BorderWare sets precedent in email security with EAL4 certification for MXtreme.BorderWare Technologies Inc. has announced that it has once again set an industry milestone with the award of a Common Criteria (Common Criteria for Information Technology Security) An international standard process for defining security objectives and for evaluating compliance with those objectives. The Common Criteria have largely replaced the Trusted Computer Security Evaluation Criteria (TCSEC), the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the European Information Technology Security Evaluation Criteria (ITSEC). See NCSC. EAL4 EAL4 - Evaluation Assurance Level 4+ certification for the MXtreme Mail Firewall, the first such award for an email security product. MXtreme is BorderWare's comprehensive email security appliance designed to protect corporate mail systems from a wide range of security threats. This certification provides organizations with a clear standard for their mission critical email systems. The MXtreme Mail Firewall provides email security beyond the usual spam and anti-virus controls offered by many vendors and provide them with in-depth defense against a complete range of threats to email. Analysts have already identified the need for such products and predicted rapid expansion in this market. MXtreme's EAL4+ certification places it clearly in the number one position in this rapidly growing sector. Peter Cox, International Vice President of BorderWare Technologies, comments, "This award is the third Common Criteria EAL4+ certification gained by BorderWare Technologies, an achievement unbeaten by any other firewall vendor. MXtreme is not only the first email security product to pass the exacting EAL4 standards, but the only email security product known to have been submitted for this level of certification. Other email security vendors simply have not recognized the importance of building their products on a solid security foundation." Recognized in 16 countries, including the UK and the US, Common Criteria is an independent international standard that provides assurance to users that the product's security has been rigorously tested. EAL4 certification gives assurance that the solution is not susceptible to holes and vulnerabilities, and that vendor's development and support processes have also been audited. Many government departments, military organizations and an increasing number of commercial organizations require that products installed at the network perimeter hold this level of certification. Cox continues, "One of the biggest benefits to customers is that Common Criteria EAL4 certification assures them that the product in question has undergone a rigorous independent vulnerability analysis and penetration testing. Third party vulnerability tests are the only way to ensure that a security product is well-designed and configured, minimizing the chance of system compromise through hidden vulnerabilities. Lower levels of Common Criteria certification, such as EAL2 require only developer vulnerability testing. The danger of relying on the developer to carry out these tests is that errors and assumptions made in design and development are likely to be repeated in testing, thereby increasing the risk of overlooking product weaknesses." In its recent report on improving the cyber security readiness in the U.S., the National Cyber Security Partnership recommends that the federal government demand that products undergo certification under the Common Criteria for "vulnerability analysis" as a procurement requisite. Vulnerability analysis specifically tests applications for software defects and other weaknesses such as buffer overflows. Independent vulnerability analysis is currently only applied on products that undergo certification at EAL4 or higher. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion