We achieved 100% efficacy for exploits and evasions. Malware protection up to 99.5% (misses reduced from 34 to 19). Performance is still excellent!
In a landscape where threats evolve at an unprecedented pace, proactive and high-performance security is non-negotiable. Cisco Secure Firewall 1220, leveraging the power of its Snort3 engine, recently underwent rigorous testing, adhering to NetSecOPEN standards, demonstrating its exceptional capabilities in both performance and security efficacy. This comprehensive evaluation validates our commitment to delivering lightning-fast speed combined with impeccable protection, engineered to keep even the most sophisticated threats on the sidelines. This report reflects the rigor given to the 1220, stress-testing to its limits with realistic loads and sophisticated attack simulations, providing a clear indication of its industry-leading throughput and security efficacy without compromising the speed your business demands.
What was tested, and why does it matter?
To truly understand the 1220’s capabilities, it is important to examine the depth of its evaluation. The testing was conducted by an approved NetSecOPEN test lab, ensuring adherence to stringent industry standards for network security performance. The Device Under Test (DUT) was a Secure Firewall tested using the latest software version, vulnerability database, and Snort update. The evaluation focused on:
- Diverse Traffic Mixes: The test replicated real-world internet traffic, simulating complex enterprise conditions with specific healthcare and education traffic profiles.
- Application-Specific Senarios: Assessing performance across various applications, from standard web (HTTP/HTTPS) to enterprise applications.
- Comprehensive Threat Blocking: Proactively testing the firewall’s ability to block public and private CVEs, sophisticated malware, and evasive attack techniques.
We exist in an era where cyberattacks are increasingly sophisticated and volumetric, your organization’s security infrastructure must do more than simply react — it needs to proactively defend at scale, without compromising the speed essential for critical business operations. Independent testing provides empirical, critical validation needed to ensure that your organization gets:
- Unbiased Validation: Confirms that our products perform as engineered under conditions reflecting your actual network environment.
- Real-World Efficacy: Unlike theoretical benchmarks, these tests leverage traffic patterns and loads your network is likely to experience, providing confidence in the firewall’s real-world effectiveness.
- Trust and Transparency: The detailed methodology and transparent reporting build trust, empowering you to make informed decisions about your security investments.
Uncompromised performance
A critical challenge in modern network security is the deep inspection of growing volumes of traffic, especially encrypted traffic, without degrading performance. Secure Firewall is engineered to tackle this head-on, delivering exceptional security efficacy and network performance. Through testing, we validated details of its capabilities:
Optimized Throughput for Deep Inspection — The 1220 sustained significant traffic volumes even under full inspection:
- Regular Web Pages (HTTP) Inspected Throughput: Achieved up to 5.12 Gbps (with varying packet sizes), demonstrating its capacity for high-speed web traffic analysis, even when Snort used all of the CPU.
- Secure Web Pages (HTTPS) Inspected Throughput: Delivered up to 2.55 Gbps (with varying packet sizes), proving its ability to inspect encrypted traffic at scale even when CPU was at capacity.
Security Under Load — Maintained between 0.95 and 1.20 Gbps for real-world traffic simulations, while proactively blocking 100% of CVEs.
Proactive Threat Protection — The 1220 demonstrated its robust defense mechanisms:
- 100% block rate for both public and private CVEs, and evasions, indicating its ability to neutralize known and emerging vulnerabilities.
- An impressive 99.5% block rate for malware, showcasing its advanced threat detection capabilities.
Ultra-Low Latency for Seamless Experience — The system responds very quickly, so users hardly notice any delay. Consistently low average transaction latencies ensure minimal impact on user experience:
- Loading Time for Regular Web Pages (HTTP): On average, it takes as little as 0.556 milliseconds for the first part of a web page to start loading when tested with 1,000 requests per second.
- Loading Time for Secure Web Pages (HTTPS): On average, it takes as little as 2.159 milliseconds for the first part of a secure web page to start loading when tested with 16,000 requests per second.
High Connection and Transaction Rates — The 1220 is built to handle high-volume network activities:
- TCP/HTTP Connections Per Second: Reached 21,344 new connections per second when tested with 1,000 users.
- Concurrent Connection Capacity: Supported nearly 300,000 active HTTP connections and over 78,000 active HTTPS connections at the same time, demonstrating impressive scalability.
Cisco Secure Firewall 1220 doesn’t just block threats; it does so with industry-leading speed and efficiency, ensuring your network remains secure and your operations unhindered. The NetSecOPEN report validates its performance and efficacy for the most demanding security challenges.
Explore the details
Review the complete NetSecOPEN report to discover how the Cisco Secure Firewall 1220 delivers robust security for your organization without sacrificing performance. See how the results stack up in our infographic.
Try it yourself
Participate in the Cisco Secure Firewall Test Drive, an instructor-led, 4-hour security course where you’ll get hands-on experience with Cisco firewalls and learn about the latest attacker techniques that are shaping today’s network security requirements.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
CONNECT WITH US