CAWS Advances NSS Labs’ Vision and Empowers Enterprises to Gain Peace of Mind by Making Informed Security and Risk Mitigation Decisions

AUSTIN, Texas – July 18, 2017 – NSS Labs, the global leader in operationalizing cybersecurity, today announced CAWS 3.0, a continuous security validation platform that leverages the company’s unmatched expertise in security product testing and threat discovery to evaluate security control effectiveness and provide enterprises with relevant information to mitigate risks and prioritize actions. CAWS further advances NSS Labs’ vision to deliver continuous security validation and empower enterprises to make informed decisions to improve their security and risk posture.

“2017 has proven to be a turbulent year for cybersecurity, marked by serious ransomware, zero day, and targeted attacks,” said Gautam M. Aggarwal, Chief Marketing Officer and Head of Products at NSS Labs. “Security professionals are under pressure to assess their risk posture through fact-based, empirical data regarding how their security controls are performing against these threats and where their unmitigated risks are. CAWS 3.0 capitalizes on NSS Labs’ core strengths to address this need in the market and represents a major milestone toward our vision to deliver a powerful continuous security validation platform that gives enterprises peace of mind and keeps them steps ahead of a breach.”

Despite extensive efforts and investments to address the evolving threat landscape, security effectiveness remains a guessing game, regardless of an organization’s size and resources. In 2016, enterprises spent US$80 billion on cybersecurity products from more than 1,500 vendors, yet a recent NSS Labs survey of CISOs in North America revealed that 52% of enterprises reported that they see “no value-add” from currently deployed security products. With serious threats and breaches on the rise, enterprises have little to no fact-based data about how their security controls are performing, and they lack the empirical evidence required to inform decision-making and facilitate risk management.

CAWS overcomes these challenges and enables enterprises to determine if their existing security architecture provides the right protection and ensures their security configurations are properly implemented. By continuously assessing active threats against vulnerable systems (i.e., operating systems [OS] and applications) and assessing the efficacy of existing security controls, CAWS empowers enterprises with relevant information to mitigate active threats and reduce risk. CAWS is powered by NSS Labs’ patent-pending BaitNetTM technology—the world’s largest live exploit capture harness. CAWS leverages a powerful architecture that orchestrates victim machines simulating enterprise endpoint profiles, uncovering active threats throughout 37 countries that impact over 300 enterprise applications to continuously capture and analyze live exploits in the wild. By replaying these threats in real-time against virtual replicas of customer environments, CAWS precisely identifies and validates which threats are capable of bypassing the defenses in place and prioritizes systems at risk.

Expanded Capabilities for Continuous Security Validation

CAWS 3.0 can be customized to mirror an enterprise’s specific environment including operating systems, applications, browsers, and security controls. With CAWS 3.0, enterprises can choose from public and private deployment options. Enterprises can also see how their defenses are performing against vendor-recommended settings, including out-of-the-box configurations and tuning. Enterprises have the ability to customize their own categories of applications and deployed security products against enterprise-specific configuration and tuning, which delivers real-time insights into active threats that can impact their systems. With CAWS 3.0’s User Portal, enterprises gain a comprehensive view of their risk profile and continuous validation of their security controls, with deep visibility into the unmitigated risks impacting their systems (i.e., OS and applications). With the robust API and integrations offered by CAWS 3.0, enterprises can automate their responses to active threats and significantly reduce the window of exposure while their security products catch up.