Bulletproof security is a practical impossibility. Anyone who claims to have perfected the art of security is either a fool or a liar, since no security product or schema is foolproof or invincible. What security promises is risk mitigation; assuming that security technology works as advertised. And that’s the unspoken problem that undermines security effectiveness, says ICSA Labs.
According to ICSA, nearly 80 percent of all security products it’s tested over the last two decades have failed to work as intended during the first round of testing. On average, it takes two to four rounds of testing for a product to earn the lab’s certification and even then they have trouble maintaining their status.
ICSA—an independent division of Verizon—performs testing on many of the most common security products and platforms, including network and web application firewalls, antivirus applications, intrusion prevention systems, and VPNs (IPSec and SSL). It awards certifications based on common criteria developed in conjunction with the vendors that submit their products for testing. Certification is intended to reflect that a product meets the basic functionality and performance expectations of the community.
In celebrating its 20 years of security product testing, ICSA decided to review the testing and product performance trends of the last two decades. The results are startling – more than three out of four security products failed to deliver on their core functionality. Roughly one-half had problems logging activity for inspection and intelligence correlation. And 40 percent were inherently insecure and susceptible to compromise by hackers.
>> CLICK HERE to read the full report and join the discussion on the Secure Channel blog