Miercom NGFW Security Benchmark 2024: Why It Matters for Cloud Network Security
As businesses increasingly transition to the cloud, cloud security is a top priority. Customers tell us that the greater their confidence in their cloud security, the faster they will migrate, and the more workloads they will move to the cloud. Of particular importance is cloud network security, a foundational layer of defense with broadest risk mitigation and best cost/benefit ratio.
According to CyberRatings, “Cloud network firewalls are considered to be the first line of defense when deployed in public cloud providers such as Amazon Web Services, Google Cloud Platform and Microsoft Azure.”
In this article, we’ll summarize some of the key findings of the Miercom NGFW Security Benchmark 2024, explore why the Benchmark document is so important for cloud network security and discuss how it can help organizations make the best decisions when choosing a cloud network security solution.
Security: the top priority
One of the first things I learned about Check Point’s corporate culture was “Always lead with security”. Check Point is totally committed to protecting its customers, and the most important priority is always that our customers deserve and receive the best security.
How do your current cloud security solutions measure up to this tough requirement? Often, there’s no easy way to answer this question because there are many lookalike products and many competing claims. Ultimately, you want the best security – to reduce the chance of anything getting through your defenses and compromising your data, applications, workloads, and the personally identifiable information (PII) of your employees and customers.
Check Point recently earned the highest marks in objective third-party laboratory testing of security efficacy, in comparison with four competitive solutions. (You can download the full report here.)
Additionally, not only did Check Point network security manage to catch known threats; it also works proactively and intelligently to block new, unknown, and emerging threats – including today’s most sophisticated malware and phishing attacks.
Let’s understand how Miercom tested Check Point’s network security solution, why these test results are relevant for cloud customers, and which common cloud security use cases are impacted.
What is the Miercom report?
Miercom is a leading security testing and certification lab, bringing 30 years of hands-on testing experience with network performance and security evaluations.
This report details the results of Miercom’s testing of the top five firewalls against the latest generation of cyber attacks, including new Zero+1 day malware and phishing.
During the initial hours of a zero-day attack, the attack “signature” (which can activate threat intelligence alerts or update firewalls of this attack) does not yet exist. Thus, zero-day campaigns pose the most formidable challenge within the first 24 hours after initiation. This critical period rigorously tests the security efficacy of firewalls and their AI engines. “Zero+1 day” refers to refers to previously unknown malware, within the 24 hours after their first detection.
Miercom tested the five vendors’ network security solutions in its NGFW Firewall Security Benchmark 2024: Firewall Security Efficacy Competitive Assessment Summary Lab Report, and Check Point provided the very best security in every category, including:
- 99.8% malware block rate
- 100% phishing and malicious URL prevention rate
- ultra-low 0.13% false positive detection rate
For example, the graph below shows the comparative results for Zero+1 day malware prevention.
Miercom’s testing was designed to determine the strengths and weaknesses of each NGFW solution with some of the toughest tests around:
- 90 days of continuous testing
- 500 of the most recent malicious files downloaded from VirusTotal
- Over 25 engines with verdict malicious (high probability of being valid malware)
Why is this relevant to CloudGuard Network Security?
The Miercom testing was performed on the vendors’ NGFW software; in other words the results are equally valid for physical appliances (i.e. on-premises hardware) as well as virtual appliances (i.e. public and private-cloud instances), as long as these are all using the same software.
Check Point CloudGuard Network Security uses the exact same NGFW software as Check Point’s on-premises NGFW solutions. We also made it cloud-native so it is:
- Deeply integrated with the leading public and private cloud vendors and their latest networking and security services.
- Enables Infrastructure as Code and automated deployment with Terraform, CloudFormation and other configuration management tools.
- Automatically adjusts security policies after any changes in dynamic cloud environments.
- The security gateways are highly scalable to adjust to your dynamic business needs.
Industry analysts consider cloud network security as a key foundational layer, where organizations should deploy virtual security gateways to provide advanced threat prevention, traffic inspection and micro-segmentation. For example, the GigaOm Radar for Cloud Network Security explains that “the network is the point of entry of any attacker, which means it also needs to be the first line of defense”.
In other words, if you have assets and workloads in public or private clouds, and you don’t yet have a cloud network security solution in place, now is a good time to find the best solution for your organization’s needs.
What is the value of the Miercom benchmark when considering cloud network security solutions?
Preventing cloud attacks is crucial, as a breach can lead to data loss, credential theft, ransomware incidents, and long-term vulnerabilities. Moreover, a breach erodes trust among customers, vendors, and investors. Given these substantial repercussions, choosing the best cyber security solution ranks as one of the most critical business decisions. When evaluating security offerings, organizations must be vigilant not to overlook vulnerabilities. Even a 95% block rate by a security provider could translate into hundreds or thousands of missed attacks.
Fewer attacks also result in higher efficiency of security teams. And false positives add to your security team’s workload; too many alerts can also mean legitimate warnings are overlooked.
When you’re choosing cloud-native security, you need to ensure that it meets the test of the real world – which is exactly what Miercom’s results have shown. Miercom’s tests mirrored real-world conditions, rigorously testing the five competitive solutions’ capabilities:
- Anti-virus
- Anti-malware
- Intrusion Prevention System (IPS)
- Anti-bot
- URL Filtering (URLF)
- Sandboxing
- Machine learning
If your cloud security solution can’t pass real-world tests like these, your organization may develop a false sense of security – leaving you vulnerable to actual attacks.
Summary
Do you know how your cloud network security solution compares to the industry leaders?
Miercom’s report confirms what Check Point customers already know:
- If you’re not using the best in the industry, you have more chance of being breached – and a greater chance of serious data loss if you are breached.
- CloudGuard Network Security provides peace of mind, knowing that you’re backed by Check Point’s industry-leading advanced threat prevention across all your public and private cloud environments.
- You can easily extend your on-premises security posture to the cloud and achieve efficient and consistent unified cloud security management of hybrid-clouds and on-prem networks from a single pane of glass.
Additionally, CloudGuard doesn’t just draw on Check Point’s 30 years’ experience as an industry leader. Like all of Check Point’s solutions, it is also constantly being updated to ensure that it can handle new and emerging threats – as Miercom’s results have proven.
You deserve the best cloud network security.
Download the report and discover how Check Point delivers exactly that.
Next Steps
If you are evaluating cloud network security solutions, download the Buyer’s Guide to Cloud Network Security to understand:
- The top 10 considerations when evaluating and choosing a cloud network security solution in more detail
- An overview of Check Point CloudGuard and how it answers these top 10 considerations
- The relative benefits of the solutions provided by leading cloud providers and third-party security vendors
If you are in the process of planning your migration to the cloud, please schedule a demo and a cloud security expert will help to understand your needs.
If you would like to schedule a personalized technical workshop around best practices for secure cloud migration, or CloudGuard Network Security, please fill in this form and a cloud security architect will contact you to discuss your needs and schedule next steps.
If you have any other questions, please contact your local Check Point account representative or channel partner using the contact us link.
Follow and join the conversations about Check Point and CloudGuard on X/Twitter, Facebook, LinkedIn and Instagram.