Publish Date: September 23, 2014
mplementation of next generation firewall (NGFW) solutions can be a complex process with multiple factors affecting the overall security effectiveness of the solution. These should be considered over the course of the useful life of the solution, and include:
Deployment use cases:
Will the NGFW be deployed to protect servers or desktop clients or both?
Age of operating systems and applications
Defensive capabilities in the deployment use cases (exploit block rate)
Anti-evasion capabilities (resistance to common evasion techniques)
Device stability and reliability
In order to determine the relative security effectiveness of devices on the market and facilitate accurate product comparisons, NSS Labs has developed a unique metric:
Security Effectiveness = Firewall (Firewall Policy Enforcement x Application Control x User/Group ID) x IPS (Exploit Block Rate x Evasions) x Stability and Reliability
By focusing on overall security effectiveness instead of the exploit block rate alone, NSS is able to factor in the ease with which defenses can be bypassed, as well as the reliability of the device.