NSS Labs 2018 Advanced Endpoint Protection (AEP) Test

The NSS Labs AEP group test evaluates products for security effectiveness, performance, and total cost of ownership (TCO). These products include endpoint security technologies that combine the protective capabilities of anti-threat products with the detection, investigation, and prevention capabilities of endpoint security products. FortiClient with integrated FortiSandbox earned a “Recommended” rating with average security effectiveness of over 97.3%, zero false positives, and low TCO.  

NSS Labs DCIPS 2018 SVM and Report

NSS Labs’ Data Center Intrusion Prevention Systems (DCIPS) focuses on data center environments, especially vulnerabilities commonly found in servers. The Security Value Map (SVM) shows that FortiGate IPS achieved the highest cumulative blocking rate at 98.73% and the lowest TCO at $3 per protected Mbps. Fortinet builds world-class IPS appliances and another “Recommended” IPS rating from NSS Labs proves this.

NSS Labs DCSG 2017 SVM and Report

NSS Labs’ DCSG test is a comprehensive Data Center Security Gateway (DCSG) test, including several tests to measure relevant security effectiveness and Intrusion Prevention (IPS) performance using live exploits including “weaponized” exploits (97.9% and 98% block rate respectively for Fortinet FortiGate 7060E and FortiGate 3000D) and resistance to evasion techniques (100% block rate for Fortinet). The FortiGate 7060E and 3000D both achieved “Recommended” status, with a leading combination of Security Effectiveness and Value per protected Megabit Per Second (Mbps) in the NSS Labs Security Value Map (SVM).

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.

NSS Labs NGIPS 2017 SVM and Report

NSS Labs’ NGIPS test is the most extensive IPS test, including several tests not conducted for DCIPS, such as live drive-by-exploits (100% block rate for Fortinet), exploits against web target types, application ID and evasions (also 100% block rate for Fortinet). The FortiGate 600D is a world-class IPS appliance, achieving “Recommended” status again with an overall 99.72% block rate.

NSS Labs Breach Detection Systems Test 2017 and SVM

According to Verizon's 2017 Data Breach Investigations Report, 99% of malware is delivered by email and the web. In the NSS Breach Detection System 2017 test, newly introduced FortiSandbox 2000E blocked 100% of advanced malware delivered over these two vectors and 99% overall offered at the lowest TCO, earning the NSS Labs “Recommended” rating.

NSS Labs NGFW 2017 SVM

FortiGate 3200D and 600D enterprise firewalls both offer a winning combination of security effectiveness, performance, and value, earning Fortinet its fourth consecutive NSS Labs NGFW Recommended rating. Fortinet excelled in continuous live testing, blocking 99.71% of exploits used in active attack campaigns every day and delivered the highest performance scores with 18.5 Gbps throughput and an average latency of 4.6 microseconds, regardless of packet size and including real-world traffic processing.

NSS Labs WAF Comparative Reports 2017 and SVM

The FortiWeb 3000E was put up against 5 leading WAF competitors. Please visit the link below to see how FortiWeb performed

NSS Labs 2017 Advanced Endpoint Protection (AEP) Test

NSS Labs expanded the AEP test criteria from their earlier 2015 EPP (Endpoint Protection Platform) Comparative test to include coverage for both EPP and EDR (Endpoint Detection and Response) into a consolidated test report. This real-world test covers different facets of malware delivery and execution including web-, email-, P2P- and offline-based threats, and malicious executable and exploit penetration, and many more. FortiClient earned the coveted NSS Labs “Recommended” twice in a row based on high security effectiveness at an affordable cost. Please visit the links below to access the AEP Security Value Map or to get a copy of the test report from NSS Labs.

NSS Labs Breach Detection Systems Test 2016 and SVM

FortiSandbox was perfect (100%) in detecting the most sophisticated malware and leveraging encryption to hide, and 99%+ overall--while demonstrating 10 Gbps performance handling of enterprise traffic. Fortinet is the only vendor that earned the NSS Labs "Recommended" rating for cloud and appliance breach detection systems.


NSS Labs’ Data Center Intrusion Prevention System (DCIPS) report is the industry’s most comprehensive test to date with their Security Value Map revealing that Fortinet’s FortiGate 3000D earned the highest ratings for Security Effectiveness, blocking 99.9 percent of exploits, and TCO (Total Cost of Ownership) per protected Mbps (Megabit per second).

NSS Labs NGFW 2016 SVM

NSS Labs’ Next Generation Firewall (NGFW) real-world testing reveals that Fortinet delivers a winning combination of security, network performance, and total cost of ownership (TCO). Fortinet was nearly perfect; scoring 99.6% in overall security effectiveness. The FortiGate 3200D was rated by NSS at 19 Gbps, 37% above its data sheet specifications, with excellent TCO where the value increased based on actual performance compared to the claimed specifications.

Common Criteria

Fortinet products have received NDPP, EAL2+, and EAL4+ based Common Criteria certifications. Common Criteria evaluations involve formal rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities involve a comprehensive and formally repeatable process, confirming that the security product functions as claimed by the manufacturer. Security weaknesses and potential vulnerabilities are specifically examined during an evaluation. More information on the latest Fortinet Common Criteria Certifications are available below:

ICSA Certified for Advanced Threat Defense

With data breaches continuing to make headlines, new product and solutions designed to detect and prevent the advanced attacks often at the root of these breaches have emerged. To help organizations assess the effectiveness of these new offerings, ICSA Labs, an independent division of Verizon (author or the annual Data Breach Investigations Report or DBIR), recently introduced a new independent, Advanced Threat Defense certification, and Email certification.

