ICSA Labs certification – What it is and what it isn’t

Many security product vendors and enterprises want to understand the benefits of certification testing and how this process can help improve their security products.

First, it’s important to understand what certification is and what it is not. Certification is meant to test certain functions of a product against a specified set of criteria to verify the product is performing in accordance with the requirements.

In the case of antivirus (AV) products for instance, there is a common misperception that certification is solely focused on how well an AV product detects malware. This is not accurate. Malware detection is only a part of AV certification testing. Beyond malware detection, ICSA Labs also tests administrative functions and logging to confirm they work correctly.

To achieve certification, vendors undergo rigorous testing in the lab followed by monthly maintenance testing. When ICSA Labs engineers find issues, they require the vendors to correct them before their product can either achieve, or maintain, its ICSA Labs certification. To achieve certification from ICSA Labs, a vendor must pass the testing but they must also maintain their certification through ongoing certification maintenance.

Also, certification does not rank one product against another. A product is either certified or not, based on meeting the requirements, which are publically available.

White hat engineers perform a valuable service by identifying vulnerabilities in vendors’ security products. This is important work; however this is outside the scope of ICSA Labs’ testing and certification process. ICSA Labs believes in responsible disclosure and as such, we disclose all vulnerabilities directly to the vendor, versus posting them in a public forum which can result in further damage for the vendor and its customers.

Certification can carry positive and significant meaning. For vendors or developers, certification is an independent mark that signifies that the vendor has satisfied a rigorous set of standards for its product. Certification is also proof of a company’s due diligence and can be a competitive differentiator that provides assurance to customers.

Today, data breaches are impacting virtually every type of organisation and they help highlight the importance of making the right technology decisions. A robust security program across an enterprise should be in a constant state of self-evaluation and improvement in order to achieve true protection against cyberthreats.

George Japak, Managing Director of ICSA Labs

Originally published on ICSA Labs