Eleven big name security vendors, services firms, and testing labs have signed on as founding members of NetSecOpen to set open standards for testing network security. The organization, formed in 2017, aims to close the gap between proprietary performance metrics and real-world performance of security solutions, hence the open framework.
The founders are a who’s who in cybersecurity:
Platform vendors
- Check Point
- Cisco
- Fortinet
- Palo Alto Networks
- SonicWall
- Sophos
- WatchGuard
Test solution and services vendors
- Spirent
- Ixia/Keysight
Testing labs
- European Advanced Networking Test Center
- University of New Hampshire InterOperability Lab
The association is chaired by Jurrie Van Den Breekel, Spirent Communications’ vice president of business development and product management.
Here’s how NetSecOpen sees the current security product landscape:
- Networks have moved from 80% unencrypted HTTP traffic to more than 80% of the perimeter traffic in many organizations encrypted with modern secure cipher suites.
- Certification of security product performance is typically conducted by independent testing laboratories using proprietary testing methodologies.
- Achieving true “apples-to-apples” evaluations is difficult because the methodologies and test criteria differ from lab to lab.
- There are no up-to-date open standards for network security performance testing.
Here’s how NetSecOpen intends to change it:
- Replace competing standards with open standards that are intended to close the gap between how proprietary metrics evaluate performance and how the solutions actually perform in the real world.
- Testing methodology requires greater transparency, consensus, and standardization, and real-world factors need to be integrated into the testing methodology.
- The NetSecOpen standard is designed to provide metrics to compare solutions fairly and understand the impact on network performance of different solutions under the same conditions.
“This will remove a significant point of confusion for customers as they evaluate new products,” said Brendan Patterson, WatchGuard vice president of product management. “Everyone benefits when we make it easier for the customer to evaluate and select appropriate size products for their environment.”
NetSecOpen said its testing standard has been submitted to the IETF’s Benchmark Working Group and is available here. It includes a real-world traffic mix with 400 encryption certificates and 10,000 unique URLs. Specifications are in the final stages of approval. Products can be submitted for testing beginning in Q4 2018.
The push for independent testing standards on security products is growing. In late September, NSS Labs, a third-party security product tester, filed an antitrust lawsuit against CrowdStrike, ESET, Symantec and the Anti-Malware Testing Standards Organization (AMTSO) alleging they conspired to prevent independent testing that could uncover security flaws in their products. The AMTSO project in May adopted its first testing protocol standard developed in concert by 20 cybersecurity vendors and testers.
