NGFW Egress C2 Test: Assessing the Effectiveness of Outgoing Network Traffic Prevention and Detection Capabilities
In June 2023, AV-Comparatives conducted an NGFW Egress C2 Test to evaluate the effectiveness of NGFW products in detecting and preventing malicious traffic. In targeted attacks, one of the goals of APT groups is to establish control over a compromised system by opening a command-and-control channel (C2) to the command-and-control server operated by the attacker. If the attacker has already gained access to the system via a trusted relationship, or has delivered malware using phishing or USB drives, they can use C2 malware to open the C2 channel.
No product got certified in the NGFW Egress C2 Test of 2023
In this test, AV-Comparatives focused on the effectiveness of NGFW products to detect and prevent outgoing network traffic from inside to outside the network, using various communication channels and protocols such as TCP, HTTP, DNS, etc. Certification reports are published only for vendors who achieved the certification (i.e. where all malicious traffic was blocked). Non-certified vendors received feedback in order to improve their product. Sadly, none of the products submitted in 2023 for this certification passed the test. However, the purpose of this focus-test is to help vendors improve their products by addressing the discovered issues before bad actors find and use them.
By providing this valuable information to the vendors, AV-Comparatives aims to ensure that both users and vendors benefit from the outcomes of such tests. In conclusion, AV-Comparatives will continue to conduct tests like these to provide valuable insights into the effectiveness of endpoint security solutions, NGFWs, and other security products so that users and vendors can enhance security measures and make the digital world safer for everyone.
