How Secure Web Gateways Fared in AV-TEST Benchmark

With so many employees working remotely during the global pandemic, businesses are having an even harder time keeping their users, devices, networks, applications and data safe. According to Ponemon Institute, organizations that believed they were effective at mitigating risks, vulnerabilities and attacks across the enterprise declined from 71% before the pandemic to 44% after the pandemic. The “new normal” increases the importance of moving to a cloud-delivered security model with high efficacy to stop threats from exploiting the risky behavior of remote workers. Lots of vendors claim to block and detect threats, but only one vendor stands out as the industry leader in threat detection for the second year in a row.

AV-TEST places Cisco Umbrella, the heart of Cisco’s SASE architecture, first in security efficacy in a recent test. Cisco Umbrella is a cloud-native security service that simplifies network security by helping you secure internet access and control cloud application usage across your network, branch offices and roaming users. Umbrella unifies DNS-layer security, secure web gateway, firewall and cloud access security broker (CASB) functionality. Umbrella integrated with Cisco AnyConnect provides secure endpoint access to the network so employees can work from any device, at any time, in any location.

AV-TEST evaluated Cisco Umbrella’s secure web gateway (enhanced with DNS security) and DNS-layer protection functionality. Umbrella received top marks across the board, with a 96.39% total detection rate, crushing the competition. Umbrella also demonstrated a significantly lower false positive rate than other products, helping employees stay productive while making security analysts more efficient and less likely to miss real threats. And, while we don’t like to brag, this data is too good to keep quiet, especially since this is the second year in a row that AV-TEST has found that Umbrella outperforms competitive offerings.

In September and October 2020, AV-TEST performed a review of Cisco Umbrella’s secure web gateway and DNS-layer security functionality, alongside comparable offerings from Akamai, Infoblox, Palo Alto Networks, Netskope and Zscaler. The test was commissioned by Cisco to determine how well vendors protected remote and roaming workers against malware, phishing sites and malicious websites. AV-TEST also carried out a false positive test against known clean popular websites and downloads from Alexa’s top list.

AV-TEST is an independent research institute for IT security based in Germany. For more than 15 years, cybersecurity experts from Magdeburg have guaranteed quality-assuring comparison and individual tests of virtually all internationally relevant IT security products.

About the Test

To ensure a fair review, research participants did not supply any samples (such as URLs or metadata) and did not influence or have any prior knowledge of the samples tested. All testing methodology engaged was solely AV-TEST’s.  All products were configured to provide the highest level of protection, utilizing all security-related features available at the time. The test focused on the detection rate of links pointing directly to portal executable (PE) malware (such as EXE files), links pointing to other forms of malicious files (such as HTML and JavaScript) and phishing URLs. The test included a total of 3,572 malware samples.

Secure Web Gateway Test

First, the lab test assessed each vendor’s secure web gateway functionality–specifically, the ability to protect roaming and remote workers. Given that the global pandemic has accelerated the move of edge security controls to a cloud-delivered model, each vendor’s secure web gateway functionality was configured with the protection of their roaming agents on the devices tested.

A secure web gateway is based on a full web proxy that sees and inspects all web connections. Unlike DNS-layer protection, which only analyzes domain names and IP addresses, a web proxy sees all