TLS adoption has grown rapidly, with nearly 100% of website connections now delivered over HTTPS. Now, firewalls must do more than simply block threats—they need to provide advanced decryption capabilities to detect hidden dangers, while maintaining performance, all without compromising the speed of business operations.
Security shouldn’t come at the cost of performance
Many firewalls slow down significantly when advanced security features like Layer 7 inspection and TLS decryption are enabled. Deep packet inspection—essential for detecting threats such as malicious file transfers or web application attacks—requires decrypted traffic for effective analysis. Without decryption, these features become useless, as encrypted traffic flows through unchecked, allowing critical threats to remain hidden.
In recognition of this trend towards encryption, Cisco has made cutting edge product investments over the last few years to ensure our firewalls maintain performance without sacrificing security functionality. Our Field Programmable Gate Array (FPGA) component implements an industry-first flow offload engine to decrypt and encrypt TLS traffic in hardware. For TLS sessions that cannot be decrypted, Cisco adds another layer of protection with its Encrypted Visibility Engine (EVE). EVE leverages behavioral analytics and machine learning to detect malicious outbound communications even within encrypted traffic. Our customers see value because they get to implement security best practices for encrypted traffic and ensure operational efficiency.
Testing validates Cisco’s superiority in inspecting encrypted traffic
We are thrilled to share that these advances from Cisco have been recognized by NetSecOPEN during recent testing. The NetSecOPEN report confirms the advanced security capabilities of Cisco Secure Firewall, with 98% threat efficacy, 100% detection for evasive threats, and 100% block rate under heavy load conditions. To be transparent with our customers so they know what performance to expect when real-world traffic and threats reach their firewalls, we publish our HTTPS throughput capabilities in our data sheet. In testing, with its cutting-edge FPGA design, Cisco Secure Firewall 3105 maintained an impressive 4.17 Gbps throughput. This means our firewall exceeded its data sheet number of 3.2 Gbps by 30%, while firewalls from other firewall vendors performed up to 74% slower than their data sheet numbers.
Observed performance shows Cisco Secure Firewall performs 30% faster
Setting the standard: Validated by NetSecOPEN
NetSecOPEN, a nonprofit organization with members such as Cisco, Palo Alto Networks, and Fortinet, conducts open and transparent testing in partnership with top labs like SE Labs, SecureIQ Lab, and UNH-IOL. These methodologies allow customers to replicate the results in their own environments, according to the specifications of RFC 9411.
Powering security with Talos Intelligence
Cisco Secure Firewall is fortified by the intelligence of Cisco Talos, one of the largest commercial threat intelligence teams in the world. Talos powers the Cisco portfolio with extensive intelligence covering a vast range of customer environments across the globe. Talos provides verifiable and customizable defensive technologies and techniques that help customers, users and the internet at-large quickly protect their assets. This year, Talos introduced SnortML, a machine-learning detection engine designed to identify zero-day vulnerabilities, further enhancing the efficacy of Cisco’s firewall.
Operating on the principle of “See Once, Block Everywhere,” Talos takes a proactive approach to global threat defense. It leverages reputation tools to detect brand spoofing and malicious senders, while real-time categorization identifies phishing campaigns or malware. With Snort and ClamAV detection engines, Talos flags malicious domains, IPs, and file hashes, providing critical intelligence to security controls. With enrichment capabilities, it offers deeper threat context, empowering security teams to make faster, more informed decisions.
Trusted performance. Seamless security.
With Cisco Secure Firewall, businesses can confidently enable advanced security features without compromising speed. Our solutions empower your operations to remain fast, agile, and protected—even as traffic grows, and threats evolve. Cisco Secure Firewall empowers you to face the future without trade-offs, offering seamless protection today and tomorrow.
See the report
If you want to see how you can recreate the results in your own environment, you can follow the guidelines in the report. We have verified what Cisco Secure Firewall has steadily offered: industry-leading protection with effective speed while closing security gaps. As a leader in network security, you can rely on Cisco as your trusted partner.
Experience our firewall in action
Want to give it a try? Join the Cisco Secure Firewall Test Drive, an instructor-led 4-hour security course, allowing you to gain firsthand experience with Cisco firewalls, and discover the new techniques of attackers that have changed the network security needs.
1Table 12: HTTPS Throughput, NetSecOPEN Certification Report: Cisco Systems
2Table 2: Performance specifications and feature details, Cisco Firewall 3100 Series Data Sheet
3Table 11: HTTPS Throughput, NetSecOPEN Certification Report: Palo Alto Networks
4Table 1: PA-400 Series Performance and Capacities, PA-400 Series Data Sheet
5Table 11: HTTPS Throughput, NetSecOPEN Certification Report, Fortinet
6Specifications section: FortiGate 600F Series Data Sheet
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn