ICSA Labs recently announced the creation of the Endpoint Security Consortium to create industry-wide standards...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
for endpoint security products. Will this group have an effect on the endpoint security product market? Our organization is considering some significant endpoint security purchases later this year. Should we hold off until vendors implement some of this group’s recommendations?
Generally speaking, I’m a supporter of any effort by trusted organizations to develop product standards and then evaluate products against them in an independent manner. These arrangements, when executed well, benefit organizations on both sides of the equation: The security products industry sees increased product demand through the program’s educational outreach, while enterprises gain a yardstick against which to measure potential solutions during their own endpoint protection review process.
ICSA Labs, an independent business division of Verizon, is clearly a trusted partner in the security product evaluation space and has been evaluating antivirus software for many years. In their announcement of the Endpoint Security Consortium, they set forth a mission to “create publicly vetted, objective and credible criteria to test and certify endpoint security products against, as well as educate end users about endpoint products.”
One good indicator pointing to the success of this effort is the variety of initial partners that ICSA Labs has assembled: McAfee Inc., Microsoft and AVG Technologies. These three vendors are clear competitors in the endpoint space and each would benefit from biasing any evaluation process. The fact that they’re all collaborating with ICSA Labs on this effort lends a natural check-and-balance to the evaluation process and is an encouraging sign that good things will come from the collaboration. Stay tuned on that front!
Turning to the second half of your question, I wouldn’t delay a significant endpoint security effort merely because an external certification program is on the horizon. I suggest continuing with the internal product evaluation process that you already plan to use. If ICSA Labs later evaluates your product against a new standard, that’s merely more information you can use when considering renewal and/or discussing roadmap product features with your chosen partner.
Ask the Expert!
Have network security questions? Ask expert Mike Chapple!
Dig Deeper on Client security
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.