THE PATH TO EFFECTIVE SECURITY BEGINS WITH KNOWLEDGE
NSS Labs, Inc. is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. Our mission is to advance transparency and accountability within the cybersecurity industry.
Our unmatched foundation in security testing, along with our extensive research and global threat analysis capabilities, enable us to provide our clients with the relevant information they need to substantiate investments in their cyber programs.
TRUSTED BY THE WORLD’S MOST DEMANDING ORGANIZATIONS
You make critical decisions every day. Knowing the facts enables you to have confidence in your choices. That’s why leaders in every field turn to NSS Labs, the world’s leading security product research, testing and advisory company.
All over the globe, prominent enterprises, government agencies, security product resellers, security service providers, and even security vendors themselves rely on NSS Labs. Our reputation is built on millions of hours of rigorous testing, finding flaws in thousands of security products across numerous technologies.
We provide our clients with objective, data-driven guidance on product effectiveness, performance, and cost of ownership. Our research informs best-practice decisions, enabling smarter purchases and efficient operations.
Why do NSS Labs results differ so much from those of magazines and other tests?
The answer is simple: we test harder. It’s hard to test security products properly. And it gets harder the higher you raise the bar. NSS Labs specializes in threat research and expert testing of complex security products. We believe if you’re not testing like the bad guys, then what’s the point? And our gloves-off approach is designed to inform clients who need to know where the holes in their defenses are.
Just about every product we test is certified by various other labs, but due to our rigorous testing standards, less than 30% of tested products are NSS Labs Recommended.
In certain segments of the cybersecurity industry, the certification model has thrived. This pass-fail approach is easy for a customer to see when a product slows them down or sets them on wild goose chases with false positive alerts, but it is hard for most customers to determine what a product does not do. It is hard for most customers to know when a product blocks a known attack, but then fails to stop that same attack when obfuscated. And if something is missed, the vendor can simply claim “no product is perfect”.
Knowing this, NSS Labs chose a different route. We bet that if enterprises valued test results and asked vendors for those results before purchasing their products, vendors sales teams would demand that their marketing departments provide those test results. This would create pressure on vendors’ engineering departments to make their products work better. Those engineering departments would then be able to justify the funding they requested (you want good test results, right?) in order to perform well in the test that enterprises required – raising the bar for the entire security industry.
We also bet that most people who go into cybersecurity want to protect their customers. And in the absence of disincentives, with the right incentives from enterprises, they would do the right thing. Of course, those who know their product doesn’t work properly, and yet sell it to unsuspecting clients anyway, would do everything possible to avoid testing and accountability.
So how do I know which tests / testing labs I can trust?
Our advice: Follow the money. If a vendor is paying for a test, you are not the customer, you are the mark. Also, look to see if anyone has failed the test. This is the corollary to follow the money. If nobody has failed a test, it is safe to presume that a vendor is paying for the test.
Who pays for NSS Labs testing? How do you make money?
Group tests are performed on our dime – there is no expense to the vendor. NSS Labs fronts the expense of the test (which is often considerable) in expectation that enterprises and government organizations will purchase the reports for a reasonable fee. This allows us to test products as they need to be tested – with a gloves-off approach that best reflects the way attackers operate.