FortiClient Scores High in the Latest Advanced Endpoint Protection Report from NSS Labs

Fortinet is highly committed to the public testing of our products and solutions. We participate in dozens of tests from variety of labs that use a spectrum of testing and analysis approaches. Not only do test results give customers a snapshot into the efficacy and value of a solution, but it also provides us with an opportunity to evaluate the effectiveness of our solutions in a variety of settings, allowing us to more effectively improve the quality of our technology.

As part of this commitment to third-party testing, Fortinet recently participated in the NSS Labs 2017 Advanced Endpoint Protection (AEP) test by submitting our FortiClient solution for public analysis. And on February 14^th, 2017, NSS published their test results.

Endpoints are often the most vulnerable components of any network. This is primarily because they are increasingly mobile, are in constant communication with a variety of unprotected servers and data located anywhere on the Internet, and because malware has evolved considerably over the past couple of years. As a result, the latest generation of endpoint malware has the ability to exploit legitimate applications, allowing it to bypass many legacy AV solutions.

This trend is driving organizations to re-evaluate their current endpoint protection strategy. As a result, a slew of new start-ups have emerged, all promising innovative ways to stop advanced threats targeted at the endpoint. Unfortunately, in a crowded endpoint security market – comprised of more than 60 endpoint security vendors – organizations are challenged with finding the right solution.

Which is why the 2017 NSS Labs AEP report is such a valuable resource. It helps cut through the marketing noise by sifting through the variety of endpoint offerings by validating their effectiveness at detecting and preventing known and unknown threats, along with their associated total cost of ownership.

Of the thirteen vendors that chose to participate in this year’s test, only nine received a Recommend rating, including our FortiClient solution, which was rated at 96% overall endpoint security effectiveness.

Fig 1. NSS Labs 2017 AEP SVM

Here is a quick breakdown of the FortiClient results:

1. Web-based threats: FortiClient blocked threats delivered over both non-secure or secured web connections (i.e. http or https,) at 99.8% and 100% effectiveness, respectively. This is the result of FortiClient’s built-in Web Filter that blocks malicious sites, and its CPRL AV engine with FortiSandbox integration that identifies and blocks both known and unknown malware.
2. Offline mode: FortiClient’s CPRL AV engine was also shown to provide 100% endpoint protection against the execution of malware even when the device was offline. 
3. Exploits only: Recent malware innovations allow cybercriminals to exploit legitimate applications in order to slip past legacy AV tools. FortiClient’s application firewall (exploit detection,) and FortiSandbox together blocked a wide variety of embedded exploits, including those integrated into Adobe Flash, Microsoft Office, Microsoft IE, and others. FortiClient was able to deny the completion of malicious application execution with 98.4% effectiveness.
4. Advanced malware (exploit and malicious executable as a single package): FortiClient detected and prevented malware containing both exploits and malicious executables with 100% accuracy through a combination of FortiClient’s application firewall (exploit detection), CPRL AV engine, and FortiSandbox working in concert.
5. Anti-evasion and false positives: FortiClient also stopped all malware evasion techniques tested, such as the use of fake certificates or packers. It also generated 0% false positives, meaning that it only detected and prevented malicious threats.

The 2017 rating for FortiClient from NSS Labs is the latest in a series of Recommended awards for our NGFW, DCFW, BDS, WAF, and NG-IPS security solutions.  As a result, Fortinet is now the only vendor whose individual Security Fabric solutions for advanced threat protection have all been evaluated and recommended by NSS Labs.

Which means that organizations embarking on an integrated framework approach to security can proceed with confidence in the fact that not only is their security architecture built around highly integrated devices designed to work together, but that these tools have also been tested and certified as best-of-breed technologies.

We strongly encourage organizations looking to buy a security solution to arm themselves with good information before making critical security decisions. Of course, not all testing centers are equal. It is vitally important to know something about the organization that produces the test results you are reviewing. Testing centers are as varied as the solutions they test. Some are notorious pay-to-play labs that, for a fee, will provide a vendor with just about whatever test results they want. Fortinet, however, is proud to only work with organizations like NSS Labs, ICSA, and AV-Test (to name just a few) because they operate with a high degree of professionalism and integrity.

Results from reputable testing labs should be an important part of your purchasing and decision making process. But what about solutions on the market that don’t participate in these tests? Frankly, any solution not being tested ought to be viewed with some skepticism. While reasons may vary, not testing a solution may indicate something about the product (was the manufacturer concerned it wouldn’t meet basic standards?) or about the manufacturer themselves (do they not have the resources to adequately participate in this market?) These questions need to be considered seriously, as they may have far-reaching consequences on the security of your organization.

That said, we also encourage organizations to see testing as part of a larger evaluation process. Equally important are a manufacturer’s reputation and tenure in the market, their history of innovation, and a commitment to open design and the use of standards that allow their solutions to be integrated into your larger security architecture.

While Fortinet did not purchase the distribution rights to the NSS Labs AEP report, the Security Value Map (SVM) is freely available for download here, and organizations can purchase the reports for themselves here.