Share
Located in Austin, Texas and Carlsbad, California, NSS Labs has been testing and evaluating security related products and services for years. However, the company recently announced that they are rolling out an information services business model for IT security buyers to purchase completely independent testing data and analysis.
NSS Labs to focus on non-funded testing.
In the past, we’ve questioned the idea of vendor sponsored testing, where the vendor who paid for the test not only comes out the overall “winner” as it were, but severely stomps the competition. NSS Labs is no stranger to this line of debate.
So the news about NSS Labs moving from sponsored testing to independent testing was of particular interest. We asked Rick Moy, President of NSS Labs, if the talk about them moving from sponsored testing to independent testing was true and if there was any major reason for it.
“We have always done 'independent' testing,” Moy said in an email to The Tech Herald. “Vendors don't get to tell us what [or] how to test.”
“There is a big difference between a 'sponsored' test,” he added, citing Tolly Group, Miercom, and West Coast Labs, as examples of sponsored testing, and what NSS Labs has been doing that gets lost in translation. “We test against standardized methodologies that we develop. Regardless of who pays the test is the same.”
So the new independent offering is more of a focus on services NSS Labs has always offered. “NSS Labs is rolling out an information services business model for IT security buyers to purchase completely independent test data and analysis,” he said.
The independent approach “…enables us to test products when vendors refuse to come in. We have even found some refusing to let us test for free, preferring the light touch and standard 4-5 star ratings they get from advertiser-based reviews. There's a huge gap in trusted, real-world knowledge about security products - and this is creating greater risk for companies and consumers. We are filling that hole,” Moy added.
The first independent report, based on a TippingPoint IPS purchased by NSS Labs, is a precursor to a larger group test on IPS related products due in October that will include 12 products. NSS Labs tested 209 exploits against the TippingPoint 10 IPS, and unlike past results, it caught only 82 of them.
Five years ago, TippingPoint earned the NSS Labs Gold award, as well as becoming a recognized brand name for security. However, Moy noted in his email, something has clearly slipped and competitors have surpassed them.
“This should give IT security buyers [insight into] the risks of buying based on brand name, marketing and historic performance data...,” Moy said of the TippingPoint test.“Indeed, as vendors have noted, the threat landscape has gotten worse in the last few years. And a true vulnerability-based approach is key to protecting against multiple attack vectors. Given the complexity, it has become almost impossible for buyers to properly assess these capabilities on their own.”
Later this month, a group test on anti-Malware/endpoint protection will be released that includes 10 products. A test on virtualization scalability is due in October as well.
The Tech Herald: Can you trust the NSS Labs report touting the benefits of IE8?
The Tech Herald: Can you trust the NSS Labs report touting the benefits of IE8? (Update)
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story