CyberRatings.org Publishes Security Service Edge (SSE) "Mini-Test" Results Designed to Answer One Question: Are They Secure by Default?

News provided by

Oct 03, 2024, 09:00 ET

AUSTIN, Texas, Oct. 3, 2024 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has published its first "Mini-Test." This Mini-Test for Security Service Edge (SSE) products was focused on answering the question, "How secure are users if they rely on the vendors' default configurations?" Tests showed four SSE products blocked between 89.90% to 96.74% of malware downloads, but three failed to block any malware at all (i.e. 0%).

"For products whose default configurations offered 0% protection, we made minor configuration changes to determine how much the protection could improve," said Vikram Phatak, CEO of CyberRatings.org. "With those changes, we were able to achieve over 90% block rate on average. For products that offered effective defaults, no further adjustments were made."

Research indicates that most customers expect cybersecurity vendors to ship with a high level of protection enabled by default. CISA states: "Secure-by-Default" means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure-by-Default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls."

SSE solutions are a subset of Secure Access Service Edge (SASE) that focus primarily on security services delivered through the cloud. SSE encompasses critical security functions such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), and Zero Trust Network Access (ZTNA), which work together to protect users, devices, and applications across distributed networks. SSE solutions improve flexibility and scalability, enabling enterprises to enforce security policies regardless of user location or device. SSE is particularly beneficial for organizations with a remote or hybrid workforce, as it provides consistent protection against threats, controls access to cloud services and ensures data security without relying on traditional network boundaries.

While some SSEs offer moderate malware protection by default, others do not. End-users should verify the security level their organizations require and assess whether the vendor's default configuration meets their needs. If it does not, it is advisable to implement the vendor's recommended configurations for an optimized solution. It should not be assumed that any vendor solution will be secure by default.

Key Findings:

The level of security offered by default varies greatly across SSE vendors. Three out of seven SSE vendors tested offered no security by default.
In some cases, minor changes from a vendor's supplied default configuration dramatically improved the security posture of an SSE solution. We observed improvements in malware blocking from 0% to >90% on average.
SSE customers should not assume any level of security by default without verification.
SSE customers should understand where the SSE they use stands by default, and whether that default offers the required level of security for their environment.
SSE customers should be aware of the potential default options and their implications during any guided setup offered, which may not provide the required level of security. This can be a risk when leveraging non-technical staff for initial setup and configuration.

SSE "Mini-Test" Results:

SSE Vendor	Malware Downloads Blocked (Higher is Better)	False Positives (Lower is Better)	Sandboxing Included in License / Enabled
Checkpoint (default)	0.00 %	0.00 %	No / No
Checkpoint (non-default)	89.96 %	0.00 %	No / No
Cisco (default)	0.00 %	0.00 %	Yes / No
Cisco (non-default)	100.00 %	0.13 %	Yes / Yes
Cloudflare (default)	95.27 %	5.70 %	Unknown
Fortinet (default)	89.90 %	0.00 %	No / No
Skyhigh (default)	91.53 %	0.66 %	Unknown
Versa (default)	0.00 %	0.00 %	No / No
Versa (non-default)	83.86 %	0.93 %	No / No
Zscaler (default)	96.74 %	0.00 %	Yes / Yes

Further details can be found in the free report at CyberRatings.org.

Keysight provides technology and support for CyberRatings testing programs.

About CyberRatings.org

CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member, visit www.cyberratings.org and follow us on LinkedIn.

SOURCE  CyberRatings.org