When evaluating potential cybersecurity solutions, independent testing serves as the gold standard for informed decision-making. While vendors often make competing claims about their superiority, the true litmus test lies in how their products perform under objective, real-world conditions. Independent evaluations cut through the noise, offering security leaders unbiased insights that marketing materials simply cannot provide.It is in this context that Zscaler Zero Trust Exchange has achieved a benchmark that sets it apart from the competition: a score of 100% in security effectiveness in the Security Service Edge (SSE) Threat Protection test conducted by CyberRatings.org (CyberRatings), the leading non-profit security testing organization, in Q2 2025. Scoring 100% across key measures such as exploit and malware block rates, exploit evasion resistance, malware evasion resistance, and TLS/SSL inspection capabilities, Zscaler has proven it delivers uncompromising protection, along with industry-leading false positive accuracy of 99.87%. Simply put, these results are unprecedented.This high performance for the second year in a row underscores Zscaler Zero Trust Exchange’s exceptional capabilities in advanced threat protection, reaffirming its position as a leader in modern cybersecurity. This achievement highlights Zscaler’s ability to harness the power of machine learning and cloud effect intelligence, delivering a comprehensive defense-in-depth approach that ensures unparalleled protection for its customers across complex threat landscapes.The Value of Independent, Transparent Security TestingIn a landscape where marketing claims often overshadow substance, independent security testing stands as a cornerstone for informed decision-making. CyberRatings.org is a non-profit organization dedicated to independent, objective research and testing of cybersecurity products. Unlike many vendor-sponsored product tests that are tuned to show an individual vendor in a positive light, CyberRatings transparently applies the same methods to each security product in a given area.With rigorous testing that spanned thousands of malware, exploit techniques, and evasion samples, Zscaler’s stellar performance, with 100% security effectiveness score in SSE Threat Protection, is a testament to our ability to deliver robust protection against a wide array of cyber threats. Test MethodologyCyberRatings designed the test to assess the capabilities and performance of Security Service Edge (SSE): Cloud-Delivered Network Security. By simulating a broad spectrum of attack types, the test used CyberRatings Threat Protection Methodology v2.1, to assess SSE products in several areas, including:Threat Protection – How effectively does the SSE protect against threats (malware and exploits)?Resistance to Evasion – How effectively does the product handle techniques that would otherwise permit attackers to circumvent security controls?TLS/SSL Functionality – Does the SSE support the most widely used ciphers to decrypt and inspect TLS/SSL traffic?Key Findings 1. 100% TLS/SSL SupportEncryption is a double-edged sword in the cybersecurity arena. While ensuring data confidentiality, it also poses challenges for security solutions attempting to inspect encrypted traffic. In fact, Let’s Encrypt statistics show that as of December 2024, over 80% of web traffic was sent over HTTPS, while Google Transparency report shows that 95% of websites use HTTPS. Therefore, TLS/SSL inspection remains a must-have capability for thwarting attacks that use encrypted channels for infiltration and data exfiltration.The testing revealed that the Zscaler Zero Trust Exchange platform demonstrated the ability to process a vast proportion of encrypted traffic seamlessly without compromising performance, scoring 100% in the test.Enterprises often face challenges when deploying security solutions that negatively impact performance. Zscaler overcomes this hurdle by leveraging a cloud-native, zero trust architecture, delivered through more than 150 edge locations globally. By peering directly with leading internet service providers and SaaS applications, Zscaler minimizes network latency with fewer hops to cloud services. Additionally, the Single-Scan, Multi-Action™ (SSMA) engine ensures that all security inspection processes analyze the same TLS/SSL packet contents simultaneously, in a single pass. This approach, combined with Zscaler’s extensive edge network, enables the Zscaler Zero Trust Exchange to deliver high performance and reliability.2. 