Industry Trends

ICSA Labs Certifies Fortinet’s Advanced Threat Protection Framework

By Bill McGee | June 14, 2016

Fortinet’s Advanced Threat Protection (ATP) Framework has once again achieved Advanced Threat Defense (ATD) Certification from ICSA Labs for Q1 of 2016.  We remain one of the four vendors in the entire industry who have achieved this independent certification.

Advanced threats represent some of the most difficult security challenges faced by organizations – as well as by the vendors who build tools to detect and stop them. Fortinet has developed the Fortinet Advanced Threat Protection (ATP) Framework to do just that. It is built around the seamless integration of five of Fortinet’s high-performance, award-winning technologies: 

  • FortiSandbox advanced threat detection appliances
  • FortiGate next generation firewalls 
  • FortiMail secure email gateway solutions
  • FortiWeb web application firewalls
  • FortiClient endpoint protection platform

These technologies are powered by a constant stream of the latest global threat intelligence from FortiGuard Labs. This data ensures they are constantly tuned to detect the very latest threats, including threat evasion techniques.  They also share objects and local intelligence in real-time, based on what is seen at each individual organization. 

Combined, these tools provide continuous network monitoring and analysis in order to detect, mitigate, and prevent even the most advanced threats – the ones designed to evade detection by traditional security solutions.

Of course Fortinet is not the only security vendor to offer a solution set to address today’s advanced threats.  And it can be challenging, with all of the hype in the industry, for organizations to know which solution set is best for their needs.  This is where ICSA Labs, an independent test arm of Verizon (also publishers of the annual Data Breach Investigations Report) comes in.

To help organizations evaluate advanced threat solutions, ICSA runs a regular Advanced Threat Detection (ATD) certification process introduced this past winter. One of the important aspects of this independent test, given the ever-changing nature of advanced threats, is that ICSA Labs tests and certifies Advanced Threat Detection solutions every quarter. 

And it’s not a test for the squeamish.

Test cycles range from three to six weeks. According to ICSA, “During 33 consecutive days of testing during the first quarter of 2016, ICSA Labs tested the detection capabilities of Fortinet’s Advanced Threat Protection (ATP) Framework with a mix of nearly 600 test runs. The mix was primarily composed of new and little-known malicious threats – i.e., recently harvested threats not detected by traditional security products.” With the exception of one day, the Fortinet solution ran with 100% accuracy.

Solutions are then rated both on their ability to detect advanced threats, as well as avoiding false positives. Only those solutions that manage to pass the certification process with at least a 75% detection rate get certified and listed on the ICSA certification site. 

As mentioned at the outset, this past quarter, only four vendor solutions managed to pass the certification process.  While we are rightly proud of how our solution performed, all vendors should be commended for participating and earning certification.  

Vendor % Detected % False Positives
  • Fortinet99.6%1.6%
  • Palo Alto98.3%1.9%
  • Symantec96.7%2.5%
  • Trend Micro86.1%5.4%

It is all too easy (and common) for vendors to commission their own tests or participate in feature reviews with a positive result. Which is why independent third party testing is so important. Hopefully, we will see more vendors in this certification, and indeed other independent comparatives.  Having credible and consistent measurements of alternate solutions available is critical for organizations investing not just money and resources in security technologies, but their reputation and future as well.

Why does this matter for Advanced Threat Defense in particular?

Once an organization has been compromised, an advanced attack can often go undetected for months. A brief look at high profile attacks over the past few years confirms this. And the results are often devastating. You need a tool capable of navigating the trickiest security landscape possible.

Which is why ICSA Labs uses the exact same threat vectors in their test bed that led to actual enterprise breaches – as determined by Verizon’s Data Breach Investigations Report (DBIR) - along with hundreds of recently harvested attacks that have either never been seen or are less than a few hours old. These are sophisticated, malicious threats that other security products typically miss.

For organizations serious about detecting and mitigating the most serious threats, a certification like this provides a good benchmark to use to begin to evaluate ATD solutions.  When it’s your business on the line, you can’t be too careful. A few percentage points in the efficacy of a solution may mean the difference between being protected and being compromised. 

What’s next?

As mentioned, advanced threats and the ICSA testing don’t stop so we continue to develop and enhance technologies to make our ATP Framework even better. On the development side, we recently integrated FortiSandbox with CarbonBlack Enterprise Protection to extend the Advanced Threat Protection of our Fortinet Security Fabric even broader.  On the enhancement side, we just announced the acquisition of AccelOps, a next-gen SIEM (Security Information and Event Management) solution that discovers, monitors, and correlates real-time network and threat intelligence across the entire distributed network. Its next-generation behavioral analytics and anomaly detection engines are designed to detect and alert on even the most subtle abnormal behaviors and traffic.

By adding this information, as well as the additional threat feeds it supports, to our FortiGuard Labs global threat intelligence and FortiSandbox local intelligence, we will be able to detect more threats with even greater accuracy, and respond even faster with effective threat mitigation.

To learn more about Fortinet Advanced Threat Protection please visit

To learn more about the AccelOps acquisition, please visit.