Manager
ICSA Labs Product Assurance Report
A study conducted by the Verizon RISK Team
Table of Contents
Introduction................................................................................................................................................2 Methodology............................................................................................................................ 2
• Testing and Certification • Data Collection
Looking Back: 20 Years in the Security Industry........................................................ 4 Product Testing Results........................................................................................................ 6
• Frequency of Criteria Violations • Common Types of Violations • Factors Contributing to Violations
Conclusions and Recommendations............................................................................18
• Recommendations to Vendors • Recommendations to Users
Authors
• Wade Baker • Charles D Hylender • George Japak
Contributors
• • • • • • • • Peter Tippett, MD, Ph.D. Dave Archer Kevin Brown David DeSanto Sam Glesner Darren Hartmen Andy Hayter David Koconis • Jon McCown • Brian Monkman • Thang Phan • Leo Pluswick • Al Potter • Guy Snyder • Jack Walsh • Greg Wasson
ICSA Labs Product Assurance Report
Introduction
Are the security products your organization depends upon every day reliable? Do they consistently meet expectations and live up to their billing? Chances are they do not. This experience has resulted in the not-so-tongue-and-cheek postulation that new security products are created to compensate for the shortcomings and side effects of the existing ones. That’s not to say there is never a legitimate need for new security solutions; new business models, new technologies, new threats, and new levels of global interconnectedness require us to continually adapt the products and practices we employ
A study conducted by the Verizon RISK Team
Table of Contents
Introduction................................................................................................................................................2 Methodology............................................................................................................................ 2
• Testing and Certification • Data Collection
Looking Back: 20 Years in the Security Industry........................................................ 4 Product Testing Results........................................................................................................ 6
• Frequency of Criteria Violations • Common Types of Violations • Factors Contributing to Violations
Conclusions and Recommendations............................................................................18
• Recommendations to Vendors • Recommendations to Users
Authors
• Wade Baker • Charles D Hylender • George Japak
Contributors
• • • • • • • • Peter Tippett, MD, Ph.D. Dave Archer Kevin Brown David DeSanto Sam Glesner Darren Hartmen Andy Hayter David Koconis • Jon McCown • Brian Monkman • Thang Phan • Leo Pluswick • Al Potter • Guy Snyder • Jack Walsh • Greg Wasson
ICSA Labs Product Assurance Report
Introduction
Are the security products your organization depends upon every day reliable? Do they consistently meet expectations and live up to their billing? Chances are they do not. This experience has resulted in the not-so-tongue-and-cheek postulation that new security products are created to compensate for the shortcomings and side effects of the existing ones. That’s not to say there is never a legitimate need for new security solutions; new business models, new technologies, new threats, and new levels of global interconnectedness require us to continually adapt the products and practices we employ