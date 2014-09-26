(Adds comment from NSS, analysts. Palo Alto declined comment)
By Jim Finkle
BOSTON, Sept 26 Palo Alto Networks Inc's
flagship next-generation security firewall ranks as the
least effective in a new test of such equipment by NSS Labs,
results that surprised some analysts because the product is
widely considered an industry leader.
NSS, which reviews technology products for Fortune 500
companies, gave Palo Alto's firewall a "caution" rating in a
survey released to clients Tuesday. It had rated the product
"recommended" in its last survey, released in February 2013.
NSS recommended rival firewalls from Check Point Software
Technologies Ltd, Cisco Systems Inc, Dell Inc
, Fortinet Inc, Intel Corp's McAfee
division and WatchGuard.
A Palo Alto Networks representative declined comment.
NSS Chief Executive Officer Vikram Phatak said that Palo
Alto had issued two major revisions to its firewall operating
system since the last test.
"They broke something in the process," he said.
NSS marked down Palo Alto heavily for failing key tests that
determine how easily hackers could evade a firewall's security,
Phatak said.
"They have a fundamental problem in how they are handling
TCP/IP traffic, which is the foundation of the Internet," he
said.
Greg Young, an analyst with Gartner which closely follows
the next-generation firewall market, said he was surprised by
the results.
"Generally NSS stuff has been pretty good, but I need more
information to help me understand this one," he said. "I have a
lot of questions about the placement. They are really sort of
divergent from where we placed the products."
The findings come in the wake of a controversial report
released by NSS in April that said FireEye Inc's breach
detection system did not work as well as products from rivals
including Cisco and Trend Micro.
FireEye disputed those claims but shares in the company that
went public in one of last year's hottest IPO dropped
significantly in the weeks after the report's publication.
Securosis analyst Mike Rothman, who advises businesses in
selecting firewalls, said that buyers often review NSS surveys
when picking products.
Yet he said laboratory tests may not be as relevant as they
used to be because security has become extremely complex, making
it difficult for a test like the one released this week by NSS
to be a good indicator of how a product will work for any
particular company.
"As security has gotten a lot more complicated, it is not as
easy to set up a generic test bed and have the results
replicated in the real world," he said.
Rothman said that businesses need to come up with a "short
list" of several products that look like they will meet their
needs, and then ask the manufacturers to lend them the equipment
for a trial.
"You've got to test them out in your environment," he said.
NSS also gave "neutral" ratings to firewall models from
Barracuda Networks Inc, Cisco and Sophos Cyberoam.
