Unbiased third-party testing is critical for network security

Today, CIO and CISO teams are tasked with multiple business-critical initiatives like securing and connecting work-from-anywhere employees, moving applications to the edge or the cloud, and securing operational technology (OT) and IT environments. At the same time, the threat landscape continues to evolve and cyber risk is escalating for all organizations. Cybercriminals are finding new ways to weaponize technologies at scale to cause more disruption and destruction. And they’re spending more time on reconnaissance to evade detection, intelligence, and controls.

As cyber risk continues to escalate, CIOs and CISOs need to be just as nimble and methodical as their adversaries.

Determining how to provide adaptive and comprehensive protection against today’s evolving threat landscape is complex. Cybersecurity products like next-generation firewalls, single vendor secure access service edge (SASE), and Zero Trust Network Access (ZTNA) are the best way to protect enterprise data and employees. But with so many vendors to choose from as well as layers of marketing hype, footnoted claims, and qualified conditions, it’s not surprising that people get confused about selecting the right cybersecurity solutions for their business. 

Choosing a solution is challenging enough, but then after it’s deployed, if the product doesn’t meet the promised claims, it leads to trust issues and frustration. And when you think you’ve purchased a proven and reputable security solution and it doesn’t deliver, the results can be catastrophic.

The good news is that there are objective sources of information that can help organizations make more informed purchasing decisions. Third-party testing and validation can help CIOs find security products that do what they say they do and meet the specific infrastructure needs of their organization.

Third-party testing and validation

Unbiased, third-party testing involves evaluation by qualified, independent researchers with data-driven guidance to help organizations select effective security across a broad spectrum of solutions. Because organizations often don’t have the time or resources to do in-depth testing on their own, third-party testing gives them objective data to make informed decisions about the products they need to protect their critical assets. 

Common cybersecurity product testing issues

Cybersecurity products and services are specific to the needs of an organization’s rapidly changing environment, and testing often doesn’t properly cover new and emerging issues. Even worse, some technology testing firms still allow vendors to manipulate their methodologies to skew the test results in their favor. Because industry tests often lack standardized measurement criteria, the results can vary wildly. It’s impossible to accurately compare solutions from different vendors when the tests don’t have the same parameters. 

Why third-party tests are different

Legitimate third-party testing companies are disincentivized from inflating their results because their professional reputations are directly tied to the quantifiable reliability of the tests they conduct. And because third-party testing companies aren’t influenced by vendors, their testing may expose weaknesses in a solution that the vendor wants to obscure.

Independent testing is also the only way for customers to accurately cross-compare solutions from different vendors because the testing measures performance across the same environmental and security challenges for an “apples-to-apples” comparison. 

With a good independent third-party test, organizations can qualify products not only in the context of their networks but also against the rapid changes in the threat landscape. 

Selecting a third-party testing company

All third-party testing companies aren’t created equal. They each measure different criteria or have different objectives. Some are granular and others are broad. The research testing company you select needs to ensure their tests measure the most critical criteria for your organization. Be sure to select a third-party testing company that is open about its methodologies and replicates your organization’s environment and challenges as closely as possible.

Unbiased, ethical testing

A few organizations perform comparative testing and reporting on how different products measure up under real-world conditions. CyberRatings.org, for example, has stepped in to conduct ethical testing without vendor influence and manipulation. In the wake of the closing of the independent testing organization NSS Labs in 2020, CyberRatings.org is also now the custodian of previous NSS Labs results.

The type of competitive benchmarking, certification, and validation performed by companies like CyberRatings.org provides open and transparent industry information that levels the playing field. Unbiased testing is critical to the health and future of the cybersecurity and networking markets not only because it provides clarity to customers but also because of the value it drives for the companies whose products are tested. 

Testing that’s free from meddling can help incentivize vendors to release the best possible cybersecurity solutions, and for customers, a vendor’s lack of participation can serve as an important red flag. 

A commitment to independent testing and validation

For years, Fortinet has been committed to independent testing and validation. Rigorous and reputable outside evaluation is critical to raising the bar for the security industry as a whole and helps ensure that our customers can make informed buying decisions.

To that end, we participated in the latest CyberRatings.org test for Enterprise Firewall, and the Fortinet FortiGate 600F next-generation firewall received CyberRatings.org’s “Recommended rating.” Fortigate earned the highest AAA score in the threat prevention, SSL/TLS functionality, stability and reliability, and routing and access control testing categories, with a 99.88 security effectiveness rating. These results highlight the effectiveness of the solution’s artificial intelligence, machine learning, and threat intelligence capabilities and underscore the fact that FortiGate has the industry’s highest return on investment (ROI).  

Learn more about the Fortinet FortiGate or download the full CyberRatings.org 2023 Enterprise Firewall report to read the results.