Effectiveness, Performance, and Value: The Role of Third Party Security Testing

Third party testing of security products and solutions plays a critical role in thwarting cybercriminals. The reason is simple: organizations need effective security solutions that meet an evolving set of requirements, and far too many security vendors don’t do a very good job of providing data that enables a fair comparison between competing solutions. It’s like comparison-shopping at the grocery store. Items next to each other appear similar at a glance, but when you look closely at the labels you find that one is priced per ounce, while the next is labeled with price per unit. Another calls itself “healthy,” yet contains too many grams of fat. 

Now, in the grocery you can take time to look closely at the labels, and the FDA ensures the labels reflect what’s inside.  Unfortunately, there is no authority for security solutions.

Which is why, for the past 16 years, Fortinet has actively participated in every credible lab test we find in order to support a standardized, ideally comparative, assessment of our solutions. And in return, we usually learn as much as our potential customers do from the results. Test methodologies provide one key input to us about changing enterprise requirements, and test results help us confirm we’re on the right track (although course correction is sometimes necessary) – in terms of both our expectations as well as compared to other products out there. But independent tests not only provide vendors like us with additional perspectives into enterprise requirements, but can even help organizations better understand market shifts in the options available in order to make informed choices.

With the advent of digital transformation, the networks that security tools were designed to protect are undergoing deep and often radical change. They are broader, more complex, and subject to a more sophisticated threat landscape than ever before.

As a result, NSS Labs has led the charge with independent testing that is based on open methodologies (constantly refined based on enterprise requirements), impartially applied across available products and quantifiably reported.  And that testing has had to evolve to ensure that security tools are up to the new challenge. For example:

1. The NSS Datacenter firewall category has given way to the Datacenter Security gateway, and testing requirements now reflect the need for things like segmentation and deeper levels of inspection at faster speeds.

2. Enterprise Endpoint Protection has transformed to Advanced Endpoint Protection, reflecting new security technologies (exploit prevention, machine learning, etc.) that better address today’s more sophisticated threats.

3. Breach Detection is moving towards Breach Prevention, reflecting the importance of automating the response to detected cyber events in order to keep up with fast moving threats.

4. NGFW testing is now being complemented with additional tests looking at things like SSL inspection, sandboxing, and SD-WAN, reflecting the changing nature of threats, connectivity, and traffic.

5. And Web Application Firewall is a relatively new test reflecting the growing need for dedicated protection of the web services portion of the network.

So, for organizations preparing for, or that are in the middle of their digital transformation efforts, and are looking at how to evolve their corresponding security, the current set of test methodologies being used by many labs and testing centers often provides critical insight into emerging requirements. They not only serve to keep busy enterprises abreast of changes in the market and the extent to which established and new vendors can meet their needs going forward, but also help vendors develop our products.

Of note, customers of the Fortinet Security Fabric can be confident that the Fortinet (and many of our Fabric ready) components that power it meet their evolving requirements. In fact they do so with superior effectiveness, performance, and value as demonstrated by NSS Labs Recommendations for NGFW, DCSG, WAF, AEP, BDS, and BPS as well as independent validations from other labs like ICSA, Virus Bulletin and more.

Look for our solutions in even an more robust set of independent tests throughout 2018 to ensure that we continue to meet enterprise requirements and provide credible, quantifiable, and comparative data points on how we stack up in the market.

Also, for more information, download our paper and learn about the top threats that enterprise security leaders are being forced to address and the security approaches to evalutate to protect against them.