Most security products fail to perform

Tagged: Anti-Virus, Software
Source: - Read the full article
Posted: 6 years 48 weeks ago

Nearly 80 percent of security products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving certification, according to a new ICSA Labs report. The “ICSA Labs Product Assurance Report” - co-authored by the Verizon Business Data Breach Investigations Report research team - details lessons gleaned from testing thousands of security products over 20 years.

The report found the number one reason why a product fails during initial testing is that it doesn’t adequately perform as intended. Across seven product categories core product functionality accounted for 78 percent of initial test failures. For example, an anti-virus product failing to prevent infection and for firewalls or an IPS product not filtering malicious traffic.

The failure of a product to completely and accurately log data was the second most common reason. Incomplete or inaccurate logging of who did what and when accounted for 58 percent of initial failures.

The report findings suggest that logging is often considered a nuisance and undervalued. According to the report, logging is a particular challenge for firewalls. Almost every network firewall (97 percent) or Web application firewall (80 percent) tested has experienced at least one logging problem.

Rounding out the top three is the startling finding that 44 percent of security products had inherent security problems. Security testing issues range from vulnerabilities that compromise the confidentiality or integrity of the system to random behavior that affects product availability. Even though it can be a demanding process, certification with a trusted, established third party is critical to verifying product quality, states the report. Product categories studied were: anti-virus, network firewall, Web application firewall, network IPS, IPSec VPN, SSL VPNs and custom testing.

George Japak, managing director, ICSA Labs said: “The question I ask vendors is this: Who would you rather have find an issue in your product -- ICSA Labs in a safe testing environment or a criminal in the real world?”

In addition to product functionality, logging and inherent security problems, other issues identified in the study include poor product documentation and patching. Poor product documentation is unhelpful and dangerously misleading. The report indicates vendors should place more importance on proper documentation.

Additionally, patching remains an issue. Approximately 20 percent of products struggle to accept updates correctly. For products like anti-virus, the ability to accept patches effectively is as important as the product’s core functionality of preventing infection.