CyberRatings.org Releases Test Findings on Leading Cybersecurity Products
In a notable advancement for cybersecurity assessment, CyberRatings.org, a prominent non-profit organization, has published the results of its recent evaluations focusing on two industry leaders—Cisco Umbrella and Palo Alto Networks Prisma Access. This independent assessment aims to provide organizations with a clearer understanding of how these platforms perform in the realm of Security Service Edge (SSE) protections, particularly against evolving threat landscapes.
Overview of the Evaluation
The latest test results reveal a stark contrast in the efficacy of the two solutions. Palo Alto Networks Prisma Access achieved an impressive Security Effectiveness score of
98.89%, managing to thwart every evasive attack presented during the assessment. Conversely, Cisco Umbrella scored only
12.44%, primarily struggling with intricate evasive threats that highlighted critical gaps in its defense mechanisms.
These findings emphasize the essential nature of reliable threat detection, where missing even one type of evasion can expose organizations to numerous undetected malware or exploit categories. Vikram Phatak, the CEO of CyberRatings.org, asserted, "Missing just one type of evasion allows attackers to utilize entire categories of malware or exploits undetected,” underscoring the gravity of comprehensive security measures.
Deep Dive into Testing Methodology
The evaluation focused on multiple aspects of threat protection, including:
- - TLS/SSL Top 5 Ciphers: This examined the most common cryptographic protocols that account for about 97% of HTTPS traffic.
- - Malware Samples: A total of 6,184 attack samples representing current malware campaigns were tested.
- - Exploitation Samples: 205 attack samples sourced from widely exploited vulnerabilities in enterprise systems were included.
- - Evasion Techniques: The assessment tested 1,154 attacks utilizing 37 distinct evasion strategies.
- - False Positives: 1,514 samples from critical business files ensured that security protocols did not interfere with legitimate operations.
Adjustments in threat perception are imperative as attackers constantly refine their methodologies, employing evasion techniques to conceal attacks. SSE products must withstand these tactics to maintain their integrity; otherwise, companies remain vulnerable to an array of unseen threats.
The Importance of Independent Testing
Phatak elaborated on the complexity of SSE technologies, highlighting that they operate within a multi-layered architecture built atop intricate and rapidly evolving cloud frameworks. The limited visibility that customers have into their operational dynamics complicates performance diagnosis and policy effectiveness validation. He describes these systems metaphorically as
"black boxes within black boxes,” where organizations are compelled to rely on trusting vendors rather than evaluating evidence.
This makes the role of independent testing vital. CyberRatings.org is committed to providing empirical data that can steer executive decision-making and risk assessment regarding cybersecurity investments. With current tests revealing varying levels of effectiveness, organizations must consider these evaluations when determining their cybersecurity strategies.
Future Directions
Looking ahead, CyberRatings.org is preparing to assess additional SSE vendors regarding Threat Protection, with a comparative report expected to be released during the summer. The organization is utilizing advanced testing technologies, including Keysight's CyPerf and TeraPackets' Threat Replayer tool, to enhance the robustness of these evaluations.
Conclusion
In conclusion, as cybersecurity threats become more sophisticated, tools like CyberRatings.org play a crucial role in empowering organizations with the information they need to make informed decisions about their security solutions. The recent comparisons between Cisco Umbrella and Palo Alto Networks Prisma Access highlight the essential need for effective threat detection and the importance of independent assessments in navigating today's complex security landscape. For more details, comprehensive reports are accessible at
cyberratings.org.