Oct 3, 2024 SOURCE: PR NewsWire

CyberRatings.org Publishes Security Service Edge (SSE) "Mini-Test" Results Designed to Answer One Question: Are They Secure by Default?

AUSTIN, Texas, Oct. 3, 2024 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has published its first "Mini-Test." This Mini-Test for Security Service Edge (SSE) products was focused on answering the question, "How secure are users if they rely on the vendors' default configurations?" Tests showed four SSE products blocked between 89.90% to 96.74% of malware downloads, but three failed to block any malware at all (i.e. 0%).

"For products whose default configurations offered 0% protection, we made minor configuration changes to determine how much the protection could improve," said Vikram Phatak, CEO of CyberRatings.org. "With those changes, we were able to achieve over 90% block rate on average. For products that offered effective defaults, no further adjustments were made."

Research indicates that most customers expect cybersecurity vendors to ship with a high level of protection enabled by default. CISA states: "Secure-by-Default" means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure-by-Default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls."

SSE solutions are a subset of Secure Access Service Edge (SASE) that focus primarily on security services delivered through the cloud. SSE encompasses critical security functions such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), and Zero Trust Network Access (ZTNA), which work together to protect users, devices, and applications across distributed networks. SSE solutions improve flexibility and scalability, enabling enterprises to enforce security policies regardless of user location or device. SSE is particularly beneficial for organizations with a remote or hybrid workforce, as it provides consistent protection against threats, controls access to cloud services and ensures data security without relying on traditional network boundaries.

While some SSEs offer moderate malware protection by default, others do not. End-users should verify the security level their organizations require and assess whether the vendor's default configuration meets their needs. If it does not, it is advisable to implement the vendor's recommended configurations for an optimized solution. It should not be assumed that any vendor solution will be secure by default.

Key Findings:

    --  The level of security offered by default varies greatly across SSE
        vendors. Three out of seven SSE vendors tested offered no security by
        default.
    --  In some cases, minor changes from a vendor's supplied default
        configuration dramatically improved the security posture of an SSE
        solution. We observed improvements in malware blocking from 0% to >90%
        on average.
    --  SSE customers should not assume any level of security by default without
        verification.
    --  SSE customers should understand where the SSE they use stands by
        default, and whether that default offers the required level of security
        for their environment.
    --  SSE customers should be aware of the potential default options and their
        implications during any guided setup offered, which may not provide the
        required level of security. This can be a risk when leveraging
        non-technical staff for initial setup and configuration.

SSE "Mini-Test" Results:



     
              SSE Vendor                     Malware Downloads       False Positives           Sandboxing Included
                                      
              Blocked          (Lower is                 in License /
                                                                   Better)                     Enabled
                                      (Higher is Better)


                 Checkpoint (default)                      0.00 %                0.00 %   
            No / No



     Checkpoint (non-default)                            89.96 %                0.00 %   
            No / No



     
              Cisco (default)                           0.00 %                0.00 %  
            Yes / No



     Cisco (non-default)                                100.00 %                0.13 % 
            Yes / Yes



     Cloudflare (default)                                95.27 %                5.70 %   
            Unknown



     Fortinet (default)                                  89.90 %                0.00 %   
            No / No



     Skyhigh (default)                                   91.53 %                0.66 %   
            Unknown



     
              Versa (default)                           0.00 %                0.00 %   
            No / No



     Versa (non-default)                                 83.86 %                0.93 %   
            No / No



     Zscaler (default)                                   96.74 %                0.00 % 
            Yes / Yes

Further details can be found in the free report at CyberRatings.org.

Keysight provides technology and support for CyberRatings testing programs.

About CyberRatings.org

CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member,?visit?www.cyberratings.org and follow us on LinkedIn.

View original content to download multimedia:https://www.prnewswire.com/news-releases/cyberratingsorg-publishes-security-service-edge-sse-mini-test-results-designed-to-answer-one-question-are-they-secure-by-default-302266757.html

SOURCE CyberRatings.org

CYBERRATINGS.ORG

Related News

CyberRatings.org Announces 2021 Enterprise Firewall Product Ratings

CyberRatings.org Announces 2021 SD-WAN Product Ratings

CyberRatings.org Announces its 2021 Ratings Chart for Enterprise Firewall + SSL/TLS

Ian Foo joins CyberRatings as Chief Technology Officer and EVP of Product.

CyberRatings.org Announces SD-WAN Test Results for Forcepoint and Versa Networks

CyberRatings.org Announces Test Results for VMware VeloCloud SD-WAN by Broadcom

Versa Security Service Edge (SSE) and Versa Zero Trust Network Access (ZTNA) Earn "AAA" ratings in CyberRatings.org Tests

CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls

View all News

Latest Procurements

Deadline: Jun 26, 2025

Procurement Of Spares For Rafale Aircraft

648. 30-Apr-2025 05:00 PM 26-Jun-2025 03:00 PM 03-Jul-2025 03:00 PM PROCUREMENT OF SPARES FOR RAFALE AIRCRAFT/AIR HQ/DPROC/25-26/W25012/PUR/2025_IAF_705992_1 Indian Air Force -- Organisation Details : Organisation Name :...

Deadline: May 9, 2025

Net Camouflage Shrimp Type (Defence) (Q2) Quantity: 49

BID NO: GEM/2025/B/6181868 View Corrigendum/RepresentationItems: Net Camouflage Shrimp Type (De...Quantity: 49Department Name And Address: Ministry of DefenceDepartment of Military AffairsStart Date: 30-04-2025 5:43 PMEnd Date: 09-05-2025 9:00 AM

Deadline: May 7, 2025

Rifled Stellite Liner For 12.7Mm Machine Gun As Per Specification No.

322. 01-May-2025 05:00 PM 07-May-2025 02:00 PM 08-May-2025 02:30 PM Rifled Stellite Liner for 12.7mm Machine Gun As per Specification No./ARDE/26ATT001/CMS-III/2025_DRDO_706149_1 Department of Defence Research and Development -- ...

View all Procurementsp