Authored by: Sashi Jeyaretnam, Network Apps & Security, Keysight Technologies
The Internet is continuously going through rapid changes that are driving the need to evolve testing standards faster than ever. NetSecOPEN and its diverse group of members are currently targeting exactly that. Right now, the focus is on performance and security test methodologies to validate next-generation firewalls (NGFW) that can keep pace with this rapidly changing environment.
As the champion for open standards in security product testing, NetSecOPEN is standardising performance testing for real-world network products, and its contributions will not only generate new methodologies but also frameworks that will keep the tests relevant in the coming years. Here are some of the new initiatives that we are working on.
Malware Testing: The group members are creating a malware selection criterion that covers the wide range of malware that a next-generation firewall (NGFW) is meant to block. This will include establishing a process to keep the malware list updated at a regular cadence to ensure the NGFWs are keeping up with the latest and greatest signatures.
Vulnerability Testing: Similar to malware, the group is also working on creating a selection criterion for vulnerabilities. The selection criteria will cover critical and severe vulnerabilities that have affected different software, operating systems, browsers, etc. to ensure all round coverage.
Evasion Techniques: Smart hackers generally make efforts to evade from the security devices while trying to exploit their targets. A difference between a mediocre and a great NGFW as far as security effectiveness is considered is in its ability to detect and stop such evasion attempts. Apart from working on defining a set of malware and exploits, NetSecOPEN is also working on creating various common evasion techniques to employ on top of such attacks.
Application Traffic Framework: Blocking security traffic is relatively easy for any NGFW as long as it doesn’t have to handle the regular business traffic. NetSecOPEN is working on a common framework that will define application mixes representative of various industries like industrial, healthcare, and finance. These application mixes will run in parallel with the security attacks to help testers understand the performance of an NGFW while it is handling security strikes. This type of realistic traffic testing enables the measurement of both security efficacy and performance benchmark of NGFWs.
All these initiatives are being worked on with the future in mind. So apart from defining the first versions of some of these standards, NetSecOPEN is also working to ensure there are provisions to keep these standards closely following the “current” status of the ever-changing Internet. NGFW methodologies are just the start, with plans to extend test standardisation efforts to include cloud security, SD-WAN, and secure access service edge (SASE).
Keysight is proud to be the founding member of NetSecOPEN and has already created initial samples of malware packages, application traffic frameworks, evasion techniques, and more to provide our customers early access to such testing, so please reach out if you would like a preview. This is over and above our support of the existing NetSecOPEN certification that any user can do using a few clicks by leveraging the BreakingPoint QuickTest.