Securify gains higher security rating
- By Rutrell Yasin
- Apr 13, 2006
Securify officials say they can offer federal users one of the strongest solutions for gaining visibility and control of critical network functions since the company's security monitoring system has achieved a higher Common Criteria evaluation.
The company's SecurVantage 5.0 has moved from Evaluation Assurance Level 2 to EAL3 after undergoing six months of stringent testing by the independent CygnaCom Security Evaluation Laboratory, Securify officials said.
'This means that the review of [Securify's] implementation of security features has [undergone] more thorough testing,' said Jose Caldera, the company's security architect. SecurVantage is an automated security system that allows users to generate business-driven security policies, monitor network compliance, produce relevant network operational information, and provides network and application trend reporting.
The Defense Information Systems Agency, the DOD's Special Operations Command and the Department of Health and Human Services use SecurVantage to improve the security of their networks, Securify officials said.
Common Criteria Evaluation and Validation Scheme is an international standard that proves that the integrity and underlying technology of security products have been tested and validated against known criteria. Testing is performed by a third-party source. The National Institute of Standards and Technology and the National Security Agency established the National Information Assurance Partnership (NIAP) to evaluate information technology product conformance to the Common Criteria standard.
The NIAP program has been criticized recently by the Government Accountability Office for not doing enough to educate agencies or vendors about Common Criteria. A GAO report issued earlier this month also chided NIAP for not providing metrics or evidence that the Common Criteria actually improves product security.
In addition, the report states that the Common Criteria process takes so long to complete that agencies often find that the products they need are not on the list of certified offerings or that only older versions have been accredited.
Securify officials noted that the NIAP process could be streamlined better. However, Steve Woo, Securify's vice president of marketing said Common Criteria testing does improve the security of products.
This is Securify's second time going through the process, he said. Common Criteria testing has helped the company make significant changes in its software development, he added.
Rutrell Yasin is is a freelance technology writer for GCN.