NSS Labs recently unveiled a new test of Breach Prevention System (BPS) technologies in December 2017, designed to assess the ability of security solutions to not only simply detect, but also actually prevent unknown (and little known) threats within 15 minutes. This is a critical capability for organizations concerned with today’s sophisticated threats, especially for IT teams that are accountable for securing business initiatives and yet are understaffed to provide continuous monitoring, investigating, and manual response to security incidents.
What this new testing process found (among other things) is that the Fortinet Security Fabric – with its integration of advanced threat detection into a broad set of security solutions deployed across the distributed attack surface – dramatically changes the game from traditionally time consuming detection and response to automated and highly granular detection, prevention, and response. Specifically, the Fortinet solution – comprised of FortiSandbox, FortiGate, FortiMail, and FortiClient – demonstrated a block rate of 99.6%, with 0 false positives.
Combined with outstanding performance and exceptional TCO, Fortinet earned another NSS Recommended rating. This Recommended rating for BPS is in addition to existing 2017 NSS recommendations for NGFW, DCFW, WAF, NG-IPS, BDS, and AEP.
Failure is the Mother of Success. How true that is when applied to cyber threats. Every failed and half-baked cyber campaign contributes to the evolution of these attacks, both in terms of sophistication and persistence. Which is why attacks today are so difficult to detect and repel. We are now increasingly seeing complex, exploit-driven malware combined with automated, self-evolving, and persistent attacks delivered via a wide range of attack vectors, including phishing, malvertising, worms, infected watering-holes, and more to establish a toehold within an organization. In fact, Verizon’s’ 2017 DBIR shows that 99% of all malware are distributed over email and web. Combine this with a rapidly evolving network ecosystem of clouds, mobile devices, IoT, and applications and today’s understaffed IT Security teams have their hands full with managing a multitude of disparate security policies, isolated security products, management consoles, and alerts. It can certainly be overwhelming at times. To effectively respond, defense systems need to evolve as well.
So Does Technology
Fortinet built the Security Fabric to augment an organization’s security architecture to correlate threat intelligence to quickly identify sophisticated and highly evasive threats, simplify threat response management, and accelerate threat response times. This begins by providing protection across a broad set of threat vectors through the integration of Fortinet and non-Fortinet products so they can share local and global threat intelligence through a central intelligence hub. Second, fully automating the prevent-detect-mitigate lifecycle across the entire attack surface not only provides an effective mechanism to counter even highly automated attacks, it also goes a long way towards solving the cyber security talent shortage.
Breach Prevention vs. Detection
The advent of this new group test from NSS is a reflection of the fundamental maturation of advanced threat capabilities, requiring security to expand beyond detection to detection and prevention. Over the past four years of BDS testing we have seen solutions improve significantly in terms of accuracy and efficacy as well as in affordability. The maturation of this technology is reflected in the results of this new Breach Prevention test.
Keep in mind, an organizations security posture determines how prevent-detect-mitigate threat response lifecycle is applied. There are organizations that have a higher risk tolerance while focusing more on user productivity/experience and there are others that are more risk adverse while fully aware the small burden of inconvenience placed on its users. Fortinet ATP solutions such as email and endpoint security integrated with sandbox by default allow users to run their day-to-day applications and based on sandbox detections to automatically apply mitigating actions. However, a good security practice to eliminate “patient zero”, is to allow pre-inspection before users have access and this is easily enabled via one-click “hold for sandbox” option in our solutions.
An important nuance between BPS and BDS
The BDS group test measures the detection of exploits, malware and evasions within 24 hours, which is used to calculate the security effectiveness in the BDS Security Value Map (SVM). The BPS group test, on the other hand focuses on blocking exploits, malware and evasions within a 15 minute window that is used to calculate the security effectiveness in the BPS Security Value Map (SVM). Furthermore, the BPS total cost of ownership calculations factors in samples that were additionally detected by the solution since it helps reduce the operational burden associated with the cost of remediating infections and breaches.
For this new, rigorous BPS test, Fortinet submitted FortiGate, FortiMail, FortiClient, and FortiSandbox, which are all part of the Fortinet Security Fabric solution. Based on the default configurations of our solution, the NSS Labs BPS result highlights include:
- 99.6% Block rate
- 100% in blocking and additionally detecting across all malware categories except HTTP (at 99.8%)
- 0% for False Positives
- Low 3-year TCO
FortiSandbox had already proven itself effective in the 2017 BDS test with a 99% Breach Detection rate, earning a Recommended rating four out of four years. And now, integrated with other Security Fabric components – namely, FortiGate, FortiMail, and FortiClient – it has achieved another NSS Recommended award with this latest 2017 BPS test. This latest accolade, combined with our growing list of Recommended awards for other Fortinet solutions, is a testament not only to Fortinet’s commitment to independent testing, but also an assurance that we are committed to continually evolving Fortinet’s Security Fabric technologies to enable organizations to securely achieve their digital transformation objectives.
Report: The full BPS report can be downloaded here.
(From Fortinet blog).