The Road to Cybersecurity: An In-Depth Look at the Development of a Network-Security Testing Standard

NetSecOpen Aims to Establish Standard Testing and Benchmarking for Network-Security Appliances

Introduction

NetSecOpen, a consortium of network-security companies and hardware testing organizations, is working towards establishing testing and benchmarking standards for network-security appliances. The group aims to create a consensus method that allows for comparisons of different vendors’ devices, even if they are evaluated by different third parties. This standardization would enable a fair and reasonable assessment of network security functions, which is crucial in an industry of growing importance.

The Need for New Standards

The current testing standards for network security appliances, published by the Internet Engineering Task Force (IETF) 20 years ago, are outdated and no longer reflect the evolving technology landscape. The industry has witnessed the diversification of security function implementations, including intrusion detection and prevention, threat management, and analysis of encrypted traffic. As a result, the establishment of well-defined and reproducible key performance indicators (KPIs) is necessary for fair and reasonable comparisons.

A Collaborative Effort

NetSecOpen consists of several prominent network-security firms, such as Cisco Systems, Fortinet, Palo Alto Networks, and WatchGuard. Additionally, it includes testing equipment manufacturers like Spirent and Ixia, along with evaluators such as the European Advanced Networking Test Center (EANTC) and the University of New Hampshire InterOperability Laboratory (UNH-IOL). These key industry players are actively collaborating to develop the testing standards and are participating in the testing process using these standards. The aim is to create a standardized approach that accredited test houses can use to evaluate various products, ensuring standardized and comparable results.

Real-World Test Cases

NetSecOpen’s testing standards focus on using real-world data to assess the performance of network-security appliances against realistic network loads and security threats. For example, their attack traffic test set incorporates common vulnerabilities that have been exploited by attackers over the past decade. The draft recommendations include specific test architectures, traffic mixes between IPv4 and IPv6, and enabled security features. It also encompasses a variety of throughput performances such as application traffic, HTTPS requests, and quick UDP Internet connections (QUIC) protocol requests.

Addressing Evolving Threats

NetSecOpen acknowledges the ever-changing threat landscape and aims to adapt its testing standards accordingly. The organization is in the process of updating vulnerability test sets to include smaller, noncritical vulnerabilities that can be strung together into effective attacks. The Cybersecurity and Infrastructure Security Agency (CISA) has demonstrated that attackers can exploit these seemingly insignificant vulnerabilities, necessitating a reevaluation of their impact. NetSecOpen recognizes this challenge and aims to address it to ensure comprehensive and effective testing standards.

Expanding into Cloud Security

NetSecOpen also has plans to expand its testing standards to include cloud environments, such as distributed cloud firewalls and web application firewalls. While the benefits of cloud computing are undeniable, network perimeter defense remains crucial. Therefore, NetSecOpen’s mission to establish well-defined, open, and transparent standards will extend to cloud-based security solutions. This expansion is aimed at ensuring the effective evaluation of security in cloud environments and guaranteeing the continued importance of network perimeter defense.

Editorial: The Importance of Standardization in Network Security

Ensuring Reliable and Transparent Testing

Establishing standardized testing and benchmarking methods for network-security appliances is a crucial step towards enhancing the reliability and transparency of evaluations in the industry. Currently, different vendors’ devices are evaluated by different third parties using varied test tools and methodologies. This lack of consistency makes it challenging for customers to make informed decisions and compare products effectively. By creating an industry-wide standard, NetSecOpen aims to address this issue and provide customers with reliable and comparable results.

Adapting to Changing Threats

The landscape of cybersecurity threats is continually evolving, making it imperative for testing standards to keep pace with these changes. NetSecOpen’s commitment to updating vulnerability test sets based on emerging attack techniques, as demonstrated by CISA, shows the consortium’s dedication to thorough and comprehensive evaluations. This adaptability ensures that network-security appliances are tested against relevant and realistic threats, providing customers with a more accurate understanding of their capabilities.

Encouraging Innovation and Competition

Standardized testing and benchmarking not only benefit customers but also promote innovation and healthy competition within the industry. When all vendors adhere to the same testing standards, it levels the playing field and allows for a fair comparison of their products. This transparency fosters innovation by pushing companies to constantly improve their offerings, ensuring that customers have access to the most advanced and effective network-security appliances.

Advice: The Role of Third-Party Testing and Customer Due Diligence

The Importance of Third-Party Testing

Given the complexity and critical nature of network-security appliances, it is advisable for customers to rely on third-party testing when evaluating different products. Third-party testing ensures that evaluations are conducted independently, without bias towards specific vendors. NetSecOpen’s efforts to establish standardized testing and benchmarking methods will provide customers with a reliable and objective basis for comparing various network-security appliances. It is essential for customers to prioritize products that have been evaluated using industry-standard tests, as this ensures a more accurate assessment of their capabilities.

Customer Due Diligence

While standardized testing provides valuable insights, it is crucial for customers to conduct their due diligence when selecting network-security appliances. Factors such as specific use cases, industry requirements, and compatibility with existing infrastructure should be taken into consideration. Additionally, understanding a vendor’s track record, customer support, and commitment to ongoing updates and improvements is essential. By thoroughly researching and evaluating different options, customers can make informed decisions that align with their unique security needs.

Continued Monitoring of Industry Developments

Given the constantly evolving nature of cybersecurity threats and technology, customers should engage in ongoing monitoring of industry developments. Staying informed about the latest testing standards, emerging threats, and innovation in network-security appliances allows customers to make proactive decisions and adapt their security strategies accordingly. It is advisable to follow updates from organizations like NetSecOpen, as they are at the forefront of shaping industry standards and best practices.

In conclusion, NetSecOpen’s efforts to establish standardized testing and benchmarking methods for network-security appliances are commendable. Their focus on real-world test cases, adaptability to emerging threats, and plans to expand into cloud security highlight their commitment to addressing the evolving needs of the industry. By prioritizing standardized testing and conducting thorough due diligence, customers can make informed decisions and ensure the optimal security of their networks.