The initial debut of NetSecOPEN’s open network security product testing has been a success, with a range of products undergoing testing and certification. The appeal is easy to understand. NetSecOPEN testing provides a neutral, unbiased, level playing field that simplifies buyer decisions, making it easy to choose the right vendor for the right need. Not only are security tech companies embracing this approach, but they are already asking NetSecOPEN to include additional comprehensive security test requirements.
Last year, we touted the need for unbiased security device testing, introducing some of the key benefits of NetSecOPEN. About six months on, there is substantial progress to report as the NetSecOPEN community collaboration further defines the next wave of security testing.
NetSecOPEN’s test plans and methodologies have advanced significantly now that the IETF has ratified RFC 9411. The RFC 9411 open security standards specify test terminology, test configuration parameters, and benchmarking methodologies for next-generation network security devices, such as firewalls and intrusion prevention systems.
What’s next for NetSecOPEN?
The initial NetSecOPEN definitions concentrated on performance testing of security devices and basic attack testing. The next generation will create test cases to stress test device behavior under real-world traffic and hacker conditions. These will enable more comprehensive device evaluation and unbiased vendor comparisons.
The next generation will include:
Industry-specific traffic mixes to understand how a device handles encrypted and non-encrypted traffic across 15-20 real-world applications. Initial use cases are for healthcare and education organizations and applications, with expansion expected to other verticals.
Malware handling tests via device engines and inspection engines, with over 1,300 legacy and topical malware attack scenarios and 3,500 samples.
Advanced attack testing methodology based on over 1,300 CVE samples to determine whether an attack on a CVE is caught.
Two-vector tests that insert attacks as a tested device is brought up to a given level of performance to determine performance impact cand ability to block.
Evasions testing to determine if a security policy can identify an attack that was blocked in an un-evaded form and see if it can still be detected and mitigated when hacker evasion rules are applied.
The future for security testing standards
As a founding NetSecOPEN member, Spirent believes open, collaborative, objective approaches to security and performance validation—not proprietary test suites—are essential for products and services to evolve as quickly as the security landscape.
We anticipate security testing expanding beyond device testing to create open standards that focus on software and cloud, and virtual cloud-native approaches, such as SASE (secure access service edge) and ZTNA (zero-trust network access) implementations.
Spirent has a proven, expanding portfolio of security test capabilities for the physical world and initial cloud-native instantiations for cloud service providers and hyperscalers. In fact, NetSecOPEN test methodologies are already available within Spirent’s CyberFlood application performance and network security assessment solution.
NetSecOPEN and security testing are expanding rapidly, and we plan to provide another update on progress later this year.