Press

Cyber Advanced Warning System Brings Continuous Live Exploit Testing to Group Tests

AUSTIN, Texas – February 18, 2016 – NSS Labs, the world’s leading information security research and advisory company, today announced it has taken security product testing to a new level by incorporating the Cyber Advanced Warning System (CAWS) into all applicable security product group tests. CAWS is the world’s first and only security as a service (SaaS) solution that pinpoints active exploits, identifies targeted asset types, and measures security product effectiveness against exploits continuously. Given the highly dynamic nature of threats, continuous threat handling insight is a significant improvement in providing purchase and risk mitigation guidance to enterprise security teams.

Cyber criminals constantly adapt to deployed defenses, countering with new exploits on a daily basis, sometimes more frequently. In theory, all security products receive regular signature and software updates to account for changing attack techniques and/or delivery vehicles. However, those updates are not perfect and can be limited by vendor information, capabilities and priorities – protection is not always aligned with what adversaries are using in active exploit campaigns. CAWS continuously measures security product effectiveness against active exploits and notifies security teams when they are at risk so actions can be taken: prioritize a patch, limit a vulnerable application’s access to the internet, etc.

Security products are typically evaluated for the key aspects of security effectiveness, performance and total cost of ownership (TCO). While the latter two only change when products or pricing change, the security effectiveness of any product is subject to the continuously changing threat landscape. The addition of CAWS results to NSS Labs Group Tests provides a dynamic view into each product’s performance against active threats on the internet throughout the live testing cycle of any applicable group test. Customers and prospects can continue to see how products are performing – even after the live test has completed – by subscribing to CAWS. Security product testing has never been more current and relevant.

“Today’s cyber threats evolve faster than ever. The defenses that work today may be completely off the mark tomorrow,” said Vikram Phatak, CEO of NSS Labs. “Knowing when you are at risk and the specific sources of that risk is key to taking action.”

The next generation firewall (NGFW) Group Test, to be released at the 2016 RSA Conference, will be the first to rely upon CAWS for the live stack portion of its security effectiveness testing.