Business & Technology
The unprecedented rate of cloud adoption and growth of SSL traffic is having a massive impact on network security, highlighting the need for performance, effectiveness, and accuracy. The continued adoption of cloud solutions, for instance, has driven the volume of SSL-encrypted traffic to nearly 60%, with that volume expected to rise to 75% in the next year, according to NSS Labs.
While NGFW solutions continue to be the linchpin security technology for the network, in today’s cloud and SSL-centric business environments not all NGFW solutions are created equal. To successfully compete in today’s marketplace, customers must select an NGFW solution that provides high-speed SSL inspection performance combined with industry-leading threat detection and prevention accuracy—especially where high-performance cloud access is required—to ensure that you never have to compromise business performance for security.
Ironically, in spite of the urgent need for such solutions, most NGFW vendors don’t even publish their SSL performance numbers. That's because, for most NGFW solutions, SSL inspection drives performance to their knees. Which is why in this year’s iteration of NSS Labs’ NGFW test methodology SSL inspection was a critical component of solution evaluation.
It’s also why we are so proud of our FortiGate Next-Generation Firewall solution. In this, our 5th consecutive year of earning NSS Labs’ coveted “Recommended” rating, NSS Labs reported that FortiGate demonstrated high SSL performance combined with 100% accuracy in detecting evasions. Read the full news release.
High SSL Inspection Performance: We build FortiGate NGFW devices using advanced Parallel Processing Technology, our patented content processors, and industry-mandated ciphers supported within those processors themselves. This unique engineering approach delivered high SSL inspection performance with minimal performance degradation, and 100% efficacy across all 32 of the cipher suites and emergent ciphers tested by NSS Labs. Combined, Fortinet delivers a true “SSL Ready” cloud access NGFW, which is why we also transparently publish our SSL inspection performance numbers. Additionally, Fortinet delivers a future-proof use case for the enterprise branch that combines NGFW security and SD-WAN, enabling high-performance SSL inspection at the branch office to secure direct internet access to SaaS applications at digital business speeds.
Unparalleled Protection against Evasive Threats: Detecting the sophisticated evasion techniques today's cybercriminals are developing is a constant challenge for many organizations. Part of the reason is that far too many NGFW solutions are just not up to the task. In this latest NSS Labs group test, Fortinet’s FortiGate NGFW solution successfully identified and blocked 100% of all evasions. And since the need to detect and prevent both known and unknown threats is also increasing, FortiGate once again proved its value with a 99.3% overall security effectiveness rating.
This degree of effectiveness is not only due to our exacting engineering and architectural approach to device design but also because of the direct integration between the FortiGate solution and our advanced FortiGuard Labs threat research intelligence. For example, 53% of the malware detected by FortiGuard Labs technology last May was known to us but was not found on the industry standard VirusTotal when searched for by hash. Similarly, 75% of the unknown malware we detected was also not found on VirusTotal when searched for by hash. For more information about FortiGuard Labs threat intelligence and research, take a look at our quarterly Threat Landscape Report.
Excellent NGFW Price/Performance (TCO): One way that many vendors try to compensate for the performance challenge of CPU-intensive security functions such as SSL inspection is to stack their box with off-the-shelf processors. Unfortunately, this approach can drive the price of an NGFW appliance through the roof. We at Fortinet believe that effective security should not break your budget, which is why we have spent years developing specialized security processors that provide significant performance advantages at a fraction of the cost of traditional designs. And these efforts continue to pay off as, once again, Fortinet delivered high NGFW price/performance in the latest group test results. For example, the FortiGate 500E was rated by NSS at 6,753 Mbps, which is higher than our rating of 5,200Mbps.
Broad Coverage of Enterprise Deployments: Of course, NGFW solutions don’t operate best in isolation. The best protection for enterprise environments occurs when your NGFW operates as part of an integrated system side-by-side with other leading security solutions. So it is crucial to point out that Fortinet has also achieved recommended ratings in eight different NSS Labs group tests, ranging from network and end-point security to breach detection and web application firewall.
Not only have Fortinet’s solutions been validated as best of breed across eight different categories, but they have also all been designed to interoperate as part of an integrated, holistic security architecture through our unique Security Fabric architecture. Detecting today’s sophisticated threats requires deep integration across different security solutions, allowing them to share and correlate threat intelligence and automatically coordinate a response to detected threats. And just as essential, IT teams can create and orchestrate policies and analyze threat intelligence across all solutions through a single management console, reducing OPEX overhead while closing the “time to respond” gap that today’s cybercriminals have become especially effective at exploiting.
The other challenge organizations face is deploying consistent security across the different network environments and ecosystems they are developing, including mobile users, IoT and smart devices, the explosion in applications, segmented networks and distributed data centers, the convergence of IT and OT infrastructures, and multi-cloud environments. NGFW solutions play a critical role in each of these areas. Unfortunately, not all vendors have a solution for each of these environments. Which means that organizations are forced to deploy a complex security architecture while trying to manage vendor sprawl and the challenges of visibility and control that creates.
Fortinet has addressed this challenge head on, pioneering cross-environment interoperability regardless of where security solutions are deployed. Fortinet NGFW solutions, for example, not only operate across the broadest array of physical environments but are the first solutions to run on every major cloud environment to ensure consistent, high-performance access and control. This approach provides consistent protection regardless of where your data and workflows live or how you need to architect your distributed network environment, from the core to the end user to the cloud.