BorderWare sets precedent in email security with EAL4 certification for MXtreme.BorderWare Technologies Inc. has announced that it has once again set an industry milestone with the award of a Common Criteria (Common Criteria for Information Technology Security) An international standard process for defining security objectives and for evaluating compliance with those objectives. The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian EAL EAL English as an Additional Language EAL Evaluation Assurance Level EAL Eastern Airlines EAL Emergency Action Level EAL Environmental Analysis Laboratory EAL Evidence Analysis Library (American Dietetic Association) 4+ certification for the MXtreme Mail Firewall, the first such award for an email security product. MXtreme is BorderWare's comprehensive email security appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. designed to protect corporate mail systems from a wide range of security threats. This certification provides organizations with a clear standard for their mission critical email systems. The MXtreme Mail Firewall provides email security beyond the usual spam E-mail that is not requested. Also known as "unsolicited commercial e-mail" (UCE), "unsolicited bulk e-mail" (UBE), "gray mail" and just plain "junk mail," the term is both a noun (the e-mail message) and a verb (to send it). and anti-virus controls offered by many vendors and provide them with in-depth defense against a complete range of threats to email. Analysts have already identified the need for such products and predicted rapid expansion in this market. MXtreme's EAL4+ certification places it clearly in the number one position in this rapidly growing sector. Peter Cox, International Vice President of BorderWare Technologies, comments, "This award is the third Common Criteria EAL4+ certification gained by BorderWare Technologies, an achievement unbeaten by any other firewall vendor. MXtreme is not only the first email security product to pass the exacting EAL4 standards, but the only email security product known to have been submitted for this level of certification. Other email security vendors simply have not recognized the importance of building their products on a solid security foundation." Recognized in 16 countries, including the UK and the US, Common Criteria is an independent international standard that provides assurance to users that the product's security has been rigorously tested. EAL4 certification gives assurance that the solution is not susceptible to holes and vulnerabilities, and that vendor's development and support processes have also been audited. Many government departments, military organizations and an increasing number of commercial organizations require that products installed at the network perimeter hold this level of certification. Cox continues, "One of the biggest benefits to customers is that Common Criteria EAL4 certification assures them that the product in question has undergone a rigorous independent vulnerability analysis In information operations, a systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such and penetration testing A test of a network's vulnerabilities by having an authorized individual actually attempt to break into the network. The tester may undertake several methods, workarounds and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, . Third party vulnerability tests are the only way to ensure that a security product is well-designed and configured, minimizing the chance of system compromise through hidden vulnerabilities. Lower levels of Common Criteria certification, such as EAL2 require only developer vulnerability testing. The danger of relying on the developer to carry out these tests is that errors and assumptions made in design and development are likely to be repeated in testing, thereby increasing the risk of overlooking product weaknesses." In its recent report on improving the cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. security readiness in the U.S., the National Cyber Security Partnership recommends that the federal government demand that products undergo certification under the Common Criteria for "vulnerability analysis" as a procurement The fancy word for "purchasing." The procurement department within an organization manages all the major purchases. requisite. Vulnerability analysis specifically tests applications for software defects and other weaknesses such as buffer overflows A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. . Independent vulnerability analysis is currently only applied on products that undergo certification at EAL4 or higher. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion