Fortinet Web Application Firewall Earns “Recommended” Rating In Latest NSS Labs Tests
SUNNYVALE, Calif., October 1, 2014 – Fortinet® (NASDAQ: FTNT) – a global leader in High Performance Network Security, today announced that the FortiWeb-1000D is one of the industry’s top-ranked Web Application Firewalls, blocking 99.85 percent of WAF attacks while succeeding in all other benchmark tests, resulting in a “Recommended” rating by independent testing firm NSS Labs. The rating demonstrates Fortinet's continued commitment to exceeding high industry standards while validating the solution’s performance and security effectiveness for customers looking to strengthen their network security environment.
The FortiWeb-1000D successfully passed all test categories for Threat Evasions, False Positive, Stability, and Reliability, while outperforming published claims of throughput and HTTP Connections per Second.
"Enterprise organizations require a combination of performance and security effectiveness in WAF solutions in order to protect critical data from malicious Web application threats," said Vikram Phatak, chief executive officer at NSS Labs. "The FortiWeb-1000D met all benchmarks in tests evaluating threat evasion and false positives, and exceeded stated performance claims."
An NSS Labs “Recommended” rating indicates that a product has exhibited outstanding performance and deserves serious consideration by end user customers. NSS Labs reserves its “Recommended” rating for only the top performing products, regardless of vendor market share, size or marketing efforts.
“Customers look to NSS Labs as the industry gold standard for the testing of security solutions ranging from firewalls to the latest breach detection systems. Third party tests such as this are critical in helping customers evaluate product effectiveness, especially in a security environment replete with vendor marketing. NSS Labs’ expansion into Web application firewalls underscores the importance of this category for enterprises, as applications become increasingly vulnerable to a rising tide of Web application attacks,” said Tamir Hardof, vice president of product marketing for Fortinet. “We’re pleased that our FortiWeb-1000D was selected to be included in this first WAF test by NSS. The ‘Recommended’ rating serves as a trusted beacon for customers looking to incorporate an effective, reliable and high-performance WAF into their network security infrastructure, and this positive rating reflects Fortinet’s focus on products and technology to solve complex problems.”
NSS Labs “Recommends” the FortiWeb-1000D
In comparative testing, NSS Labs reported that the FortiWeb-1000D passed all tests evaluating security effectiveness, which included URL Parameter Manipulation, Form/Hidden Field Manipulation, Cookie/Session Poisoning, Cross-Site Scripting, Directory Traversal, SQL Injection and Padding Oracle Attacks. Specifically, NSS analysis found that the FortiWeb blocked 99.85 percent for all threat attack types, while maintaining a low false positive detection rate of 0.366 percent. The FortiWeb-1000D also passed all Evasion Technique testing, including Packet Fragmentation Reassembly, Stream Segmentation, and URL Obfuscation and Normalization.
NSS Labs found that the FortiWeb-1000D also exceeded expectations for throughput performance. “The Fortinet FortiWeb-1000D is rated by NSS at 15,865 connections per second (CPS), which is higher the vendor- claimed performance. Fortinet rates this device at 750 Mbps, which would be 3,750 CPS at 21KB object size,” according to the NSS Labs report.
For more information, the full product analysis report for the FortiWeb-1000D, and the NSS Security Value Map™ for Web Application Firewall are available for download. http://www.fortinet.com/resource_center/whitepapers/nss-labs-recommends-fortiweb-web-application-firewall.html
About the FortiWeb-1000D
The FortiWeb-1000D Web Application Firewall provides enterprises a robust solution for web-based application protection. Using advanced behavioral-based learning and threat detection, FortiWeb automatically learns about applications and their usage patterns then actively monitors all activities to intercept and stop threats. FortiWeb helps protect against today’s top application threats including cross-site scripting, SQL Injection, and layer 7 Denial of Service attacks.
FortiWeb platforms help prevent identity theft, financial fraud and denial of service, delivering the technology needed to monitor and enforce government regulations, industry best practices, and internal policies.
Fortinet (NASDAQ: FTNT) helps protect networks, users and data from continually evolving threats. As a global leader in high-performance network security, we enable businesses and governments to consolidate and integrate stand-alone technologies without suffering performance penalties. Unlike costly, inflexible and low-performance alternatives, Fortinet solutions empower customers to embrace new technologies and business opportunities while protecting essential systems and content.