackBerry Enterprise Server Express. Version: 5.0 Service Pack: 4. Update Guide

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

UK Vendor Website - Terms of Use Agreement

Evaluating Insurers Enterprise Risk Management Practice

By the Citrix Publications Department. Citrix Systems, Inc.

TERMS OF USE. Last Updated: October 8, 2015

TRIAL AGREEMENT FOR QUALIANCE

Guide to the Dow Jones Corporate Bond Index

Online Study Affiliate Marketing Agreement

Card Account means your Card account that is in relation to your Visa Wallet maintained and operated by Tune Money Sdn Bhd.

Hamilton.net User Agreement Revised August 31, Acceptance of Terms Through Use

APP SOFTWARE LICENSE AGREEMENT

Terms and Conditions- OnAER Remote Monitoring Service

End User License Agreement Easygenerator

GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE

Work Space Manager for BES _449

GlaxoSmithKline Single Sign On Portal for ClearView and Campaign Tracker - Terms of Use

Contents Notice to Users

Transcription:

WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda Networks Web Application Firewall 960 Citrix NetScaler AppFirewall MPX 11520 Fortinet FortiWeb 1000D F5 Big-IP ASM 10200 Imperva SecureSphere x6500 Sangfor M5900-F-I Environment Web Application Firewall: Test Methodology v6.2

Overview Empirical data from individual Product Analysis Reports (PARs) and Comparative Analysis Reports (CARs) is used to create the unique Security Value Map (SVM). The SVM illustrates the relative value of security investment options by mapping security effectiveness and value (TCO per protected - connections per second (CPS)) of tested product configurations. The SVM provides an aggregated view of the detailed findings from NSS Labs group tests. Individual PARs are available for every product tested. CARs provide detailed comparisons across all tested products in the areas of: Security Performance Total cost of ownership (TCO) Figure 1 NSS Labs Security Value Map (SVM) for Web Application Firewall (WAF) 2

Key Findings Overall security effectiveness varied between 96.11% and 99.97%, with 5 of the 6 tested products achieving greater than 99.75%. TCO per protected-cps varied from US $1.93 to US $15.85, with most tested devices costing below US $5.00 per protected-cps. Average value (TCO per protected-cps) was US $5.15 5 devices were rated as above average value and 1 were below average. NSS-tested capacity ranged from 12,640 CPS to 76,616 CPS. Product Rating The overall rating in figure 2 is determined based on which SVM quadrant the product falls within Recommended (top right), Neutral (top left or bottom right), or Caution (bottom left). For more information on how the SVM is constructed, please see the How to Read the SVM section in this document. Product Security Effectiveness Value (TCO per Protected-CPS) Overall Rating Barracuda Networks Web Application Firewall 960 99.97% $4.88 Recommended Citrix NetScaler AppFirewall MPX 11520 99.77% $1.93 Recommended Fortinet FortiWeb 1000D 99.85% $2.77 Recommended F5 Big-IP ASM 10200 99.89% $3.38 Recommended Imperva SecureSphere x6500 99.82% $15.85 Neutral Sangfor M5900-F-I 96.11% $2.07 Recommended Figure 2 NSS Labs Recommendations for Web Application Firewall (WAF) The NSS Labs WAF group test reveals that many solutions in the marketplace are reasonably effective at their roles, though there are degrees of efficacy. In the SVM for WAF, each vendor is represented by two dots. The upper dot reflects the product s optimum security configuration and capability when properly tuned and deployed for the environment and applications. The lower is when protections are disabled in order to eliminate falsepositives, which reduces the effective security of the device. This report is part of a series of CARs on security, performance, TCO and SVM. In addition, NSS clients have access to an SVM Toolkit that allows for the incorporation of organization-specific costs and requirements to create a completely customized SVM. For more information, please visit http://www.nsslabs.com. 3

Table of Contents: Overview... 2 Key Findings... 3 Product Rating... 3 How to Read the SVM... 5 The x-axis... 5 The y-axis... 5 Analysis... 7 Recommended... 7 Citrix NetScaler AppFirewall MPX 11520... 7 Fortinet FortiWeb 1000D... 7 Barracuda Networks Web Application Firewall 960... 8 Sangfor M5900-F-I... 8 Neutral... 9 Imperva SecureSphere x6500... 9 Caution... 9 Test Methodology... 10 Contact Information... 10 Table of Figures Figure 1 NSS Labs Security Value Map (SVM) for Web Application Firewall (WAF)... 2 Figure 2 NSS Labs Recommendations for Web Application Firewall (WAF)... 3 Figure 3 Example SVM... 5 4

How to Read the SVM The SVM depicts the value of a typical deployment of four (4) devices plus one (1) central management unit (and where necessary, a log aggregation, and/or event management unit), to provide a more accurate reflection of cost than if only a single WAF device were depicted. An example SVM is shown in figure 3. Figure 3 Example SVM The x-axis charts the TCO per protected-cps, a metric that incorporates the 3-Year TCO with the NSS-tested capacity to provide a data point by which to compare the actual value of each product tested. The terms TCO per protected-cps and value are used interchangeably throughout this report and throughout the CARs. The y-axis charts the security effectiveness as determined in the security effectiveness tests. Devices that are missing critical security capabilities will have a reduced score on this axis. 5

