There is widespread consensus in the IT security industry that the security posture of an organization can be improved by complementing perimeter security with endpoint security. Firewalls, secure web gateways, or email security gateways, usually cannot provide preventative inspection on USB thumb drives or mobile equipment that is outside the LAN. This means that such devices can be the starting point for network infections, if there is no endpoint security in place.
Endpoint security is also valued for its ability to perform proactive monitoring and evaluation based on behavioral information. The efficiency of malware detection on the endpoints is typically expected to outperform what you can get from gateway protection by a few percent.
In view of this, a recently published study (pdf) by the test lab AV-Comparatives and security research company MRG Effitas provides somewhat unexpected results. It compares the protection you can get from a Barracuda NextGen virtual FW with what is achievable from various endpoint protection platform. All products managed to pass the test but the only product to achieve 100% coverage for all malware samples without firing off a single false positive was the Barracuda NextGen Firewall.
The Barracuda NextGen Firewall F-Series is a family of hardware, virtual, and cloud-based appliances designed to protect a company’s dispersed network infrastructure. The Barracuda NextGen Firewall VF100 on VMware was used in this study. The Barracuda NextGen Firewall was compared to the CrowdStrike Falcon Host, Palo Alto Traps, and Sentinel One Endpoint Protection Platform.
This chart summarizes the results of the Whole Product Dynamic “Real World” Test (WPDT), and simulates the activities of a typical business or home computer user. The False Positive (FP) test results are also included here.
The next set of results demonstrates the performance in the Exploit Test.
Endpoint protection provides incremental added security value for certain mobile usage scenarios, but that value is limited on LAN endpoints that are already protected by a Barracuda NextGen Firewall. Organizations with limited technology budgets and IT staff headcount constraints should carefully consider where they place their bets.
If you would like to learn more about the Barracuda NextGen Firewalls, visit our corporate site here.