Three products are Recommended. One product in Caution. 

AUSTIN, Texas – November 12, 2019 – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the results of its third annual  Data Center Security Gateway (DCSG) Group Test. Four of the industry’s leading data center deep inspection firewall products were tested to compare product capabilities for security effectiveness (exploit block rate, evasion techniques, and stability & reliability), total cost of ownership (TCO), and performance:

  • Cisco FirePOWER 4110 v6.4.0.4
  • Fortinet FortiGate 6300F V6.0.4 build8262 (GA)
  • Juniper Networks SRX5400 JUNOS 18.2X30.1 Kernel 64-bit JNPR-11.0-20190316.df99236
  • Palo Alto Networks PA-5250 9.0.3-h2

Key Findings

  • Juniper is back. The company is reasserting itself in the data center with a strong showing and should be on everyone’s short list.
  • Once again, Fortinet and Palo Alto Networks provided excellent protection.
  • Cisco provided poor security, and performance well below claims, therefore receiving a Caution. In addition to sub-standard exploit protection, NSS Labs test engineers were able to evade defenses using a well known evasion.
  • Testing revealed that vendors systematically overstated performance, sometimes dramatically.
  • The type of network traffic matters. Performance is largely dependent on connection rates and packet size.

Implementation of DCSG devices can be a complex process with multiple factors affecting overall security effectiveness. Considerations for deployment should include:

  • What server operating systems and applications are to be protected?
  • What are peak performance requirements?
  • Can the security product be bypassed using common evasion techniques?
  • How reliable and stable is the device?

NSS Labs is committed to providing empirical data and objective group test results that help organizations make educated decisions about purchasing and optimizing security products and services. We believe if a product is good enough to sell, it is good enough to test. If you do not see a product you’re interested in, ask the vendors where their results are and encourage participation. As with all NSS Labs group tests, there is no fee for participation.