The office perimeter now knows no bounds, stretching to couches and coffee shops as workers take advantage of remote options using mostly unsecured internet access. Cloud applications use is pervasive – the edge is now very much part of the corporate network. More devices are rolling out and mission critical workloads are being deployed in new networks. Security requirements are stacking up.
New security approaches like Zero Trust and Secure Access Service Edge (SASE) promise progress, but it seems as soon as one challenge is solved, another arises.
Vendors are racing to pack more and more capabilities into security solutions, driving product complexity to new heights. There are now upwards of 4,000 cybersecurity vendors serving a crowded, confusing market where it’s becoming harder than ever for end customers to assess and validate one provider versus another.
How can enterprises be sure they’re selecting security products that can actually keep up with changing needs and protect against the latest threats? What criteria should be uses to select one vendor over another?
These questions all point to one reality: It’s time for unbiased product testing that can keep up with an ever-changing security environment and provide objective benchmarking based on real-world conditions. Vendor self-tested configurations or traffic types designed to make a product look its best will no longer fly.
NetSecOPEN is answering the calls for help cutting through the confusion.
Leveling the security test playing field
NetSecOPEN is a community effort among industry leading test companies, vendors, and test labs, to create standardized network security and device performance test criteria, and reporting for enterprise buyers. In this open, transparent environment, there are no secrets about what is being tested or the test and device configurations. This should be welcome news for confounded enterprise buyers.
NetSecOPEN welcomes vendors to choose a lab to certify devices against the NetSecOPEN specifications. Certification reports are published on the NetSecOPEN website and publicly available. The vendor test configuration information is also made available so tests results can be reproduced by others.
As a neutral party, NetSecOPEN test results are unbiased, leveling the playing field, thus simplifying buyer decision-making.
Where NetSecOPEN is heading
NetSecOPEN is expanding its common test criteria to address the wide-ranging performance and security aspects of what network security devices are now being expected to do.
Importantly, NetSecOPEN is specifying generalized performance criteria on encrypted and non-encrypted domains. While it’s good news that 80-90% of all traffic is now encrypted, this makes it harder for devices to live up to performance claims. This has made testing encrypted domains critical.
In addition to testing general performance, devices are now subjected to myriad real-world traffic mixes from a variety of vertical industries. NetSecOPEN is creating performance test specification building blocks that align with the distinct needs of specific industries, such as healthcare, education, and a growing list of others. While the test criteria will not cover niche cases that would be specific to a given company, they will provide baseline requirements—based on actual customer experiences—for enterprises in that industry.
Emerging test criteria is also addressing a much broader set of attack and malware elements, such as including assessing with hacker evasion techniques, as well as security testing under load requirements, to understand how well devices and security policies detect and evade these difficult-to-discern and very real-world situations.
Security complexity isn’t going away, but enterprises should find relief in the wake of NetSecOPEN’s evolving test and validation initiatives.
Learn more about NetSecOPEN
Spirent is a founding NetSecOPEN member and believes strongly that open, collaborative, objective approaches to security and performance validation—not proprietary test suites—are essential for products and services to evolve as quickly as the security landscape.
NetSecOPEN test methodologies are made available within Spirent CyberFlood application and security assessment solution. Learn more about Spirent security device and performance validation capabilities.
Get latest updates on NetSecOPEN activities in this Dark Reading report.