Driven by IoT and BYOD, networks continue to expand, and as they adopt multiple clouds in hybrid IT architectures, they also become more complex. In spite of this, organizations have still been emboldened to change the way they work, sell, communicate, and offer their services, largely because their HTTPS traffic is encrypted.
Consequently, encrypted traffic continues to grow, recently hitting a new all-time high of over 72% of all network traffic—a nearly 20% year-over year increase. However, one of the secrets of encryption that most people don’t talk about is that encryption technologies, such as secure sockets layer (SSL) and transport layer security (TLS), also hide up to 50% of cyberattacks. This makes the inspection of encrypted traffic and threat protection at high performance rates a non-negotiable feature of today’s Next-Generation Firewalls (NGFW).
Security performance that matches the speed of the business
Digital transformation should never mean that you have to compromise business performance for security, nor exchange operational simplicity for cost and complexity. While NGFW solutions continue to be the linchpin security technology for this transformation, IT teams are already overwhelmed with this network expansion and don’t have time and resources to validate the available NGFW solutions. The challenge is that self-reported speeds for inspecting encrypted traffic by vendors are either difficult to find or to interpret.
Fortunately, organizations are able to rely on third party tests by organizations like NSS Labs that provide comparisons based on rigorous testing between various NGFW vendors. And like the market itself, those test standards need to continually evolve. Driven by the need to align their NGFW throughput test with the rising volume of HTTPS traffic that utilizes SSL/TLS for encryption, NSS Labs recently adopted a traffic mix of 70% SSL/TLS and 30% non-SSL/TLS to measure the performance for the overall NGFW SVM (Security Value Map).
This is one of the reasons why we at Fortinet are committed to the continuous testing of our NGFW through third party validation centers like NSS Labs. And we are proud to report that Fortinet’s NGFW has earned its sixth consecutive “Recommended” rating from NSS Labs. In these most recent testing results, Fortinet’s FortiGate-500E NGFW demonstrated a powerful combination of security effectiveness and NGFW/SSL performance and functionality while enabling maximum business value for its customers. Key highlights include:
- Security Effectiveness: The Fortinet solution demonstrated an overall 98.96% exploit block rate, and stopped 100% of all live exploits, representing active attack campaigns on the Internet
- NGFW (HTTP + HTTPS traffic mix) Performance: For the first time, SSL/TLS inspection performance has been factored into the NSS Labs NGFW throughput test methodology. SSL/TLS contributes 70% and non-SSL/TLS traffic contributes 30% by weight. Fortinet FortiGate 500E delivered 5.978Gbps throughput on combined HTTP/HTTPS NSS Test
- SSL (HTTPS traffic only) Performance: Fortinet FortiGate 500E delivered one of the industry’s highest performance at 5.82Gbps, exceeding its datasheet advertised SSL/TLS throughput of 5.7Gbps
- SSL/TLS Capabilities: Fortinet solutions also demonstrated 100% functionality by successfully inspecting the top 30 Cipher Suites and two (2) emerging Ciphers that were part of the NSS Labs test bed. Fortinet’s NGFW/SSL solution provides best-of-breed security by doing HTTPS inspection and detecting exploits that have been hidden inside of encrypted flows
- Total Business Value: With a Total Cost of Ownership (TCO) after factoring in SSL/TLS performance, Fortinet solutions offers a low TCO in the NSS Labs 2019 NGFW Group Test
While these are excellent results, we also want to acknowledge that we missed a few evasions in initial testing that our R&D team has been able to subsequently address and make available to our customers. We are working with NSS Labs to have these validated. This is yet another example of our commitment to our customer’s security, and the value of third-party testing, where our products are continuously challenged, enabling Fortinet to offer our the customers bullet-proof security they have come to expect.
Reduced Cost, Complexity and Cybersecurity Risks with Fortinet’s NGFW
Today’s Enterprises have many point products in their campus and data center deployments that don’t share threat intelligence with each other. This reduces visibility and increases risks, making it difficult to build and maintain a robust and a well-coordinated security architecture. Having multiple consoles and service contracts also add significantly to the cost and complexity.
Fortinet Next-Generation Firewall (NGFW) solutions enable broad, integrated, and automated protection against emerging threats and increasing network complexity. They also serve as an integral part of the Fortinet Security Fabric – an end-to-end security architecture designed to share threat intelligence, reduce risks, and protect evolving networks.
In the NSS Labs 2019 NGFW Group Test of various NGFW vendors, Fortinet’s NGFW showcased low TCO, combined with high SSL performance.
We also demonstrated high SSL performance in NSS Labs’ 2018 NGFW Group Test, even though it was not counted towards the NGFW performance for the SVM, making it two years in a row that Fortinet has shown high SSL performance.
This result demonstrates Fortinet’s NGFW’s ability to consolidate multiple point products to reduce cost, complexity, and achieve streamlined operations with the best ROI. In addition, Fortinet’s continuous innovation enables its NGFW solutions to consistently offer the latest in industry standards, like TLS1.3.
To download the NSS Labs 2019 Next Generation Firewall Group Test Report for FortiGate 500E, and other key security areas, please visit our Fortinet Certifications page.