Security Management Strategies for the CIOICSA Labs recently announced the creation of the Endpoint Security Consortium to create industry-wide standards for endpoint security products. Will this group have an effect on the endpoint security product market? Our organization is considering some significant endpoint security purchases later this year. Should we hold off until vendors implement some of this group’s recommendations?
Requires Free Membership to View
Generally speaking, I’m a supporter of any effort by trusted organizations to develop product
standards and then evaluate products against them in an independent manner. These
arrangements, when executed well, benefit organizations on both sides of the equation: The
security products industry sees increased product demand through the program’s educational
outreach, while enterprises gain a yardstick against which to measure potential solutions during
their own endpoint
protection review process.
ICSA Labs, an independent business division of Verizon, is clearly a trusted partner in the
security product evaluation space and has been evaluating antivirus software for many years.
In their announcement of the Endpoint
Security Consortium, they set forth a mission to “create publicly vetted, objective and
credible criteria to test and certify endpoint security products against, as well as educate end
users about endpoint products.”
One good indicator pointing to the success of this effort is the variety of initial partners that
ICSA Labs has assembled: McAfee Inc., Microsoft and AVG Technologies. These three vendors are
clear competitors in the endpoint space and each would benefit from biasing any evaluation process.
The fact that they’re all collaborating with ICSA Labs on this effort lends a natural
check-and-balance to the evaluation process and is an encouraging sign that good things will come
from the collaboration. Stay tuned on that front!
Turning to the second half of your question, I wouldn’t delay a significant endpoint security
effort merely because an external certification program is on the horizon. I suggest
continuing with the internal product evaluation process that you already plan to use. If ICSA
Labs later evaluates your product against a new standard, that’s merely more information you can
use when considering renewal and/or discussing roadmap product features with your chosen
partner.
This was first published in September 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation