Response to Recently Released 2014 NSS Next-Generation Firewall Comparative Analysis

By: Lee Klarich, SVP Product Management at Palo Alto Networks

October 31, 2014 Update: We invite you to view an updated 2014 NSS Labs next-generation firewall test, in which Palo Alto Networks achieved 92.5% security effectiveness rating. Click here to see the updated report and read a letter of confirmation from NSS CEO Vikram Phatak.


As you may have seen, NSS recently released a report on Next-Generation Firewalls.  In their report, they purport to show Palo Alto Networks not scoring well.  There are a few important things to know about this report as Palo Alto Networks takes security and performance very seriously.

  • Palo Alto Networks intentionally did not participate in the 2014 NSS Next-Generation Firewall Comparative Analysis report that was recently published.  This means that unlike all of the other vendors in the report who configured and tuned their products specifically for this test, there was no input from us on the configuration of our device.
  • The reason we did not participate in this test is that over time we have come to believe that the NSS model of allowing vendor test tuning prior to public test is a "pay to play" approach and produces questionable objectivity and accuracy in results.
  • One year ago, we did participate and scored 96.4%. Since then, we have continued to invest even more in the sophisticated security capabilities of our products, as evidenced by our contributions to discovering Microsoft vulnerabilities – exceeding the findings of nearly every other network security vendor in the industry – and most recently our response to Heartbleed and Shellshock / Bash bug.
  • We take the efficacy of our Next-Generation Firewall very seriously.  We are trying to understand why they could have come to such a drastically different result compared to the same tests run against the same technology in 2013.  Importantly, the issues they’ve raised have never been observed in other tests conducted internally or with our install base of over 19,000 global enterprises.  It is also interesting to note that they say that we updated our OS in that time and broke the technology.  There is no basis for that claim as best evidenced by the fact that in the last year alone we added almost 6,000 new customers all of who have done their own stringent and detailed testing of our products in their mission critical environments.

We are committed to developing the most sound security technology that is designed to prevent sophisticated attacks. If you have any questions for me, I’d be very happy to talk to you directly, please email me here: