80% of Security Products Fail to Meet Expectations

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

ICSA Labs says that four out of five security products it tests fail to deliver the basic functionality of their design, and that 40 percent are inherently insecure. The report says more is needed in security product quality control, but will vendors hear the message before end users are filled with doubt.

Bulletproof security is a practical impossibility. Anyone who claims to have perfected the art of security is either a fool or a liar, since no security product or schema is foolproof or invincible. What security promises is risk mitigation; assuming that security technology works as advertised. And that’s the unspoken problem that undermines security effectiveness, says ICSA Labs.

According to ICSA, nearly 80 percent of all security products it’s tested over the last two decades have failed to work as intended during the first round of testing. On average, it takes two to four rounds of testing for a product to earn the lab’s certification and even then they have trouble maintaining their status.

ICSA—an independent division of Verizon—performs testing on many of the most common security products and platforms, including network and web application firewalls, antivirus applications, intrusion prevention systems, and VPNs (IPSec and SSL). It awards certifications based on common criteria developed in conjunction with the vendors that submit their products for testing. Certification is intended to reflect that a product meets the basic functionality and performance expectations of the community.

In celebrating its 20 years of security product testing, ICSA decided to review the testing and product performance trends of the last two decades. The results are startling - more than three out of four security products failed to deliver on their core functionality. Roughly one-half had problems logging activity for inspection and intelligence correlation. And 40 percent were inherently insecure and susceptible to compromise by hackers.

>> CLICK HERE to read the full report and join the discussion on the Secure Channel blog

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...