100% Malware Block RateMalware remains one of the most pervasive and damaging threats, designed specifically to disrupt operations, compromise systems, and gain unauthorized access to sensitive information. This malicious software comes in many forms, including viruses, worms, and Trojan horses, to more advanced variants such as ransomware, spyware, and adware. Each type of malware targets critical aspects of an enterprise’s security, aiming to breach the confidentiality, integrity, or availability of data and systems. As attackers continuously refine their methods to deliver malicious payloads more effectively, organizations must deploy robust solutions capable of identifying and neutralizing malware across its diverse spectrum to safeguard their operations and users.Zscaler Zero Trust Exchange was able to 100% block 6,184 malware samples used as part of the testing. Zscaler achieves its exceptional level of malware prevention by employing a robust, defense-in-depth strategy that incorporates multiple advanced layers of protection: A solid zero trust foundation that minimizes the attack surface along with comprehensive TLS/SSL inspection at scale and a suite of state-of-the-art malware detection engines that are continuously updated to counter the ever-evolving spectrum f malware threats.3. 100% Exploit Block RateThe CyberRatings exploit repository is a collection of internal, third-party, in-the-wild, and public exploits encompassing a wide range of protocols and applications. It is based on the Common Vulnerabilities and Exposures (CVEs) publicly listed in the MITRE CVE and NIST NVD databases.As part of the test, Zscaler Zero Trust Exchange was able to detect and block 100% of the 205 exploits spanning CVEs ranked critical, high, medium and low.In order to defend against a full range of exploits, Zscaler employs a comprehensive, defense-in-depth strategy that encompasses large-scale TLS/SSL traffic inspection, Advanced Threat Protection, Intrusion Prevention System (IPS) functionality, and additional cutting-edge security measures to deliver unmatched protection.4. 100% Evasions ResistanceThreat actors frequently attempt to manipulate or obscure their attacks during delivery to bypass traditional security measures. For example, while a security solution might recognize a known malware sample, it could fail to identify or block obfuscated traffic designed to mask that malware. Furthermore, even if a security tool detects the use of an evasion technique, it may still struggle to decode the disguised traffic and pinpoint the original attack. This makes evasion detection an especially complex challenge. However, just a single successful evasion can enable threat actors to breach a system, highlighting the critical need for advanced evasion resistance in modern security solutions.As part of the testing, CyberRatings evaluated if Zscaler Zero Trust Exchange could detect and block a combination of evasion techniques spanning 37 categories, including both malware-related evasions, relying on techniques like packers, compressors, HTML/HTTP obfuscation, and more, and exploit-related evasions, using techniques like HTTP chunked encoding, compression, header manipulation, layered JavaScript obfuscation, and more.1154 evasion techniques were tested and Zscaler blocked every single one, including complex, layered evasions that use multiple techniques. 5. False Positive Accuracy of 99.87% False positives present a significant challenge for enterprises, often resulting in reduced security effectiveness and increased operational strain. When security teams are overwhelmed by inaccurate alerts, they may disable critical features, inadvertently exposing their systems to greater risks. This phenomenon, termed “alert fatigue,” heightens the potential for genuine threats to be missed amidst the noise. To address this issue, Zscaler Zero Trust Exchange underwent rigorous testing to evaluate its ability to accurately differentiate between legitimate and malicious traffic. The assessment included 1,514 false positive files across diverse categories, such as system files, executables, productivity formats, compressed files, and media types. Leveraging CyberRatings.org’s repository of 100,000 enterprise-relevant samples such as URLs, file transfers, and application flows—while excluding irrelevant data like software cracks and adware—the Zscaler Zero Trust Exchange demonstrated exceptional precision in mitigating false positives, reinforcing its role as a reliable and efficient solution for modern security operations.What Does This Mean for Your Enterprise?As cyber threats evolve and the threat landscape expands, attackers will persist in refining their tactics. To stay resilient in the face of these challenges, organizations must prioritize security investments in solutions that have been rigorously validated through independent, transparent evaluations. Zscaler proudly achieved a flawless 100% security effectiveness rating in the CyberRatings SSE Threat Protection assessment, reaffirming its position as an industry leader for the second consecutive year. This achievement underscores Zscaler’s unwavering commitment to delivering world-class protection against the most sophisticated threats. For deeper insights into the findings and actionable recommendations detailed in this evaluation, we invite you to download the full CyberRatings SSE Threat Protection Test report.
