Seeing is Believing: Juniper SRX Series NGFW Receives “AA” Rating

I’ve always been a big believer in independent third-party testing, especially for cybersecurity products. At best, they validate that a particular solution does what a vendor says it can do. At worst, they provide quantitative feedback that a vendor should use to make improvements.

Well, yesterday was one of those best-case days for Juniper and our SRX Series next-gen firewalls. We’ve received an “AA” rating from CyberRatings.org, a new independent testing company led by the founders of NSS Labs. 

CyberRatings rated NGFW products in four areas:

• Security effectiveness, testing against new and historical exploits and evasions, a measure of how easily an attacker could bypass the firewall
• SSL/TLS, measuring on supported ciphers and, more importantly, performance when decryption is turned on
• Management, measuring the ability of the management interface to create and apply security policy, reporting, handle alerts, and authenticate users
• Customer feedback, direct feedback from customers who are using the product

Security Effectiveness

We received an “AAA” rating in security effectiveness, the highest possible rating, with a 99.5% exploit block rate and 100% resistance to evasions, scoring above the leading NGFW vendors.

Security effectiveness is the primary reason the NGFW exists, providing protection from network and some application exploits, as well as detecting and stopping evasive techniques used to bypass the firewall completely. This is an area we’ve been focusing on more aggressively over the past few years, making sure that we’re able to protect our customers’ networks and exceed expectations in security effectiveness, moving as close as possible to 100% effective against threats – and recently we actually achieved that “unicorn” score!

SSL/TLS

Decrypting and inspecting encrypted traffic, especially web traffic, is a primary use case for NGFWs. For many vendors, performance drops significantly when SSL decryption is turned on, in some cases by as much as 90% compared to cleartext traffic. Since more than 80% of traffic is encrypted these days, according to Security Boulevard, a performance hit like that forces organizations to choose between experience – meeting the throughput needs of end-users and the business — and security.

CyberRatings gave the SRX Series NGFW an “AA” rating in SSL/TLS. Our performance with SSL decryption turned on was excellent and outperformed many of our competitors who are considered leaders in the security space. It’s estimated that around 70% of attacks use encryption to evade detection, which is alarming when you consider that SSL inspection can’t be enabled for all traffic. Certain regulations prioritize user privacy over security, which has led to only one option for security practitioners: accept this as a business risk. But to address this, not only does Juniper scale more effectively with SSL inspection turned on, but we’re also able to detect threats without decrypting for traffic where SSL decryption cannot be applied. 

Management

I was so pleased that CyberRatings decided to include management functionality as a key component of the overall rating, because most organizations have 10 or more NGFWs deployed throughout the network – at the edge at campus and branch locations, within multiple public cloud environments, and in private cloud environments. Managing many NGFWs and the deployed security policy across all of these environments with a unified policy structure within a single UI is imperative for administrators to close security gaps while decreasing the time spent distributing and managing those policies. 

For many of our competitors, customers must manage their on-prem firewall deployments separately from cloud-deployed firewalls. Separate management platform. Separate policy structure. Separated visibility, intelligence, and enforcement. This kind of separation in management leaves room for blind spots and mistakes when admins must copy over and re-deploy security policies for different environments.

Juniper’s firewall management, Security Director, accommodates unified policy creation and distribution across all environments simultaneously from a single UI, providing full visibility, intelligence, and enforcement. This translates into a great user experience for our customers and our customers’ customers, which is why we received an “AA” rating for management.

Customer Feedback

Juniper SRX received a “A” rating for customer feedback, and the interesting part about this rating is that customer feedback about our NGFW technology was great, which is also what we’ve seen reflected in Gartner’s Peer Insights reviews. Customer sentiment around Juniper SRX is that the technology meets all use cases and provides innovative features that help customers protect their networks easily and effectively. Customers love our renewed focus on security but are still waiting to see if this focus is a long-term plan for Juniper.

It is. Full stop.

Juniper’s Connected Security strategy and new security capabilities released over the past few years, coupled with the industry recognition and third-party validation we’ve received consistently in that same timeframe are proof that security is and will remain a priority for Juniper. These results from CyberRatings are the latest proof points. We’ve turned the corner in security and will continue to execute on our security strategy to help our customers build threat-aware networks to safeguard their users, applications, and infrastructure.

Juniper Connected Security is here to stay. Believe it.