Log in
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Fortinet, Inc.
  6. News
  7. Summary
    FTNT   US34959E1091


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Fortinet : The Value of Independent Testing to Assess Your Cybersecurity Posture

04/20/2021 | 12:28pm EDT

According to Gartner, 78% of organizations use 16 or more security tools and more than $150B is spent on information security every year. Further the Gartner hype cycles for cloud, network, application, and endpoint security cover more than 60 products.

Despite all of these security solutions and spending, it remains difficult to definitively answer a key question: 'How secure is our organization?' Let alone, 'Are we protected from [the latest] cyber attack?' Here are some ways to start answering those questions.

Security Scoring

Whether internally developed or established by industry available tools, key performance indicators (KPIs) can be used to assess your cybersecurity posture across all security configurations and controls. KPIs are one way to answer the question of how secure an organization may be either as an absolute, based on its historical levels, or as compared to organizations of similar size, geographies, or business. Using KPIs can provide a relative assessment that can be considered reasonable. But simply being better than the average does not necessarily mean that your security is adequate for your level of risk.

Penetration Testing

To understand your real risk of an incident, you can engage a red team of ethical hackers to attempt to breach your security configurations, controls, and teams. These groups are experts in the latest tools, techniques, and tactics. They act like cyber criminals and attempt to breach your defenses, which is an excellent way to stress test every aspect of your security, including employee awareness. This approach helps you determine which defenses are strong and which are weak. A key limitation is that it is dependent on the expertise of the red team and it only occurs at a single point and defined scope of attack.

Breach Attack Simulation

Breach attack simulation (BAS) is similar to penetration testing. Like penetration testing, it attempts to assess the totality and effectiveness of your defenses, but it uses automation tools to seek entry, rather than human experts. BAS can be run regularly and broadly, rather than at a single point in time or scope. However, the attacks are more programmatic, so they may be less sophisticated or customized than penetration testing.

Independent Effectiveness Testing

In addition to the organization-specific assessment of overall security, expert test labs run independent assessments of specific security tools. These assessments often benefit from a much larger sample set of attacks, since they are relevant to a broad set of organizations. And in many cases, they can provide comparative scoring for security tools of the same type. The common downside is that they operate in a lab, rather than the real-world. The conditions may vary from those of your organization, particularly over time. The assessments also typically focus on just one type of control, such as network security, email security, or endpoint security. They rarely test combinations of controls.

MITRE Engenuity ATT&CK Evaluations

MITRE Engenuity's ATT&CK Evaluations are another useful tool. The evaluations test a range of security tools that are typically in the same security category and expose them to a single or small number of sophisticated cybercriminal campaigns. These campaigns are comprised of a series of tactics and techniques that are designed to accomplish a defined cyber mission. The key benefits of this approach are:

  • Enterprise security teams to see the inner workings of security controls. They can understand not only what the solution detects but also why and how it performed. Seeing the process can give teams more confidence in the type of protection they have. The evaluation goes beyond a single attack, sample set, point in time, or control. Evaluation results also can be combined across controls for a more comprehensive view of coverage or exposure.
  • Security vendors get an independent assessment of their product's capabilities through the lens of the cybercriminal and a real-world campaign. They also have a collaborative community that can help them continuously improving the capabilities of their security products.

The primary drawback is that tactics and techniques evolve over time and he evaluation results are constrained to the scope of the campaigns that are run. The also focus only on detection of the attack technique, with no ability to assess what else (including legitimate operation) that might be flagged by the control.


Answering tough questions like 'How secure are we?' or 'Are we protected from [fill in the blank]?' requires considering a range of resources. If your objective is to do more than the average organization, security scoring is a great tool. If your objective is to push your security posture to higher levels, penetration testing and/or breach attack simulation are great aids. For granular assessments of individual security controls at points of exceptional risk, independent effectiveness testing can help. And for planning and implementing a rigorous and resilient defense based on capabilities across controls in aggregate, the MITRE ATT&CK Evaluation is a valuable tool. Finally, if you have questions that relate to a specific cyberattack or campaign, you should talk to each security vendor to get the answers you need.

To view our complete results, please visit the MITRE Evaluation website for Carbanak + FIN7.


Fortinet Inc. published this content on 20 April 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 20 April 2021 16:27:06 UTC.

ę Publicnow 2021
All news about FORTINET, INC.
05/12FORTINETá : FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities..
05/12Palantir, Telos Stand to Gain as US Plays Defense After Colonial Pipeline Hac..
05/12FORTINETá : Join Fortinet at RSA 2021
05/10PROTECTING CRITICAL INFRASTRUCTURE : Colonial Pipeline, DarkSide, and Ransomware
05/10OFFENSIVE DEFENSE : Using Deception Against Ransomware Attacks
05/10FORTINETá : SD-WAN is Essential for any SASE Deployment
05/06FORTINETá : Ensuring Strong Cyber Hygiene on World Password Day
05/05FORTINETá : SD-Branch Satisfies Snack Manufacturer's Appetite for Secure, Effici..
05/05FORTINETá : ENGIE Italia Securely Connects 120 sites including offices, operatio..
More news
Financials (USD)
Sales 2021 3 113 M - -
Net income 2021 520 M - -
Net cash 2021 2 866 M - -
P/E ratio 2021 63,9x
Yield 2021 -
Capitalization 32 178 M 32 178 M -
EV / Sales 2021 9,42x
EV / Sales 2022 7,78x
Nbr of Employees 8 615
Free-Float 81,8%
Duration : Period :
Fortinet, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends FORTINET, INC.
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus OUTPERFORM
Number of Analysts 28
Average target price 214,27 $
Last Close Price 197,03 $
Spread / Highest target 21,8%
Spread / Average Target 8,75%
Spread / Lowest Target -13,7%
EPS Revisions
Managers and Directors
Ken Xie Chairman & Chief Executive Officer
Michael Xie President, Director & Chief Technology Officer
Keith Franklin Jensen CFO, Chief Accounting Officer & Controller
Phil Quade Chief Information Security Officer
Christopher B. Paisley Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
FORTINET, INC.32.65%32 178
ACCENTURE PLC6.96%177 593