2024 Miercom Security Benchmark

Compare the Top Enterprise Firewalls

ENTERPRISE FIREWALL SECURITY EFFICACY | BLOCKING ZERO-DAY ATTACKS

Blocking Attacks In The First Malware Prevention or Detect-Only

24 Hours Is Critical 100%
Zero+1 Day Malware

9.4%
A maximum block rate in the first 24 hours means 80%
99.8%

a much lower chance of breach.

Percentage Prevent vs. Detect-Only
8.7% 37.2%

60%
1. Check Point had 99.8% Prevention

2. Palo Alto Networks prevented 69.4% 40% 84%

75.4%
30.6% not blocked 1
47.8%
3. Fortinet prevented 84% 20% 69.4%
16% not blocked1
4. Cisco prevented 47.8 % 0%
52.2% not blocked1 Check Point Palo Alto Fortinet Cisco Zscaler
Networks
5. Zscaler prevented 75.4 %
24.6% not blocked1 Prevent Detect Only
1
% not blocked = 100% Total Malware - % Prevented
Prevent = firewall identified malware and immediately blocked it from entering the network.
Detect-Only = firewall identified malware but did not prevent/block malware from entering.

Missed Detections of Phishing and Malicious URLs

Zero+1 Day Phishing URLs
Phishing Prevention
100%
Check Point used its AI Deep Learning
to achieve a 100% success rate. 2
10%
Percent Missed Detection

1. Zscaler missed 28 per 1000

1%
46.9% 2. Palo Alto missed 35 per 1000

2.8% 3.5% 4.1% 3. Fortinet missed 41 per 1000

0.1%

4. Cisco missed 469 per 1000

0%

Check Point Zscaler Palo Alto Fortinet Cisco

Networks 2
In this case also, the first 24 hours are the most critical
time to block phishing attacks.
Missed Detection (lowest is best)

See more test results >> Get Miercom Report

About Miercom Firewall Configurations & Test Environment

Capabilities Used by
Firewall Vendor Operating System Version
Firewalls Under Test
Anti-Virus
Check Point Quantum Titan release R81.20
Miercom is the industry’s URL Filtering

leading independent Palo Alto Networks PAN-OS 11.1.1 Application Filtering

Anti-Phishing
Testing, Validation, and Fortinet FortiOS 7.4.2 Intrusion Prevention
Certification organization Anti-Malware
for Networking and Cisco FirePower 7.4.2 Sandboxing
Security. Miercom
Zscaler ZIA 6.2
produces a wide range of
product benchmark testing
reports and industry
assessments.
Internet Firewall Customer
Learn More:
https://miercom.com/

Security Test Suite

Vendor Spotlight
Check Point Software

How Check Point Blocks Evasive

Zero-Day Malware and Phishing Attacks
Preventing Malware in Email and Web Files

Known malware is blocked, unknown Active content is stripped from files and Sandbox returns a verdict in 2 minutes;
malware is sent to a sandbox for analysis safe content is sent to users in 2 seconds access is granted to the original if benign

Step 1 Step 2 Step 3

Blocking phishing attempts to prevent data & credential theft using AI Deep Learning

Known phishing sites are blocked; unknown Over 300 indicators in web pages Check Point allows or blocks page
websites with form fields are analyzed are analyzed in real-time before user enters credentials or data

Every 24 hours...
View Video Check Point ThreatCloud (global threat intelligence)
(2 min)
✓ Analyzes over 2 billion websites and files
ThreatCloud AI
✓ Performs 30 million file emulations
✓ Captures updates on nearly 2 million malicious indicators

Complimentary Analyst Reports

Frost & Sullivan 2023 Firewall Report Forrester Wave™ Enterprise Firewalls

Get Miercom Report