Work is an activity, not a place. With hybrid work here to stay, enterprises everywhere need security as flexible as their workforce, while simultaneously minimizing downtime and delivering exceptional user experiences. This dynamic work environment, combined with significant, sustained cloud adoption, is driving organizations to adopt secure access service edge (SASE). The SASE concept is simple -- secure, efficient connectivity between users working anywhere; at home, in the branch, or on the go, and resources residing anywhere; cloud, SaaS, data centers, and the web. Transitioning from hardware-based security point products to a converged, cloud-delivered model makes it possible to dramatically simplify the security stack while improving security posture and user experience.
Hybrid Work Increases Cybersecurity Risks
Most of us are fully aware the hybrid workforce significantly increases the attack surface for all enterprises. Cloud services and apps, personal devices, and remote access tools essentially render an organization’s security perimeters obsolete, resulting in more cyberattacks. IT managers often have to compromise between security and user experience as they grapple with these new ways of working and their technologies. Therefore, it’s no surprise Forrester claims that 80% of security and business leaders say their organizations are more exposed to risk as a result of remote work.
As such, we’ve needed more focus on the “Secure” part of SASE where these solutions’ security efficacy is paramount. However, there were no in-depth test results available, as no one in the cybersecurity industry had performed an analysis of the common security services deployed by customers.
Testing the Industry’s Top SASE Security Solutions
Here at Palo Alto Networks we identified this missing, yet critical, link and discussed it with a leading testing company involved in independent testing, AV-Comparatives Gmbh. The objective was to come out with the industry’s first and most in-depth test focused on the security efficacy of SASE solutions. We wanted to go beyond just traditional testing of exploits and evasions that by themselves do not represent the security efficacy that a customer will experience. The test scenarios focused on a wide range of security services, like URL filtering, DNS security, Malware protection, and more, and were designed to be more realistic, focusing on real-world issues that customers often face.
AV-Comparatives SASE Report
The AV-Comparatives SASE report set out to determine which SASE security solution was the most effective in real world scenarios. The overall test procedure included 8 different sub-tests, each covering a major aspect of the respective product’s capabilities in a specific real-world scenario. The Web URL Filtering Protection, DNS Security, and Malware Protection sub-tests were broken down into further individual categories, as shown below:
- Web URL Filtering Protection (CnC Block Rate, Malware Block Rate, Phishing Block Rate, Average Benign URL Categorization)
- DNS Security (DNS Tunnelling Prevention, DGA Protection Rate)
- Malware Protection (Sandbox Analysis Time, Protection Against Modified Malware, Malware Protection via Email Protocol, Artifact Extraction, File Transfer)
- Public SaaS Application Security
- Private SaaS Application Security
- Vulnerability Protection
- Evasion Protection
- Credential-Theft Prevention
The test compared Prisma Access with two other solutions. While Palo Alto Networks sponsored this test, we knew credibility was critical for it to matter. Testing was performed by AV-Comparatives independently and no samples were shared with Palo Alto Networks beforehand. The test result shows dramatic differences in security efficacy between Prisma Access and the competing products.
Raising Expectations for SASE Security
A SASE solution should be able to enforce uniform and ubiquitous security for a user from any location to any application, regardless of port/protocol being used, detecting and preventing malicious activity bidirectionally given insider threats and/or users inadvertently connecting from a previously infected host. Hence, the overall threat protection capabilities, and the completeness of attack surface protection for both remote and branch user-based scenarios are critical.
For a detailed view of the test results and methodology, read the AV-Comparatives SASE Comparative Report here.
Jason Georgi serves as Palo Alto Networks' global Field CTO for Prisma Access and Prisma SASE. He focuses on building C-level relationships and advising client executives on the strategic alignment of cloud-delivered security solutions as enablers of customers' cloud transformation journey.