Evaluation of Cloud Service Provider Firewall Effectiveness
2024-11-27
Need some ammo against AWS, Azure, or GCP? Have a customer or prospect that uses these CSPs? This article is for you!
CyberRatings.org conducted an independent test of cloud service provider native firewalls from AWS, Azure, and GCP, revealing significant disparities in their security effectiveness. The firewalls were evaluated against 522 exploits, with GCP blocking 264, Azure blocking 126, and AWS blocking only 2. The tests focused on known vulnerabilities from the last decade with medium or higher severity. Despite ease of deployment, the low block rates highlight the need for improvement in native firewall security. Customers are advised to consider third-party solutions for enhanced protection until these native firewalls demonstrate higher security effectiveness.
Cloud Service Provider Flaw
AWS firewall, Azure firewall, GCP firewall, cloud security, CSP evaluation, native firewall performance
N/A
Amazon Web Services, Microsoft Azure, Google Cloud Platform
CyberRatings.org recently conducted an independent assessment of native firewalls provided by major cloud service providers (CSPs): Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). This evaluation aimed to measure how effectively these firewalls can defend against known security threats. The firewalls were tested against a set of 522 exploits using Keysight's CyPerf v5.0 software testing platform. These exploits were chosen based on known Common Vulnerabilities and Exposures (CVEs) from the last ten years, focusing on medium or higher severity vulnerabilities. The test specifically targeted server vulnerabilities relevant to cloud workload deployments. Notably, no evasions were used, which are typically employed by attackers to bypass security measures. Amazon Web Services (AWS): AWS Network Firewall had a low block rate, successfully blocking only 2 of the 522 exploits. This firewall uses open-source Suricata rulesets, consisting of over 21,500 rules. However, many of these rules are not designed for cloud or server workloads, focusing instead on home and small office environments. Approximately 10% of the rules are for web browser protection, with a significant portion monitoring outbound connections post-infection. Microsoft Azure: Azure Firewall Premium performed better, blocking 126 exploits. It uses Microsoft's proprietary signatures, with a ruleset of over 67,000 rules across more than 50 categories. The deployment process is straightforward, but configuring logging requires multiple steps, with logs forwarded to NetWatcher for analysis. Google Cloud Platform (GCP): GCP's Cloud NGFW Enterprise Firewall, powered by Palo Alto Networks, blocked 264 exploits, offering the highest effectiveness among the three providers. It provides robust threat detection and prevention capabilities, with predefined threat signatures that users can view through the threat vault. The test results reveal significant disparities in the security effectiveness of CSP native firewalls. While all three firewalls are easy to deploy, their ability to block exploits varies greatly. The low block rates indicate that these native solutions may not provide sufficient protection against sophisticated cyber threats. Therefore, customers should consider third-party security providers with proven track records for enhanced protection. Until CSP native firewalls improve their security effectiveness, organizations are advised to explore third-party firewall solutions to ensure robust protection against cyber threats. The complete test report is available for free at cyberratings.org.Overview of Cloud Service Provider Firewall Performance
Testing Methodology
Test Results
Key Insights
Recommendations