Testing protection against fully featured attacks

Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible. In this test we assess the capabilities of the Cisco Secure Firewall 4225.

Loading…

Taking too long?

Reload document

| Open in new tab

Download

Factsheet

Cisco Secure Firewall 4225

Early Protection Systems

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Regardless of which stages your security takes effect, you probably want it to detect and prevent before the breach runs to its conclusion in the press.

Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible.

This is important because different products can detect and prevent threats differently.

Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.

Some products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.

For the ‘watchers’ we run the Advanced Security test in Detection mode. For ‘stoppers’ like Cisco Secure Firewall 4225 we can demonstrate effectiveness by testing in Protection Mode.

In this report we look at how Cisco Secure Firewall 4225 handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mis-handle legitimate applications?

Understanding the capabilities of different security products is always better achieved before you need to use them in a live scenario. SE Labs’ Advanced Security test reports help you assess which are the best for your own organisation.

How we test the Cisco Secure Firewall 4225

SE LABS tested Cisco Secure Firewall 4225 against targeted attacks based on Threat Series: 9

These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking groups known as Scattered Spider and APT29 operate to breach systems and networks.

Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Choose your reports and reviews carefully

Cisco Secure Endpoint – DETECTION

Testing protection against fully featured attacks

SE Labs tested Cisco Secure Endpoint against targeted attacks based on the Turla threat. These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking group known as Turla operates to breach systems and networks.

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Loading…

Taking too long?

Reload document

| Open in new tab

Download

Results – Cisco Secure Endpoint (Detection)

Cisco scored a 100% Detection Accuracy Rating for detecting every element of the Turla attacks, starting from the delivery of the spear phishing attachment through to all the subsequent malicious activities in the attack chain. It also prevented all of the malicious activities from running, incurring no penalties for allowing the full or partial execution of targeted attacks. The product did not generate false positives, meaning that it didn’t wrongly detect or hamper harmless, legitimate software.

Read more of our reports here.

Cisco Secure Endpoint

Testing protection against fully featured attacks

SE Labs tested Cisco Secure Endpoint – Protection against targeted attacks based on the Turla threat. These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking group known as Turla operates to breach systems and networks.

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.

Loading…

Taking too long?

Reload document

| Open in new tab

Download

Results

Cisco Secure Endpoint scored a 100% Protection Accuracy Rating for blocking every threat at the initial delivery stage. The product did not generate any false positives, meaning that it didn’t wrongly detect or hamper harmless, legitimate software.

It also prevented all of the malicious activities from running, incurring no penalties for allowing the full or partial execution of targeted attacks.

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.