Service lets CISOs compare effectiveness of security products

Ever wondered how your IT security environment stacks up against another organization’s? What your weak products are? Or which applications create the most problems for a given malware?

Until now making comparisons has been impossible. But this week NSS Labs, an analyst firm which tests equipment, began selling a new service it says lets CISOs do that.

Called the Cyber Advanced Warning System, it lets subscribers test a system around five categories of products (consumer and end-point protection, intrusion prevention, next-generation firewall and unified threat management) against an up to the minute database of threats.

“You’re not in the short run going to change your security products,” CEO Vikram Phatak said in an interview. “But would help you understand where are the areas you need to avoid.”

For example, he said, if the chief executive wants an update on the IT security posture, the CISO can say tests show the organization is vulnerable in particular places. To improve the situation the recommendation is long-term to replace certain hardware, and in the short-term put more priority on patching specific applications.

So far 41 products can be tested against a wide number of applications.

Users can pick as many products and applications as needed and the system will show the number of vulnerabilities that will slip through — and, just as importantly, why.

For example, it may show an environment lets most Adobe Flash vulnerabilities in, and which product is guilty. The CISO then can decide whether to replace the product or ensure the application doesn’t pose a threat (either by removing or updating it). Users can also compare products within a category (such as all next-gen firewalls listed).

Because threats change over time, users can evaluate products over a period of time — say the last 60 days — to get an idea of whether their performance is even.

The catch: the service isn’t cheap. It starts at US$10,000 a year for a single seat in an organization that has up to 500 employees, and goes up to $300,000 for 50 seats and an organization with 50,000 employees.

All subscribers get unlimited use of the service for a year. That way they can test their environment (if it includes products in the system) against up to the minute threats.

For SMBs the company is thinking of a lower priced service which might offer lesser access — for example use only four times a day.

There will also be a service aimed at consumers to test their personal PCs.

At the moment, with only 41 products, the enterprise version of the service may not go so far as a New York Times writer suggested, which is to “hold security vendors accountable.”

Phatak merely said he hopes vendors will see the results and strive to improve their products.

He also says the service will give CISOs a way to measure the effectiveness of their cyber security strategy and investments, as well as — if run often — a tool that warns users when they are at risk of being breached.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now