Testing protection against fully featured attacks

Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible. In this test we assess the capabilities of the Cisco Secure Firewall 4225.

Loading…

Taking too long?

Reload document

| Open in new tab

Download

Factsheet

Cisco Secure Firewall 4225

Early Protection Systems

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Regardless of which stages your security takes effect, you probably want it to detect and prevent before the breach runs to its conclusion in the press.

Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible.

This is important because different products can detect and prevent threats differently.

Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.

Some products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.

For the ‘watchers’ we run the Advanced Security test in Detection mode. For ‘stoppers’ like Cisco Secure Firewall 4225 we can demonstrate effectiveness by testing in Protection Mode.

In this report we look at how Cisco Secure Firewall 4225 handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mis-handle legitimate applications?

Understanding the capabilities of different security products is always better achieved before you need to use them in a live scenario. SE Labs’ Advanced Security test reports help you assess which are the best for your own organisation.

How we test the Cisco Secure Firewall 4225

SE LABS tested Cisco Secure Firewall 4225 against targeted attacks based on Threat Series: 9

These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking groups known as Scattered Spider and APT29 operate to breach systems and networks.

Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Choose your reports and reviews carefully

Detecting the Full Chain of Network Threats

Network security products detect threats at different security layers

Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attacks.

Understanding the capabilities of different security products is always better achieved before you need to use them in a live scenario. SE Labs’ Enterprise Advanced Security test reports help you assess which are the best for your own organisation.

Loading…

Taking too long?

Reload document

| Open in new tab

Download

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Detecting the Full Chain of Network Threats

In this report we look at how Palo Alto Networks VM-Series Virtual Next-Generation Firewalls handled full breach attempts. At which stages did it detect? And did it allow business as usual, or mis-handle legitimate applications?

The targeted attacks used in this test replicate those used by the following attack groups in the real world:

• Wizard Spider
• Sandworm
• Dragonfly & Dragonfly 2.0

Read this SE Labs assessment and discover how Palo Alto Networks VM-Series Virtual Next-Generation Firewalls handle advanced targeted attacks. Find the value in deep detection systems. We also describe in detail how each of the attack groups have worked in the past and how we’ve copied their tools and techniques to create a realistic test that reflects real-world security situations.

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.