NSS Labs Expands 2018 NGFW Group Test with SSL/TLS Security, Performance Test Reports (CDSA)


NSS Labs announced the release of its secure sockets layer (SSL)/transport layer security (TLS) performance test reports. The SSL performance testing was conducted during the 2018 Next Generation Firewall Group Test, announced earlier this month. With the increased use of SSL/TLS in the traffic traversing the modern network, an NGFW must be able to inspect encrypted content.

SSL and TLS protocols are the foundation of e-commerce security, encrypting the transfer of sensitive data, verifying the authenticity of websites, and ensuring the integrity of exchanged information. Threat actors are increasingly using SSL/TLS to deliver malicious attacks. Gartner estimates that in 2017 more than half of the network attacks targeting enterprises used encrypted traffic to bypass security controls.1

According to NSS Labs research, 41.7% of enterprises deploy dedicated SSL/TLS appliances.2 Use of the SSL protocol and its current iteration, TLS is rising dramatically in response to an increasing need for online privacy. In 2016, NSS Labs found that HTTPS (SSL/TLS-encrypted) traffic grew 90% year over year and 50% of enterprise traffic was encrypted.3

With this increase in SSL/TLS traffic, enterprises are finding that the performance of their NGFWs is being impacted. The NSS Labs’ 2018 SSL/TLS Performance Tests determined how 10 of the industry’s leading NGFW products performed in the following key areas:

— Cipher Functionality – Confirm and validate the device under test is correctly decrypting and (if applicable) inspecting SSL/TLS traffic.

— Performance – A performance baseline using various types of HTTP traffic is established for the device. The device is then measured with HTTPS-based real-world performance in order to establish comparative metrics for the device (with or without SSL decryption/inspection). This ensures the device is not bypassing the decryption/inspection process to demonstrate better performance.