Breach Prevention System
BPS 2017 Test Report: Fortinet Advanced Threat Protection

BPS 2017 Test Report: Fortinet Advanced Threat Protection


William Dean Freeman, Jessica Williams



Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Enterprises must in turn evolve their defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach prevention system (BPS). A BPS is an integrated solution that leverages multiple modern technologies such as cloud and on-premises sandboxing, emulation, and machine learning. These technologies are leveraged in conjunction with traditional deep inspection and/or access control blocking technologies such as next generation firewalls (NGFWs) and next generation intrusion prevention systems (NGIPS) that act as enforcement points. In addition, most BPS have integrated endpoint technology which enables them to block attacks that would not otherwise be seen by a network device.


NSS Labs performed an independent test of the Fortinet Advanced Threat Protection (FortiSandbox Cloud with FortiGate 600D v5.6.1, Fortimail Virtual Appliance v5.4.0 and Forticlient ATP Agent v5.6.1.1112). The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the Breach Prevention Systems (BPS) Test Methodology v1.1. This test was conducted free of charge and NSS did not receive any compensation in return for Fortinet’s participation.



  • Security Effectiveness: Capable of enforcing a specified security policy effectively
  • Performance: Measures the performance of a solution using various traffic conditions that provide metrics for real-world performance
  • Stability and Reliability: Ability of a solution to maintain security effectiveness while under normal and excessive utilization and while managing malicious traffic
  • Total Cost of Ownership (TCO): Costs associated with overall cost of deployment, maintenance, and upkeep


As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.