Subscribe
  • Home
  • /
  • Security
  • /
  • Fortinet Web application firewall earns 'Recommended' rating in latest NSS Labs tests

Fortinet Web application firewall earns 'Recommended' rating in latest NSS Labs tests

Independent testing firm NSS Labs "recommends" the FortiWeb-1000D for its stability, reliability and Web application security effectiveness.


Sunnyvale, California, 16 Oct 2014

Fortinet (NASDAQ: FTNT), a global leader in high-performance network security, today announced the FortiWeb-1000D is one of the industry's top-ranked Web application firewalls, blocking 99.85% of WAF attacks while succeeding in all other benchmark tests, resulting in a "Recommended" rating by independent testing firm NSS Labs. The rating demonstrates Fortinet's continued commitment to exceeding high industry standards while validating the solution's performance and security effectiveness for customers looking to strengthen their network security environment.

The FortiWeb-1000D successfully passed all test categories for threat evasions, false positive, stability and reliability, while outperforming published claims of throughput and HTTP connections per second.

"Enterprise organisations require a combination of performance and security effectiveness in WAF solutions in order to protect critical data from malicious Web application threats," said Vikram Phatak, chief executive officer at NSS Labs. "The FortiWeb-1000D met all benchmarks in tests evaluating threat evasion and false positives, and exceeded stated performance claims."

An NSS Labs "Recommended" rating indicates that a product has exhibited outstanding performance and deserves serious consideration by end user customers. NSS Labs reserves its "Recommended" rating for only the top-performing products, regardless of vendor market share, size or marketing efforts.

"Customers look to NSS Labs as the industry gold standard for the testing of security solutions ranging from firewalls to the latest breach detection systems. Third-party tests such as this are critical in helping customers evaluate product effectiveness, especially in a security environment replete with vendor marketing. NSS Labs' expansion into Web application firewalls underscores the importance of this category for enterprises, as applications become increasingly vulnerable to a rising tide of Web application attacks," said Tamir Hardof, vice president of product marketing for Fortinet. "We're pleased that our FortiWeb-1000D was selected to be included in this first WAF test by NSS. The 'Recommended' rating serves as a trusted beacon for customers looking to incorporate an effective, reliable and high-performance WAF into their network security infrastructure, and this positive rating reflects Fortinet's focus on products and technology to solve complex problems."

NSS Labs "Recommends" the FortiWeb-1000D

In comparative testing, NSS Labs reported that the FortiWeb-1000D passed all tests evaluating security effectiveness, which included URL parameter manipulation, form/hidden field manipulation, cookie/session poisoning, cross-site scripting, directory traversal, SQL injection and padding Oracle attacks. Specifically, NSS analysis found that the FortiWeb blocked 99.85% for all threat attack types, while maintaining a low false positive detection rate of 0.366%. The FortiWeb-1000D also passed all evasion technique testing, including packet fragmentation reassembly, stream segmentation, and URL obfuscation and normalisation.

NSS Labs found the FortiWeb-1000D also exceeded expectations for throughput performance. "The Fortinet FortiWeb-1000D is rated by NSS at 15 865 connections per second (CPS), which is higher the vendor- claimed performance. Fortinet rates this device at 750 Mbps, which would be 3 750 CPS at 21KB object size," according to the NSS Labs report.

For more information, the full product analysis report for the FortiWeb-1000D, and the NSS Security Value Map for Web Application Firewall are available for download. http://www.fortinet.com/resource_center/whitepapers/nss-labs-recommends-fortiweb-web-application-firewall.html

Share

The FortiWeb-1000D

The FortiWeb-1000D Web Application Firewall provides enterprises a robust solution for Web-based application protection. Using advanced behavioural-based learning and threat detection, FortiWeb automatically learns about applications and their usage patterns then actively monitors all activities to intercept and stop threats. FortiWeb helps protect against today's top application threats including cross-site scripting, SQL Injection and layer 7 denial of service attacks.

FortiWeb platforms help prevent identity theft, financial fraud and denial of service, delivering the technology needed to monitor and enforce government regulations, industry best practices, and internal policies.

Availability

The FortiWeb-1000D as tested by NSS Labs is available now. To learn more about the FortiWeb Web Application Firewall products or other Fortinet network security solutions, please visit www.fortinet.com.

Fortinet

Fortinet (NASDAQ: FTNT) helps protect networks, users and data from continually evolving threats. As a global leader in high-performance network security, it enables businesses and governments to consolidate and integrate standalone technologies without suffering performance penalties. Unlike costly, inflexible and low-performance alternatives, Fortinet solutions empower customers to embrace new technologies and business opportunities while protecting essential systems and content. Learn more at www.fortinet.com.

Copyright (c) 2014 Fortinet. All rights reserved. The symbols (R) and TM denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties, such as NSS Labs, and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialise or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

Editorial contacts

Michelle Spolver
Networks Unlimited
(408) 486 7837
mspolver@fortinet.com
Stefanie Hoffman
Networks Unlimited
(408) 486 5416
shoffman@fortinet.com