ICSA labs released the Product Assurance Report white paper (pdf) earlier this week and sparked a wave of blog posts and comments about the quality of security products. There were some rather eye-opening results included in the paper. The report findings indicated that some vendors and enterprise users consider logging a nuisance and merely a “box to check.” According to the report, logging is a particular challenge for firewalls. Almost every network firewall (97 percent) or Web application firewall (80 percent) tested experienced at least one logging problem.
Dozens of vendors have certified network and Web Application firewall products. In order to attain ICSA Labs Certified status, web application firewall products must pass a rigorous set of functional, performance and platform security requirements. Candidate web application firewall products must completely satisfy the entire set of baseline requirements. Only products that passed all the tests are certified.
The list of comprehensive specification is created by a consortium of vendors and the ICSA. Here's what ICSA advised enterprise companies before purchasing and using security products:
* Demand quality.
* Be suspicious of performance claims and numbers. Vet them. Question them. Be an educated, cautious buyer.
* Choose more established products over new.
* Choose simplicity over complexity.
* Use certified products!
* Prefer vendors that certify their products, and that participate in industry and ICSA Labs consortia and other standards bodies.
This report helps to prove that certified products have higher quality and also shows the importance of certified products for the enterprise. It's a good reason to make sure your proxy is ICSA Lab certified.
Monday, November 23, 2009
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment