SecureIQLab Finds 62-Point Gap in Cloud Firewall Security Across 12 Vendors

Independent ACFW CyberRisk Validation 2.0 tested over 4,500 attacks against 12 advanced cloud firewalls on identical AWS infrastructure

AUSTIN, Texas, March 19, 2026 /PRNewswire/ -- SecureIQLab today published the comparative results of its ACFW CyberRisk Validation 2.0 program, scoring 12 VM-based advanced cloud firewalls across 59 attack categories and all four validation pillars: threat defense, compliance, operational capabilities, and resiliency and performance. Security efficacy scores ranged from 36.3% to 98.5%, while the group average for advanced evasion defense fell below 50%.

Every cloud firewall vendor claims advanced threat prevention, compliance readiness, and operational simplicity. This report provides the empirical data to test those claims. Twelve products were deployed on identical AWS c5.xlarge infrastructure and evaluated under the same methodology, the same attacks, and the same scoring framework with no vendor influence on testing or results.

Key findings:

• Security efficacy scores ranged from 36.3% to 98.5% — a 62-point spread that reveals significant differences in real-world threat protection among products marketed with similar claims
• Compliance scores averaged 94.3% while advanced evasion defense averaged 48.7% — vendors broadly met regulatory and policy enforcement benchmarks but showed significant gaps when facing sophisticated attack techniques designed to bypass traditional controls
• Advanced evasion techniques exposed the widest gap, with a group average of 48.73% — meaning most firewalls failed to detect more than half of the sophisticated evasion methods tested, including encrypted payloads, living-off-the-land techniques, evasive C2, and polymorphic payloads
• Operational maturity outpaced threat defense across the market, with the group average for operational efficiency (84.4%) exceeding security efficacy (66.7%) by nearly 18 points — suggesting vendors have invested more in management polish than detection capability
• 17 evasion categories comprising 52 validated attack techniques tested across all vendors
• 8 industry-specific traffic profiles (Enterprise, SMB, ROBO, Healthcare, Education, Media and Entertainment, Financial Institutions, Retail) used for performance and resiliency validation, with 8 of 12 vendors passing SecureIQLab's security resiliency standard

"The data shows a market that has matured unevenly. Operational efficiency scores are consistently strong, but security efficacy varies by more than 60 points across the vendors we tested. When the average score for advanced evasion defense is below 50%, enterprises are making procurement decisions with a significant blind spot. That is the problem independent validation exists to solve," said David Ellis, VP of Research and Corporate Relations at SecureIQLab.

"When results vary this widely, the first question enterprises should ask is whether the testing methodology was applied equally to every product. The AMTSO Standard exists to answer that question. Every detail of this methodology is published, every vendor was tested under identical conditions, and anyone can examine the process. That is how independent validation earns trust," said John Hawes, AMTSO COO.

The validation was conducted from July 1 through Oct. 22, 2025, using SecureIQLab's AMTSO-compliant CyberRisk Validation methodology Version 2.0 (AMTSO Test ID: AMTSO-LS1-TP158), aligned to MITRE ATT&CK, STRIDE, OWASP, and CSA CCM frameworks. The test is non-commissioned and funded entirely by SecureIQLab, with no vendor influence on methodology, testing, or results.

The full ACFW CyberRisk Validation 2.0 Comparative Report including CyberRisk Ripple rankings, vendor-specific scores across all four pillars, and category-level breakdowns is available for download at secureiqlab.com/go/acfwv2comparative9.

Enterprise security leaders can request a briefing to discuss findings in the context of their specific deployment environment at secureiqlab.com/contact. Security vendors interested in reprint packages and CyberRisk Ripple badge licensing can contact [email protected].

This comparative publication completes SecureIQLab's ACFW CyberRisk Validation 2.0 program, following the Operational Efficiency report published March 3, 2026. Individual vendor test reports will be available at secureiqlab.com/publications soon.

Data Integrity Disclosure: SecureIQLab does not endorse specific vendors. The findings in this report represent objective data captured during the specified test period under controlled conditions. These results are presented as verified performance metrics and do not constitute a subjective recommendation or "rating" of any product. SecureIQLab disclaims all warranties regarding the application of this data to unique user environments.

About SecureIQLab
SecureIQLab is an independent cloud security validation laboratory based in Austin, Texas. Unlike traditional analyst firms that rely on subjective surveys, SecureIQLab provides empirical, real-time security metrics based on testing that maps real-world enterprise use cases to specific business challenges. SecureIQLab is a principal member of Mplify (formerly MEF) and a member of the Anti-Malware Testing Standards Organization (AMTSO), AVAR, and NetSecOPEN.

Media Contact
SecureIQLab Communications [email protected] 1-512-575-3457.

SOURCE SecureIQLab