思博伦环形标志
网络安全

It’s Time for Unbiased Security Device Testing

作者:

Enterprise security management was never easy. But now a confluence of new realities is making it harder than ever to keep a step ahead of bad actors. Learn about the latest community efforts to level the security testing playing field.

The office perimeter now knows no bounds, stretching to couches and coffee shops as workers take advantage of remote options using mostly unsecured internet access. Cloud applications use is pervasive – the edge is now very much part of the corporate network. More devices are rolling out and mission critical workloads are being deployed in new networks. Security requirements are stacking up.

New security approaches like Zero Trust and Secure Access Service Edge (SASE) promise progress, but it seems as soon as one challenge is solved, another arises.

Vendors are racing to pack more and more capabilities into security solutions, driving product complexity to new heights. There are now upwards of 4,000 cybersecurity vendors serving a crowded, confusing market where it’s becoming harder than ever for end customers to assess and validate one provider versus another.

How can enterprises be sure they’re selecting security products that can actually keep up with changing needs and protect against the latest threats? What criteria should be uses to select one vendor over another?

These questions all point to one reality: It’s time for unbiased product testing that can keep up with an ever-changing security environment and provide objective benchmarking based on real-world conditions. Vendor self-tested configurations or traffic types designed to make a product look its best will no longer fly.

NetSecOPEN is answering the calls for help cutting through the confusion.

Leveling the security test playing field

NetSecOPEN is a community effort among industry leading test companies, vendors, and test labs, to create standardized network security and device performance test criteria, and reporting for enterprise buyers. In this open, transparent environment, there are no secrets about what is being tested or the test and device configurations. This should be welcome news for confounded enterprise buyers.

NetSecOPEN welcomes vendors to choose a lab to certify devices against the NetSecOPEN specifications. Certification reports are published on the NetSecOPEN website and publicly available. The vendor test configuration information is also made available so tests results can be reproduced by others.

As a neutral party, NetSecOPEN test results are unbiased, leveling the playing field, thus simplifying buyer decision-making.

Where NetSecOPEN is heading

NetSecOPEN is expanding its common test criteria to address the wide-ranging performance and security aspects of what network security devices are now being expected to do.

Importantly, NetSecOPEN is specifying generalized performance criteria on encrypted and non-encrypted domains. While it’s good news that 80-90% of all traffic is now encrypted, this makes it harder for devices to live up to performance claims. This has made testing encrypted domains critical.

In addition to testing general performance, devices are now subjected to myriad real-world traffic mixes from a variety of vertical industries. NetSecOPEN is creating performance test specification building blocks that align with the distinct needs of specific industries, such as healthcare, education, and a growing list of others. While the test criteria will not cover niche cases that would be specific to a given company, they will provide baseline requirements—based on actual customer experiences—for enterprises in that industry.

Emerging test criteria is also addressing a much broader set of attack and malware elements, such as including assessing with hacker evasion techniques, as well as security testing under load requirements, to understand how well devices and security policies detect and evade these difficult-to-discern and very real-world situations.

Security complexity isn’t going away, but enterprises should find relief in the wake of NetSecOPEN’s evolving test and validation initiatives.

Learn more about NetSecOPEN

Spirent is a founding NetSecOPEN member and believes strongly that open, collaborative, objective approaches to security and performance validation—not proprietary test suites—are essential for products and services to evolve as quickly as the security landscape.

NetSecOPEN test methodologies are made available within Spirent CyberFlood application and security assessment solution. Learn more about Spirent security device and performance validation capabilities.

Get latest updates on NetSecOPEN activities in this Dark Reading report.

喜欢我们的内容吗?

在这里订阅我们的博客

博客订阅

标签网络安全
Mike Jack
Mike Jack

安全解决方案产品营销高级经理

Michael Jack现任思博伦通信公司应用和安全解决方案组合产品营销高级经理。他拥有数据通信行业20年的工作经历,和网络测试和测量机构超过15年的工作经验。在思博伦通信公司,他与产品管理团队协作定义、生产和交付适用于网络设备制造商、企业和服务商的尖端的多种应用安全测试解决方案。Michael还参加过多次行业展会,并且在众多联网企业中担任产品营销和管理职务,其中包括Thomas-Conrad、UB Networks、Newbridge Networks、Compaq和Antara。