[#item_full_content] When evaluating potential cybersecurity solutions, independent testing serves as the gold standard for informed decision-making. While vendors often make competing claims about their superiority, the true litmus test lies in how their products perform under objective, real-world conditions. Independent evaluations cut through the noise, offering security leaders unbiased insights that marketing materials simply cannot provide.It is in this context that Zscaler Zero Trust Exchange has achieved a benchmark that sets it apart from the competition: a score of 100% in security effectiveness in the Security Service Edge (SSE) Threat Protection test conducted by CyberRatings.org (CyberRatings), the leading non-profit security testing organization, in Q2 2025. Scoring 100% across key measures such as exploit and malware block rates, exploit evasion resistance, malware evasion resistance, and TLS/SSL inspection capabilities, Zscaler has proven it delivers uncompromising protection, along with industry-leading false positive accuracy of 99.87%. Simply put, these results are unprecedented.This high performance for the second year in a row underscores Zscaler Zero Trust Exchange’s exceptional capabilities in advanced threat protection, reaffirming its position as a leader in modern cybersecurity. This achievement highlights Zscaler’s ability to harness the power of machine learning and cloud effect intelligence, delivering a comprehensive defense-in-depth approach that ensures unparalleled protection for its customers across complex threat landscapes.The Value of Independent, Transparent Security TestingIn a landscape where marketing claims often overshadow substance, independent security testing stands as a cornerstone for informed decision-making. CyberRatings.org is a non-profit organization dedicated to independent, objective research and testing of cybersecurity products. Unlike many vendor-sponsored product tests that are tuned to show an individual vendor in a positive light, CyberRatings transparently applies the same methods to each security product in a given area.With rigorous testing that spanned thousands of malware, exploit techniques, and evasion samples, Zscaler’s stellar performance, with 100% security effectiveness score in SSE Threat Protection, is a testament to our ability to deliver robust protection against a wide array of cyber threats. Test MethodologyCyberRatings designed the test to assess the capabilities and performance of Security Service Edge (SSE): Cloud-Delivered Network Security. By simulating a broad spectrum of attack types, the test used CyberRatings Threat Protection Methodology v2.1, to assess SSE products in several areas, including:Threat Protection – How effectively does the SSE protect against threats (malware and exploits)?Resistance to Evasion – How effectively does the product handle techniques that would otherwise permit attackers to circumvent security controls?TLS/SSL Functionality – Does the SSE support the most widely used ciphers to decrypt and inspect TLS/SSL traffic?Key Findings 1. 100% TLS/SSL SupportEncryption is a double-edged sword in the cybersecurity arena. While ensuring data confidentiality, it also poses challenges for security solutions attempting to inspect encrypted traffic. In fact, Let’s Encrypt statistics show that as of December 2024, over 80% of web traffic was sent over HTTPS, while Google Transparency report shows that 95% of websites use HTTPS. Therefore, TLS/SSL inspection remains a must-have capability for thwarting attacks that use encrypted channels for infiltration and data exfiltration.The testing revealed that the Zscaler Zero Trust Exchange platform demonstrated the ability to process a vast proportion of encrypted traffic seamlessly without compromising performance, scoring 100% in the test.Enterprises often face challenges when deploying security solutions that negatively impact performance. Zscaler overcomes this hurdle by leveraging a cloud-native, zero trust architecture, delivered through more than 150 edge locations globally. By peering directly with leading internet service providers and SaaS applications, Zscaler minimizes network latency with fewer hops to cloud services. Additionally, the Single-Scan, Multi-Action™ (SSMA) engine ensures that all security inspection processes analyze the same TLS/SSL packet contents simultaneously, in a single pass. This approach, combined with Zscaler’s extensive edge network, enables the Zscaler Zero Trust Exchange to deliver high performance and reliability.2. 