Blog|Login|Chinese German Japanese|Follow @imperva
November 19, 2009
 Certification Matters
Share

ICSA labs released the Product Assurance Report white paper (pdf) earlier this week and sparked a wave of blog posts and comments about the quality of security products.... I believe that ICSA's goal was to highlight the importance of vendor natural certification and create more awareness but IMO they should have explained how the certification process works and the fact that certified products meet every single requirement of the specification. 


Take the following statement for example:  

The report findings suggest that some vendors and enterprise users consider logging a nuisance and merely a “box to check.”  According to the report, logging is a particular challenge for firewalls.  Almost every network firewall (97 percent) or Web application firewall (80 percent) tested experienced at least one logging problem.

Dozens of vendors have certified network and Web Application firewall products. In order to attain ICSA Labs Certified status, web application firewall products must pass a rigorous set of functional, performance and platform security requirements.  Candidate web application firewall products must completely satisfy the entire set of baseline requirements. Only products that passed all the tests are certified. 

The list of comprehensive specification is created by a consortium of vendors and the ICSA. from my experience working with ICSA (I am involved in the Web Application Firewall consortium that creates the WAF certification criteria and previously I was involved in the Network Firewall consortium) the requirements set a very high standard. (Check the pdf yourself).  
.
In my opinion, this report proves that certified products have higher quality and it also shows the importance of  certified products for the enterprise. 

Here's what ICSA advised enterprise companies before purchasing and using security products: 
  • Demand quality.  
  • Be suspicious of performance claims and numbers.  Vet them.  Question them.  Be an educated, cautious buyer. 
  • Choose more established products over new.  
  • Choose simplicity over complexity.
  • Use certified products!  
  • Prefer vendors that certify their products, and that participate in industry and ICSA Labs consortia and other standards bodies.  

Share |

Posted by Sharon Besser at 10:09:08 AM | Guest Bloggers


Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

« Cover Your Assets Real-time Application Security Assessment & Protection - Jeremiah Grossman & Brian Contos | Main | Insiders at T-Mobile UK Sold Customer Information »