Independent Validation of Fortinet Solutions- NSS Labs

Firmly committed to independent testing to demonstrate what organizations should expect when selecting Fortinet security products, Fortinet participates in a broad set of ongoing NSS Labs Public Group tests. In short, Fortinet has consistently earned their top “Recommended” rating for many products. Check out summary test results in this NSS Labs brochure:

ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall

FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.

NSS Labs 2015 Breach Detection Systems Test

NSS Labs conducted its second annual group test of breach detection systems. And for the second year in a row FortiSandbox earned the coveted “Recommended” rating by demonstrating superior detection of advanced threats as well as superior value. The Tech Brief below presents key results from the testing, as well as an overview of FortiSandbox and integrated Fortinet products.

Department of Defense UC APL

UC APL certification qualifies designated Fortinet products for sale to Department of Defense (DoD) agencies based on stringent Security Technical Implementation Guide (STIG) testing, a standardized methodology for the secure installation and maintenance of computer software and hardware. To achieve UC APL certification, all approved Fortinet products were tested following STIG guidelines and checklists applied to System Under Test.

Virus Bulletin Antispam Testing

For more than seven years, VBSpam has been conducting continual independent comparisons of antispam solutions. Fortinet FortiMail has participated in roughly 40 VBSpam tests, including six in 2015, so that organizations can see the level of effectiveness they can expect in real-world environments. FortiMail has routinely earned the highest VBSpam+ rating, with results similar to the test excerpt here.

NSS Labs 2015 Next Generation IPS Test

In 2015, NSS Labs conducted a group test of next generation IPS solutions to assess their abilities to identify both the applications and the users on their internal networks, protect the enterprise user against threats/exploits, and catch sophisticated attacks while producing as few false positives as possible. Demonstrating 99% effectiveness and superior value, Fortinet FortiGate earned the NSS Labs Recommendation.

Top Industry Ratings, Certifications, and Collaboration Validates Fortinet Security

Fortinet security solutions are tested, validated, and certified by a broad range of industry organizations. FortiGuard Labs leads industry collaboration efforts to improve protection levels for every organization.

NSS Labs WAF 2014 SVM

In its first-ever web application firewall testing, NSS Labs reported that the FortiWeb-1000D achieved an overall block rate of 99.85% at $2.77 TCO per protected connection per second that earned the WAF “Recommended” status in their Web Application Firewall Security Value Map.

NSS Labs 2014 Breach Detection Systems Test

Fortinet’s FortiSandbox-3000D is one of the top rated Breach Detection Systems (BDS), delivering 99% breach detection and zero false positives, based on real-world comparative analysis conducted by third party NSS Labs.

CVE-Compatible Products and Services

Fortinet products are recognized as CVE-Compatible by MITRE. CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE's common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

FIPS 140-2

Fortinet products, including FortiGate, FortiAnalyzer, FortiMail and FortiClient are tested to FIPS 140-2 Level 1 and Level 2 requirements. The standards focus on the security and cryptographic requirements to cover areas related to the secure design and implementation of cryptographic modules.

Microsoft Certification

The Fortinet Single Sign-On agent has been certified to be compliant with the Windows Server 2012 R2 (x64) and Microsoft Windows 2008 Server R2 certification program requirements.

ISO 9001:2008

Fortinet Canada offices are registered against the ISO 9001:2008 Quality Management Systems standard. These offices represent key research and development centers for the company for activities such as hardware and software design and development, FortiGuard Security Services, technical documentation, and manufacturing operations.

NSS Labs WAF 2014 SVM

In its first-ever web application firewall testing, NSS Labs reported that the FortiWeb-1000D achieved an overall block rate of 99.85% at $2.77 TCO per protected connection per second that earned the WAF “Recommended” status in their Web Application Firewall Security Value Map.

NSS Labs 2014 Breach Detection Systems Test

Fortinet’s FortiSandbox-3000D is one of the top rated Breach Detection Systems (BDS), delivering 99% breach detection and zero false positives, based on real-world comparative analysis conducted by third party NSS Labs.

NSS Labs 2013 Next Generation Firewall Group Test

Based on NSS Labs’ test results, the FortiGate-3600C is one of the top performing systems out of nine next generation firewall products.

Fortinet Earns “Recommend” Rating in NSS Labs’ 2013 Firewall Comparative Analysis

Based on NSS Labs’ test results, the FortiGate-800C scored 100% for Stability, 100% for Evasion, 100% for Leakage and 100% in the central management review. All of which resulted in a TCO of $4 per protected megabit and 100% test scores for security and management effectiveness.

USGv6 Test Program

FortiGate products running FortiOS 4.0 MR3, FortiOS 5.2.6 and FortiOS 5.4.1 conform to USGv6 test specifications as router products. 

Wi-Fi Alliance

Fortinet's offers a range of FortiAP Wireless Access Points and FortiGate Controller combinations that have achieved Wi-Fi CERTIFIED™ status from the Wi-Fi Alliance®. The Wi-Fi CERTIFIED logo ensures operability in numerous configurations and interoperability with other Wi-Fi CERTIFIED equipment. The FortiAP Thin Access Point supporting various standards including WPA®, and WMM® for multimedia quality of service.