Industry Trends

NSS Labs 2016 NGIPS Group Testing

By John Maddison | October 13, 2016

Fortinet is highly committed to the public testing of its products and solutions because it helps us to continuously improve our products and provide the best technology to our customers. We participate in dozens of tests across a spectrum of labs and approaches. 

In the most recent NSS Labs Next-Generation Intrusion Prevention System (IPS) group test, Fortinet received an exploit block rating of 99.6%.

However, during testing an issue was identified that resulted in an evasion technique used by NSS Labs to bypass our sensors.  This resulted in an automatic “caution” rating.  This issue was only on the FGT 3000D running FOS 5.4 under heavy load and represents a small percentage of our installed base. Upon notification from NSS Labs, we moved quickly to resolve the issue and released an update for the IPS Engine v3.169.  The update was delivered to NSS labs for re-test and then made available on Fortinet support site for public downloading.  Due to the late timing of the retest, the improved test results were not included in the Security Value Map but NSS Labs confirms resolution of the issue in the following bulletin.   

We highly recommend that customers update the FGT 3000D running FOS 5.4 to FOS 5.4.1.

Third party testing by its nature captures a moment in time in what is an otherwise highly dynamic situation.  This underscores that when evaluating a security solution, it’s important to look at a variety of tests conducted over a period of time, as well as determine how well it will interoperate as part of a larger security architecture when evaluating a security solution. This year alone, four Fortinet products have earned NSS labs coveted “Recommended” rating with near-perfect security effectiveness and detection scores all above 99% and just this past July, our exact same appliance - the FortiGate 3000D –scored NSS Labs’ highest rating in their Data Center IPS group test for Security Effectiveness by blocking 99.9 percent of exploits, as well as for TCO (Total Cost of Ownership) per protected Mbps (Megabit per second.)

We value our partnership with NSS Labs, and are proud of our track record for consistent and rigorous testing to ensure we are delivering the very best security to our customers.