NetSecOPEN revealed that 11 security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. The organization also appointed its board of directors, who will guide NetSecOPEN toward its goal: making open network security testing standards a reality.
These developments momentum for the organization, which formed in 2017 to close the gap between proprietary performance metrics and the observed real-world performance of security solutions. Certification of security product performance today is conducted by independent testing laboratories using proprietary testing methodologies.
Evaluations of security products pose a challenge for enterprise buyers, because the methodologies and test criteria differ from lab to lab. NetSecOPEN believes that testing methodology requires transparency, consensus, and standardization, and that real-world factors need to be integrated into the testing methodology.
The NetSecOPEN standard is designed to provide metrics that can be used to compare solutions and to understand the impact on network performance of different solutions under the same conditions. The goal is to examine the performance ramifications of a solution with all of that solution’s security features enabled, conveying the true costs of the solution.
“There is great urgency for open, transparent standards for the testing of network security equipment,” said Brian Monkman, executive director of NetSecOPEN.
“Today, security professionals face significant challenges when evaluating, deploying, and optimizing new solutions. Similar product specifications may deliver different results, and products often behave differently with real-world traffic than they do in lab environments. NetSecOPEN was formed specifically to address these issues and make it easier for all organizations to identify the right solutions for securing their environments. We are proud to see measurable progress already, bringing us closer to making open network security testing standards a reality.”
NetSecOPEN members collaborate through working groups to create testing standards and guidance. The goal is to achieve consistent, open, repeatable evaluations and results. The founding members represent vendors of security products and services, providers of testing solutions and services, and safety science and testing labs.
The 11 founding member organizations are: Check Point Software Technologies, Cisco, Fortinet, Palo Alto Networks, SonicWall, Sophos, and WatchGuard; test solution and services vendors Spirent and Ixia/Keysight; and testing labs European Advanced Networking Test Center (EANTC) and the University of New Hampshire InterOperability Lab (UNH-IOL).
Board of directors
The NetSecOPEN board is composed of professionals with backgrounds in network security solutions and test procedures and methodologies. The board represents a diverse range of companies with expertise in applying solutions, creating specifications, and driving open, common standards. Members of the NetSecOPEN board are:
- Chairman: Jurrie Van Den Breekel, VP, Business Development and Product Management, Spirent Communications,
- Vice Chairman: Aria Eslambolchizadeh, Executive Director Quality Engineering, SonicWALL,
- Treasurer: Carsten Rossenhoevel, Managing Director at EANTC (European Advanced Networking Test Center),
- Sashi Jeyaretnam, Director, Product Management, Ixia/Keysight,
- Alex Samonte, Sr. System Consulting Engineer, Fortinet,
- Brian Monkman, Executive Director, NetSecOPEN.
There are currently no open standards for network security performance testing. Networks have transitioned in the last decade from 80% unencrypted HTTP traffic to over 80% of the perimeter traffic in many organizations being encrypted with secure cipher suites. This change has resulted in the creation of numerous proprietary methods to determine how well security solutions perform.
NetSecOPEN addresses this array of competing standards with open standards that are intended to close the gap between how proprietary metrics evaluate performance and how the solutions actually perform in the real world.
The NetSecOPEN testing standard has been submitted to the IETF’s Benchmark Working Group. It includes a real-world traffic mix with 400 encryption certificates and 10,000 unique URLs. The testing methodology provides a picture of the load performance that security products face. Specifications are in the final stages of approval. Products can be submitted for testing beginning in Q4 2018.