Palo Alto Networks™, the network security company, today announced that it has earned the NSS Labs 'recommended' rating in inaugural Next-Generation Firewall (NGFW) Group Test. Of the seven participating vendors, only two vendors achieved 'recommended' ratings.

NSS Labs, a leader in independent security product testing and research, is known to conduct the most comprehensive third-party testing in the industry, providing real-world research and analysis to enterprises, government agencies and organizations of all sizes. NSS Labs tested Palo Alto Networks PA-5020 and PAN-OS 4.0.5 against its fourth version of its Next-Generation Firewall test methodology, comprised of 1,486 live exploits and across a wide variety of traffic, payload sizes and protocols. Palo Alto Networks also blocked 95% of attacks against client applications within the test bed.

According to the report, "A NGFW must provide granular control based upon applications, not just ports." The report continues: "Our testing found that Palo Alto Networks PA-5020 PAN-OS 4.0.5 correctly enforced complex outbound and inbound policies consisting of many rules, objects and applications. We verified that the device successfully determined the correct application and took the appropriate action based upon the policy. For example, the NGFW allowed instant messaging text communications while blocking IM file transfers."

More information on NSS Labs' test of Palo Alto Networks, please visit:

"Because of the continuous changing application landscape, the firewall has to provide greater contextual awareness around applications, users and threats," said Vikram Phatak, CTO at NSS Labs. "In our tests, we take the same approach that today's cybercriminals would in attempting to breach the firewall. The NSS Labs Next-Generation Firewall Group Test is unique in that it provides a rigorous and truly independent analysis."

"Palo Alto Networks is the one and only firewall vendor that is a leader in the Gartner Magic Quadrant for Enterprise Network Firewalls and recommended as an NGFW by NSS Labs," said Rene Bonvanie, CMO at Palo Alto Networks. "It is an honor to be recognized by both of these organizations and a testament that we truly have built something that deserves to be called 'next-generation'."

About NSS Labs, Inc.

NSS Labs, Inc. is the recognized leader in independent security research and testing. We provide subscription-based security intelligence to enterprises worldwide. Our test-based research and expert analyses provide information technology professionals with the unbiased data they need to select and maintain complex security products for their organizationsNSS Labs evaluates both network and endpoint security products, producing both individual Product Analysis Reports and group Comparative Analysis Reports. Group tests culminate in our exclusive Security Value MapTM. Founded in 1991, the company is located in Austin, Texas. For more information, visit

About Palo Alto Networks

Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 20Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. Most recently, Palo Alto Networks has enabled enterprises to extend protection over all types of traffic, applications, and threats to remote users with the release of GlobalProtect™. For more information, visit

Palo Alto Networks, "The Network Security Company," the Palo Alto Networks Logo, App-ID, GlobalProtect, and WildFire are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.


What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.
  • 3
  • 61522

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 86
  • 241213

What is an Intrusion Prevention System?

An Intrusion Prevention System (IPS) is a network security prevention technology that examines network traffic flow to detect and prevent vulnerability exploits
  • 5
  • 110994

What is a Zero Trust Architecture?

Businesses who want to prevent the exfiltration of sensitive data and improve their defense against modern cyber threats can consider a Zero Trust architecture.
  • 1
  • 42194

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 21
  • 90889

What is Cybersecurity?

Cybersecurity refers to the preventative techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorized access.
  • 4
  • 84021