ICSA Labs Announces 2nd Quarter 2002 Product Certifications

Discussion in 'other security issues & news' started by Technodrome, Jul 24, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Thirty-Three Products Pass ICSA Labs' Rigorous Testing Criteria

    Herndon, VA - July 22, 2002 - ICSA Labs®, an independent division of TruSecure Corporation®, today announced that it has certified thirty-three IPSec, firewall, anti-virus, cryptography and PC firewall products in Q2 2002 that meet the industry's most stringent testing criteria. The ICSA Labs' Certification Program provides assurance to the user community that certified products meet industry-accepted product standards worldwide.

    The companies adding to the list of existing IPSec certified products in Q2 2002 are: Allied Telesyn International; Cisco Systems (Nasdaq: CSCO); Lucent Technologies (NYSE: LU); SonicWALL, Inc. (Nasdaq: SNWL); Symantec Corporation (Nasdaq: SYMC); WatchGuard Technologies, Inc. (Nasdaq: WGRD); Network Associates, Inc. (NYSE: NET); Linksys Group, Inc.; Nokia Corporation (NYSE: NOK); ZyXEL Communications Corporation.

    The companies adding to the list of existing firewall certified products this quarter are: BorderWare Technologies, Inc.; CyberGuard Corp. (AMEX: CFW); WatchGuard Technologies, Inc. (Nasdaq: WGRD); Microsecure, Inc.

    The companies adding to the list of existing anti-virus certified products this quarter are: Computer Associates International (NYSE: CA); ESET, s.r.o.

    The companies adding to the list of existing PC firewall certified products this quarter are: Symantec Corporation (Nasdaq: SYMC); Network Associates, Inc. (NYSE: NET).

    "Independent, respected third-party certification is more important than ever in today's climate with its increased threat of cyber attacks," said Pat Clawson, president of CyberGuard Corporation. "Customers are seeking security they can depend on to protect their networks, and ICSA Labs offers them assurance that they are purchasing the level of security they require for their particular business environment."

    "We are pleased that our Firebox Vclass has been tested and certified by ICSA Labs,"said Mark Stevens, senior vice president of network security at WatchGuard Technologies. "The Vclass is a comprehensive new line of appliances that specifically address the needs of distributed enterprise customers by providing premium performance, an enterprise-level feature set, and industry-leading simplicity of implementation and management. Independent third-party certification from ICSA Labs not only brings an added level of confidence to our end-users, but it validates our technology and the depth of our security solution."

    More information regarding the ICSA Labs Certification as well as vendor product, version and build numbers can be found on the ICSA Labs Web site at: http://www.icsalabs.com. ICSA Labs creates globally accepted security product standards and testing procedures. As the industry leader, ICSA Labs sets the standard by performing extensive research as well as tracking and measuring risks.

    "ICSA Labs is the central authority for security product testing and certification," said George Japak, vice president of ICSA Labs. "In these challenging times, when confidence in your security product purchasing decisions can be difficult, using the ICSA Labs certification as a requirement can significantly reduce your risk."
     
  2. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Refresh my memory, if you would.

    I just looked at the list of ICSA-certified PC firewalls at http://www.icsalabs.com/html/communities/pcfirewalls/cert_prods.shtml. It seems considerably shorter than when I last checked it.

    Is that right?

    What happened?

    Have the criteria now changed in some manner that has resulted in the removal of other products or is this just a reflection that some products previously submitted have not been resubmitted in Q2 2002? For that matter, are previously certified products still considered as 'certified'?
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    They are testing 2 types of firewalls:

    Firewall (Enterprise)
    http://www.icsalabs.com/html/communities/firewalls/certification/rxvendors/index.shtml

    PC Firewalls as you pointed.

    Are you referring to enterprise firewalls? (Since I didn't follow PC firewalls)

    P.S. As part of the ICSA Certification program, products are tested periodically throughout the certification life cycle against the latest threats and vulnerabilities. If a firewall doesn't meet these criteria, it will lose certification for that quarter(I believe)...


    Technodrome
     
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Technodrome,

    No, I was referring to the PC firewalls. Two are no longer listed (confirmed in a separate thread with the same query that I started at DSLR Security). Specifically, ZA and Tiny are no longer listed; McAfee has now been added. (Sygate and Norton are carried over.)

    Trying to find some definitive information as to the source of the drops. Could be a change in evaluation criteria, I suppose; or that the very latest versions of those vendors' products have not yet been submitted for certification (and I believe it's pay for certification, isn't it?).

    If we're going to play "You're either on the bus or you're off the bus", then it would be nice if ICSA provided some explanation itself for the drops.
     
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Yes, company has to pay to be included in this testing. No pay no certification...That might be a reason...


    Technodrome
     
  6. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Oops, sorta screwed up here. The DSLR Security thread on this subject can be found at http://www.dslreports.com/forum/remark,3933325~root=security,1~mode=flat , for those who may be interested. (Sorry, thought I had already given the cross-reference here.)

    However, I agree with Name Game: Anyone desiring to post should pick either Wilders or DSLR Security and post in only one of the two. No point in multiple cross-postings, other than to confuse the issue further.

    With luck, I've got two people trying to get some clarification with regards to the dropping of ZA/ZAP. So far, no volunteers with regards to TPF. I don't think I should be pushing the issue with ICSA for the simple reason that I don't use either vendors' products. Someone who does is far more likely to be able to discern a substantive response from fluff. Name Game has now provided a slew of ICSA URLs (over there), but I still can't find anything definitive that answers my fundamental question as to why these two products have now been 'de-listed'.
     
  7. FanJ

    FanJ Guest

    Hi Joseph,

    I fixed the link to that DSLR thread.
     
  8. FanJ

    FanJ Guest

    Joseph,

    I've read your, TD's and John's postings.
    Maybe a bit early to call it this way, but -unless they come with very good explanations- their credibility is gone in my eyes, and it will not be a easy thing to get it back.
     
  9. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Well, not early any more. See Wliley's posting at http://www.dslreports.com/forum/remark,3946606~root=security,1~mode=open .

    No pay, no listing, no pass, no listing. No submission, no listing. To be listed, a product must be paid for testing, and pass the testing. Don't pay again the following year, well, then you get 'de-listed'. In other words, being present or not present on the ICSA 'certification' listing tells you and me absolutely nothing about a product. Consequently, the ICSA certifications are somewhat irrelevant in evaluating the pros and cons of different products from different vendors.

    Actually, I read through the NPF 'test report' and was not impressed; I honestly can't even tell what version/build was being tested, but got the distinct impression that there was some 'latitude' in how test results were interpreted -- once the check clears the bank.
     
  10. FanJ

    FanJ Guest

    Thanks Joseph.

    (I fixed the url BTW).
     
Loading...
Thread Status:
Not open for further replies.