NGFW Egress C2 Test 2025: Assessing the Effectiveness of Outgoing Network Traffic Prevention and Detection Capabilities

1. December 2025

In November 2025, AV-Comparatives conducted an NGFW Egress C2 Test to evaluate the effectiveness of NGFW products in detecting and preventing malicious traffic. Certification reports are published only for vendors who achieved the certification (i.e. where malicious traffic was blocked). Non-certified vendors received feedback in order to improve their product.

In targeted attacks, one of the goals of APT groups is to establish control over a compromised system by opening a command-and-control channel (C2) to the command-and-control server operated by the attacker. If the attacker already has access to the system (via trusted relation or valid account) or was able to deliver malware by e.g. phishing or USB drive, they will then use C2 malware to open the C2 channel. The installed endpoint security product builds the first line of defence, but even the best products can be bypassed by APT groups. This means that the malicious-traffic prevention and detection capabilities of NGFWs are becoming more and more important. Therefore, we introduced the NGFW Egress C2 Test to check the effectiveness of NGFW products.

Bitdefender GravityZone Business Security Enterprise reached the certification requirements, i.e. it blocked all the malicious traffic used in this test. No other product was certified this year. This test will be offered again in 2026.

You can read the full report including a detailed test description here: https://www.av-comparatives.org/tests/ngfw-egress-c2-certification-bitdefender-gravityzone-business-security-enterprise/

NGFW Egress C2 Test 2025: Assessing the Effectiveness of Outgoing Network Traffic Prevention and Detection Capabilities

Related Posts