2018 NSS Labs NGFW retest results for XG Firewall

NetworkNSS labsXG FirewallXG Firewall v17

XG Firewall received excellent results across all areas tested by NSS Labs.

Sophos is committed to providing you with the best protection, performance and value in the industry and the latest NSS Labs retest of XG Firewall validates that we are delivering on that commitment. As expected, XG Firewall has performed extremely well blocking 100% of all evasions with excellent results across all other areas tested by NSS Labs. The results for both security effectiveness and total cost of ownership (TCO) per protected Mbps are outstanding.

Here’s a summary of the results:

  • 100% Evasion Resistance
  • 94.82% Exploit Block Rate
  • 100% Resiliency Coverage
  • 100% Stability and Reliability
  • 6,194 Mbps tested throughput
  • TCO per protected Mbps of $5.47

We encourage you to explore the full test results which are available for download.

You can also see how XG Firewall places on the NSS Labs Security Value Map (SVM) Chart (click to enlarge):

Sophos XG Firewall customers and partners don’t need to take any action as your firewall is providing optimal protection and performance. For those wondering about the HTML padded evasion techniques missed in the June 2018 NSS Labs Next Generation Firewall (NGFW) public test, those were addressed through adjusting the AV engine file size scanning parameters. No action is required as your firewall device comes with optimized default settings based on careful analysis of the current threat landscape. You can learn more about this setting in the XG Firewall Knowledge Base.

As you know, we never rest, and are relentlessly improving and innovating our products. In fact, we have a substantial new release of XG Firewall coming soon – watch this space for more details in the days ahead.

8 Comments

How come throughput is just around 6.5Gbps where for XG750 it says 11Gbps in the datasheet. More than 50% degrade why? Also Exploit block rate are far behind other competition brand which are more than 99%. Also Fortinet FortiGate-500E has better throughput than that of XG-750, do you have any answer to it? It seems like Sophos last model goes just upto 6.5Gbps NGFW throughput which is even lower than Fortinet SME model called FG-500E.

Reply

Hi Team Sophos,
I like the product but after checking on below link report of NSS NGFW SVM 2018, i really doubt on this product.
Security effectiveness – just 25% lowest among all
Overall NSS ratings is – Caution
TCO per protected Mbps – US$22 one of the highest among the segment
Exploit block rate – 93.47% – very less
Evasion is just ok – 178 out of 190
Good as it passed all stability & reliability test atleast
Performance very poor – just 5.9Gbps for XG750 – Claiming in Datasheet is almost 12Gbps. Not delivering even 50% is real world scenarios

No comparison against top players like Fortinet, Cisco. But strange to see it is even lower than that of Sonicwall & Watchguard of the world.

[link redacted]

Last & highest available product called XG-750 Rev 2 tested with this many loop holes dont know how come the lower end products are. This keeps me away to buys sophos in coming future for sure.

Hope you answer my query publicly so that other customer also get answer for the same.

Reply

Hi Bhavin, Please don’t confuse the results of the original 2018 public test with these follow-on test results published here. In the original public test results, we caught 94.5% of evasion techniques which, due to NSS Labs weighting, made our security effectiveness and TCO per protected Mbps look much different than reality. In this follow-on test, which changed a setting on the max file size, we caught 100% of evasion techniques. XG Firewall performs exactly as expected, catching all evasion techniques and offers outstanding security effectiveness and TCO per protected Mbps.

Reply

Hi Chris,

Really thankful for your response.

Few questions:

1. XG Firewall performs exactly as expected –> what about throughput degradation? around 50%? with your comment you mean you where expecting 50% degradation in performance??

2. The report shared with you is valid or not? Why you are only commenting on evasion technique? what about security ratings as caution & effectiveness as 25%?

3. What are the exact reasons your TCO & security effectiveness impacted in follow-on test, once as per you it was tested with good result?

Looking for proper answer for all points so that my/along with other customers confidence will be intact.

Regards,
Bhavin.

Reply

Hi Bhavin, Thanks for you interest and great questions. Here’s my best attempt to answer them as best and briefly as possible.
1. As you can imagine, different test methodologies will result in different throughput performance outcomes. NSS Labs reports based on their testing methodology, and we publish our test results as part of our technical specs. Both are valid measurements made under different conditions. Your particular performance will depend on traffic mix, security settings, IPS patterns being applied, and a variety of other factors.
2. This follow-on test is the results you should focus on. It reflects our actual security effectiveness after fixing the AV scanning file size setting mentioned in the article that lead to a missed evasion technique in the June test. Note that NSS Labs heavily weights missed evasions in determining a vendor’s final Security Effectiveness and TCO – so even one missed evasion will dramatically impact your final result and placement on the chart. The final Security Effectiveness and TCO reported in the June report is not our actual measured evasion coverage, or any other security efficacy measurement, or our true TCO.
3. I believe I answered this in #2.

Reply

Hi Chris,

Thanks for answering. Truly not too much convincing & looks like you are just trying to defend the NSS result which followed by globe today. Anyways its still good to have understanding directly from OEM’s.

Appreciate your efforts.

Thanks
Bhavin.

Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.