100% Malware Block RateMalware remains one of the most pervasive and damaging threats, designed specifically to disrupt operations, compromise systems, and gain unauthorized access to sensitive information. This malicious software comes in many forms, including viruses, worms, and Trojan horses, to more advanced variants such as ransomware, spyware, and adware. Each type of malware targets critical aspects of an enterprise’s security, aiming to breach the confidentiality, integrity, or availability of data and systems. As attackers continuously refine their methods to deliver malicious payloads more effectively, organizations must deploy robust solutions capable of identifying and neutralizing malware across its diverse spectrum to safeguard their operations and users.Zscaler Zero Trust Exchange was able to 100% block 6,184 malware samples used as part of the testing. Zscaler achieves its exceptional level of malware prevention by employing a robust, defense-in-depth strategy that incorporates multiple advanced layers of protection: A solid zero trust foundation that minimizes the attack surface along with comprehensive TLS/SSL inspection at scale and a suite of state-of-the-art malware detection engines that are continuously updated to counter the ever-evolving spectrum f malware threats.3. 100% Exploit Block RateThe CyberRatings exploit repository is a collection of internal, third-party, in-the-wild, and public exploits encompassing a wide range of protocols and applications. It is based on the Common Vulnerabilities and Exposures (CVEs) publicly listed in the MITRE CVE and NIST NVD databases.As part of the test, Zscaler Zero Trust Exchange was able to detect and block 100% of the 205 exploits spanning CVEs ranked critical, high, medium and low.In order to defend against a full range of exploits, Zscaler employs a comprehensive, defense-in-depth strategy that encompasses large-scale TLS/SSL traffic inspection, Advanced Threat Protection, Intrusion Prevention System (IPS) functionality, and additional cutting-edge security measures to deliver unmatched protection.4. 100% Evasions ResistanceThreat actors frequently attempt to manipulate or obscure their attacks during delivery to bypass traditional security measures. For example, while a security solution might recognize a known malware sample, it could fail to identify or block obfuscated traffic designed to mask that malware. Furthermore, even if a security tool detects the use of an evasion technique, it may still struggle to decode the disguised traffic and pinpoint the original attack. This makes evasion detection an especially complex challenge. However, just a single successful evasion can enable threat actors to breach a system, highlighting the critical need for advanced evasion resistance in modern security solutions.As part of the testing, CyberRatings evaluated if Zscaler Zero Trust Exchange could detect and block a combination of evasion techniques spanning 37 categories, including both malware-related evasions, relying on techniques like packers, compressors, HTML/HTTP obfuscation, and more, and exploit-related evasions, using techniques like HTTP chunked encoding, compression, header manipulation, layered JavaScript obfuscation, and more.1154 evasion techniques were tested and Zscaler blocked every single one, including complex, layered evasions that use multiple techniques. 5. False Positive Accuracy of 99.87% False positives present a significant challenge for enterprises, often resulting in reduced security effectiveness and increased operational strain. When security teams are overwhelmed by inaccurate alerts, they may disable critical features, inadvertently exposing their systems to greater risks. This phenomenon, termed “alert fatigue,” heightens the potential for genuine threats to be missed amidst the noise. To address this issue, Zscaler Zero Trust Exchange underwent rigorous testing to evaluate its ability to accurately differentiate between legitimate and malicious traffic. The assessment included 1,514 false positive files across diverse categories, such as system files, executables, productivity formats, compressed files, and media types. Leveraging CyberRatings.org’s repository of 100,000 enterprise-relevant samples such as URLs, file transfers, and application flows—while excluding irrelevant data like software cracks and adware—the Zscaler Zero Trust Exchange demonstrated exceptional precision in mitigating false positives, reinforcing its role as a reliable and efficient solution for modern security operations.What Does This Mean for Your Enterprise?As cyber threats evolve and the threat landscape expands, attackers will persist in refining their tactics. To stay resilient in the face of these challenges, organizations must prioritize security investments in solutions that have been rigorously validated through independent, transparent evaluations. Zscaler proudly achieved a flawless 100% security effectiveness rating in the CyberRatings SSE Threat Protection assessment, reaffirming its position as an industry leader for the second consecutive year. This achievement underscores Zscaler’s unwavering commitment to delivering world-class protection against the most sophisticated threats. For deeper insights into the findings and actionable recommendations detailed in this evaluation, we invite you to download the full CyberRatings SSE Threat Protection Test report.
