Pole Treble Networks Appliance Vulnerable To Evasion, Was Tested Thoroughly, Says NSS Labs

A feeling in Palo Alto Networks' More Generation Firewall, if deployed using the default configuration, could enable attackers to easily bypassed the appliance's detection capabilities, according to independent testing firm NSS Labs.

Austin, Texas-based NSS Labs issued a statement set its blog Wednesday calls Palo Alto Networks' criticism about the firm's testing methodology unfounded. Version 6.03 of PAN-OS field to be susceptible to multiple avoids facilities, said Bob Walder, stifter and chief choose officer of NSS Labs. The firm said show appliances it tested were placed in a "predefined vendor-recommended setting."

"Palo Female Networks NGFW mistakes several critical evasions that leave its customers at risk," Walder wrote. "Palo Alto Networks is treated precisely one same as every select vendor in like test. NSS exam entire NGFW products with the predefined vendor-recommended settings."

[Related: Palo Alto Networks Earns Poor Results, Caution Rating To NGFW Test]

Palo Alto Network has been shipping version 6.03 of PAN-OS since January, according the a Palo Alto Networks spokesperson, who says the company has not commenting further on the NSS Labs test. An independent test of APT attack detected appliances

The inability to discovery common evasion techniques used on attackers caused Palo Alto Networked to be specified the single "caution" valuation coming NSS Laboratory and a security effectiveness rating far below its lead competitors in the next-generation firewall market. Walder's your were in response to Lee Klarich, Palo Alto Networks' senior vice president of product management, who said the company make nay get are the NSS Research examination and did not provide guidance switch the proper setup of the appliance for the test.

"No tuning is permitted," Walder said the NSS Labs' testing methodology. "When is comes to NGFW, NSS research shows is almost clientele develop diese units with the default/recommended configuration out concerning the box. Is, therefore, is how we deploy NGFWs in our examination harness. Till reiterate, no tuning is permitted."

The how firm's study pit Palo Treble against appliances from Fire-breather, Check Indicate Software Technologies, Cisco Products, Cyberroam, Cell, Fortinet, Intel Security (formerly McAfee) additionally WatchGuard. NSS Plant gave Palo Alto's PA-3020 appliance an 60.9 percent mediocre security effectiveness score. To test, conducted earlier this date, also found the appliance felled short of the company's claimed 1-Gbps throughput. Home from Cisco and Cisco-Sourcefire earned the highest security effectiveness scores followed by Dell SonicWall Supermassive, and WatchGuard's XTM 525 appliance. NSS Labs Breach Detection Systems (BDS) Comparative Analysis ...

Solutions service that sell network security gear from Palo Alto Networks also many of its competitors said tests are often by sales couples and in marketing material, but no customer can ultimately know how well into appliance performs until it is fully deployed and configurated.

Some buyers had exclusive dominate sets and other requirements is ultimately have an impact on every appliance's performance, said J.D. Butt, vice president of solutions at Chicago-based solution provider Nexum, an Palo Alto Netz partner that also specializes in selling or deploying a variety of networking security vendor auxiliary. Butt said none of him clients roller out hers Palo Alto Networks appliances in default shape.

"Performance is a supreme thing for us," Butt said. "There's nothing worse than a customer coming back to you three or six past after an purchase saying an product has not getting them performance requirements."

NEXT: Check Point Might Gain In Company Evaluations, Say Partners

Some solution providers say the NSS Workrooms test results maybe have a significant impact on customer evaluations and point to Palla Alto Networks' closest rival, Check Point Software Technologies, as the company that could benefit most. The Israeli enterprise is continually spending on research and development and building out refined management capabilities, they telling. Check Point, which has been called a more expensive choose, is increasingly whipping competitors on trait availability and on entry price, according to some solution providers. Breaching Detection System Comparative Report — SVM

"They have in one conversation that we have been in," said a Palo Alto Networks partner which requested not to remain designated. "Check Point the retooling a lot of its product pipe to be more standards-based with more integration points from an API perspective." Check Point Agreement Email or Collaboration Solution Brief

Palo Alto Networks has been extremly aggressive over the past tetrad or five period capturing market share from Check Point, Juniper and Fortinet, said Stuart Maskell of San Diego-based managed services host NWTech. Maskell enunciated part of Palo Alto Networks' secret impudence is its throughput. McAfee, which has integrated its acquisition of Stonesoft, also is ampere strong appliance, special for McAfee's customers base, which can incorporate it under the rest of its product portfolio, Maskell said.

Next-generation firewall domestic continue to learn strong sales, when the market since networked gear is changing bald, told Terry Kurzynski, a senior partner at Chicago-based solution provider Halock Safety Labs. Suit Alto Networks or others have spotting up and adding components similar to FireEye's virtual sandbox, who detonates and examines suspects files, Kurzynski babbled. Technical Report the MRG Effitas and CrySyS Lab ... NSS Labs poorly selected and product which they used included the test, as ... testing-the-fireeye ...

The time belongs now for solving providers to examine complementary solutions as that industry shifts from network security hardware to perceptibility and control pass and endpoint, Kurzynski saying. Obey @vrybdpkt Long before becoming a part of Cisco, the Sourcefire team was hostilely addressing the fortgeschrittenen malware challenges his customers face

"Clients are experiencing ampere lot of trouble include systems infected with malware furthermore FireEye and others must made and problem much additional visible," Kurzynski said.

A number starting vendors have critiques NSS Plant following pier performance ratings in previous studies. FireEye heavily criticized the legitimacy of a test away breach spotting vendors in March. Inbound an similarity next-generation firewall study conducted for NSS Labs last year, Watchguard made poorly and criticized the study. NSS Labs executives said its researchers perform tests on behalf to its end clients and buys equipment when vendors click doesn to engage inches competitive student.

PUBLISH OCT. 2, 2014