LAS VEGAS. A new report by the cyber testing firm NSS Labs finds that cybersecurity products bundled by vendors into “suites” of services can provide enhanced protection against increasingly sophisticated attackers.
“This is the first time that NSS Labs has published a comparison of technology suites,” CEO Jason Brvenik said of the analysis. “Attackers are compromising organizations seemingly at will. Protection solutions need to improve, and as we see in this analysis, several vendors are stepping up.”
NSS Labs in a release explained: “Vendors have been claiming for years that if enterprises purchase their entire suite, they will see better results. Enterprises asked NSS Labs if this was true as many perform technology proofs-of-concept (PoCs), but few have the resources to test a multilayer defense with so many integrated protections.”
Brvenik and Peter Armstrong of Munich Re Group are on a panel today here at Black Hat to discuss “Trendspotting through Cybersecurity Testing.”
The firm said in the release: “NSS Labs’ Analysis of Breach Prevention Systems is the outcome of testing Next Generation Firewalls (NGFWs), Next Generation Intrusion Prevention Systems (NGIPS), Breach Detection Systems (BDS), and Advanced Endpoint Protection (AEP) products over the past year. All tests permitted the use of cloud capabilities such as reputation systems, sandboxing, emulation, machine learning, etc.”
“This is the hardest test we’ve ever done,” NSS Labs founder Vikram Phatak said in an interview here. “The goal, instead of stressing a device, we played attacker and said we’ll throw the kitchen sink at you and see if you can stop us. This is beyond a firewall test.”
The suites “held up better” than expected, Phatak said, adding these “new solutions did significantly better, by 5 to 10 percent,” than stand-alone security products. He said “a couple of the products didn’t do so well,” but noted “”a professional response” by the relevant firms to address the problems.
On the positive side, Phatak said the service suites offered by Trend Micro, Palo Alto Networks, CheckPoint and Fortinet held up particularly well under the multipronged attacks launched in the test.
“It looks like there is value there” in bundling the cyber products into suites, he said.
Separately, NSS Labs also posted an “analyst brief” by Phatak, “The CISO’s guide to the importance of testing security devices.”
Among NSS Labs’ suggestions from companies shopping around for cyber services, “Make use of independent test reports when developing an initial shortlist of security vendors and products, but be prepared to perform your own testing before final selection. Consider the use of an independent third-party testing house—one that specializes in testing security products—to help draw up your test plan, evaluate the products on your shortlist, interpret the results, or even conduct an entire outsourced comparative analysis on your behalf.”
Phatak told Inside Cybersecurity, “We tell government agencies, we’re seeing patterns emerge.” When choosing a vendor, “don’t look at just one test, look at the body of work. Five or 10 years ago it was a free-for-all, but by now your vendor should have a track record. Their culture, their commitment to the customer over time, is something o consider.”
Phatak said the paper is intended to help companies prioritize what they want in cyber services as well as to identify “red flags” when considering vendors. – Charlie Mitchell (firstname.lastname@example.org)