CyberRatings.org publishes 2025 Enterprise Firewall test results from NSS Labs

CyberRatings.org, a non-profit organization focused on independent testing of cybersecurity products, released the findings of its most recent Enterprise Firewall evaluation. The tests were carried out by NSS Labs and cover seven prominent enterprise firewall products.

The evaluation highlights variations in security performance, with effectiveness scores ranging from approximately 46% to nearly 100%. The testing environment simulated encrypted enterprise-level workloads with thousands of exploits and malware samples, numerous evasion techniques across multiple categories, along with false-positive samples and extensive performance assessments requiring consistent operational stability.

The testing employed the Enterprise Firewall Test Methodology v3.0, assessing firewall capabilities against 3,326 exploits, 11,311 malware specimens, and 5,752 evasion techniques spanning 53 evasion categories. Performance tests totaled 55, and product stability was monitored throughout.

Among the key observations, some widely deployed firewalls allowed evasion techniques that diminished their effectiveness, with only three out of seven products achieving a classification of Recommended. Encrypted Traffic Inspection (ETI) varied, with some products showing reduced performance handling TLS/SSL sessions. Additionally, one vendor recorded a false-positive accuracy of only 80%, a factor that could influence operational decision-making regarding alert management.

Vikram Phatak, CEO of CyberRatings.org, said, “Enterprise Firewalls are constantly evolving to combat new attacker techniques and tools but sometimes that evolution takes a wrong turn. A vendor can have a near-perfect detection engine but if attackers can bypass that engine it gives them a clear path through your defenses.” NSS Labs, the official testing partner, utilized tools including Keysight's CyPerf to assess security, performance, Transport Layer Security (TLS) function, and stability of the firewalls tested.

The evaluation reports and comparative analyses are accessible on CyberRatings.org at no cost. The organizations described plans to continue supporting transparency in cybersecurity product testing.