Initiative Aims to Develop Vendor-Neutral Security Testing Standards
Spirent Communications, an industry leader in test and measurement, today announced that the company is helping to define a new open standard for testing enterprise network security performance. Spirent is collaborating with top network security appliance and services vendors and certification labs in this initiative, which will offer a new level of network security metrics for a growing industry that is demanding more insightful, precise and non-proprietary performance evaluation practices.
“Enterprises, service providers and equipment manufacturers have long been asking for a security performance standard that is fair, unbiased and open,” said project lead Brian Monkman of the NetSecOPEN industry group. “NetSecOPEN’s collaboration with industry experts like Spirent addresses this need, and we welcome participation from other major stakeholders to test new practices and methodologies for security device performance.”
An open security performance standard offers several advantages for enterprises, equipment manufacturers and service providers. The new standard will offer:
- Increased transparency and accuracy over existing proprietary performance tests, which are narrowly defined and run behind closed doors;
- Certification of key performance metrics, while also allowing vendors and enterprises to perform tests on their own; and
- Test parameters based on real-world conditions, such as SaaS applications and high percentages of HTTPS to assess the performance of enterprise perimeter security appliances.
“We are excited to collaborate with the network security industry in the NetSecOPEN initiative on recommendations for security performance testing,” said Jurrie van den Breekel, vice president of business development and product management at Spirent Communications. “We believe network security tests should represent what networks actually look like today, with lots of encrypted SaaS traffic and many connections to tracker and optimization services when testing security inspection and publishing performance results. As a leading enterprise testing vendor, we’re participating in NetSecOPEN to define vendor-neutral test standards that showcase these critical criteria.”
As a first step, NetSecOPEN will work on developing certification requirements and processes with leading testing labs, the European Advanced Networking Test Center (EANTC), UL Verification Services (UL), and the University of New Hampshire InterOperability Laboratory (UNH-IOL).
“As an independent test lab, we sincerely welcome a transparent and realistic standardized benchmarking methodology for next-generation firewalls,” said Carsten Rossenhoevel, co-founder and CTO at EANTC. “Today, published benchmarking results of firewalls often differ substantially from real-world performance, which is confusing for our service-provider and enterprise customers. EANTC is actively participating in the NetSecOPEN initiative, contributing our experience, using the new methodology for all our public and private firewall tests and spearheading NetSecOPEN’s future network security certification program.”
“NetSecOPEN’s goal is to ensure the industry has access to an open, standardized approach to performance testing of manufacturers of network security products” said Mick Conley, development manager at UL. “UL supports a program like NetSecOPEN that leads to collaboration by industry leaders in the development of open standards. Certifications such as this assure that network security products can offer high performance without sacrificing security or user experience.”
“We applaud the efforts of the NetSecOPEN initiative in developing an open standard meeting the needs of the network security industry,” said Erica Johnson, director at UNH-IOL, an independent provider of broad-based testing and standards conformance solutions for the networking industry. “As an unbiased, vendor-neutral lab with expertise in defining certification testing programs for open standards, we are excited to help NetSecOPEN meet their goals.”
“With a variety of cyber-attacks on the rise, security performance testing of networks, IoT devices, websites and more has become essential,” said Scott Crawford, research director at 451 Research. “We applaud this vendor-neutral initiative from NetSecOPEN and its industry partners to develop an open performance standard that increases transparency and will enable interoperability across vendors and test tools.”
The first NetSecOPEN group meeting is scheduled on August 9 in San Jose. Interested parties should contact project lead Brian Monkman at firstname.lastname@example.org to reserve a place.