Mapping the data points against the security effectiveness and TCO per protected-cps results in four quadrants on the SVM. Products that map farther up and to the right are recommended. The upper-right quadrant contains those products that are in the Recommended category for both security effectiveness and TCO per protected-cps. These products provide a high level of detection and value for money. Products that map farther down and to the left should be used with caution. The lower left quadrant would comprise the Caution category; these products offer limited value for money given the 3-year TCO and measured security effectiveness rating. The remaining two quadrants comprise the Neutral category. Products that fall into this category may still be worthy of a place on an organization s short list based on its specific requirements. For example, products in the upper-left quadrant score as above average for security effectiveness, but below average for value (TCO per protected-cps). These products would be suitable for environments requiring a high level of detection, albeit at a higher than average cost. Conversely, products in the lower-right quadrant score as below average for security effectiveness, but above average for value (TCO per protected-cps). These products would be suitable for environments where budget is paramount, and a slightly lower level of detection is acceptable in exchange for a lower TCO.. In all cases, the SVM should only be a starting point. NSS clients have access to the SVM Toolkit, which allows for the incorporation of organization-specific costs and requirements to create a completely customized SVM. Furthermore, the option is available to schedule an inquiry with NSS analysts. 6

Analysis Analysis is divided into three categories based on the position of each product in the SVM: Recommended, Neutral, and Caution. Each of the tested products will fall into only one category, and vendors are listed alphabetically within each section. Recommended Citrix NetScaler AppFirewall MPX 11520 Key Findings: Using a tuned policy, the Citrix NetScaler AppFirewall MPX 11520 blocked 99.77% of WAF attacks. The NetScaler AppFirewall MPX 11520 presented a 0.349% false positive rate. The NetScaler AppFirewall MPX 11520 is rated by NSS at 46,282 connections per second (CPS), which is higher than the vendor-claimed performance. This is a minimum rating using one transaction per connection. Citrix rates this device at 6.5 Gbps, which would be 32,500 CPS at 21KB object size. NSS-tested capacity is an average of all of the HTTP response-based capacity tests. Fortinet FortiWeb 1000D Key Findings: Using a tuned policy, the Fortinet FortiWeb 1000D blocked 99.85% of WAF attacks. The FortiWeb 1000D presented a 0.366% false positive rate. The FortiWeb 1000D is rated by NSS at 15,865 connections per second (CPS), which is higher the vendorclaimed performance. This is a minimum rating using one transaction per connection. Fortinet rates this device at 750 Mbps, which would be 3,750 CPS at 21KB object size. NSS-tested capacity is an average of all of the HTTP response-based capacity tests. 7

F5 Big-IP ASM 10200 Key Findings: Using a tuned policy, the F5 Big-IP ASM 10200 blocked 99.21% of WAF attacks. The Big-IP ASM 10200 presented a 0.124% false positive rate The Big-IP ASM 10200 is rated by NSS at 36,130 connections per second (CPS), which is in line with the vendorclaimed performance. This is a minimum rating using one transaction per connection. F5 rates this device at 35,000 CPS. NSS-tested capacity is an average of all of the HTTP response-based capacity tests. Barracuda Networks Web Application Firewall 960 Key Findings: Using a tuned policy, the Barracuda Networks Web Application Firewall 960 blocked 99.97% of WAF attacks. The Web Application Firewall 960 presented a 0.715% false positive rate. The Web Application Firewall 960 is rated by NSS at 12,640 connections per second (CPS), which is lower than the vendor-claimed performance. This is a minimum rating using one transaction per connection. Barracuda Networks rates this device at 4Gbps, which would be 20,000 CPS at 21KB object size. NSS-tested capacity is an average of all of the HTTP response-based capacity tests. Sangfor M5900-F-I Key Findings: Using a tuned policy, the Sangfor M5900-F-I blocked 96.11% of WAF attacks. The M5900-F-I presented a 1.174% false positive rate. The M5900-F-I is rated by NSS at 76,616 connections per second (CPS), which is higher than the vendorclaimed performance. This is a minimum rating using one transaction per connection. Sangfor rates this device at 5 Gbps, which would be 25,000 CPS at 21KB object size. NSS-tested capacity is an average of all of the HTTP response-based capacity tests. 8

Neutral Imperva SecureSphere x6500 Using a tuned policy, the SecureSphere x6500 blocked 99.82% of WAF attacks. The SecureSphere x6500 presented a 0.110% false positive rate. The SecureSphere x6500 is rated by NSS at 13,385 connections per second (CPS), which is higher than the vendor-claimed performance. This is a minimum rating using one transaction per connection. Imperva rates this device at 2.0 Gbps, which would be 10,000 CPS at 21KB object size. NSS-tested capacity is an average of all of the HTTP response-based capacity tests. Caution No product received a caution rating for this group test. 9

Test Methodology Web Application Firewall: v6.2 A copy of the test methodology is available on the NSS Labs website at www.nsslabs.com Contact Information NSS Labs, Inc. 206 Wild Basin Rd Buliding A, Suite 200 Austin, TX 78746 info@nsslabs.com www.nsslabs.com This and other related documents available at: www.nsslabs.com. To receive a licensed copy or report misuse, please contact NSS Labs. 2014 NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, copied/scanned, stored on a retrieval system, e-mailed or otherwise disseminated or transmitted without the express written consent of NSS Labs, Inc. ( us or we ). Please read the disclaimer in this box because it contains important information that binds you. If you do not agree to these conditions, you should not read the rest of this report but should instead return the report immediately to us. You or your means the person who accesses this report and any entity on whose behalf he/she has obtained this report. 1. The information in this report is subject to change by us without notice, and we disclaim any obligation to update it. 2. The information in this report is believed by us to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at your sole risk. We are not liable or responsible for any damages, losses, or expenses of any nature whatsoever arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY US. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, ARE HEREBY DISCLAIMED AND EXCLUDED BY US. IN NO EVENT SHALL WE BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and/or software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet your expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information