Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

12/1/2020
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Former NSS Labs CEO Launches New Security Testing Organization

Member-based CyberRatings.org to offer free and tiered paid access to tested security product and services ratings.

NSS Labs may be defunct, but its previously unreleased testing data will now see the light of day under a new testing organization created by its former CEO, Vikram Phatak.

Phatak, who left an 11-year stint at the helm of NSS Labs in 2018 after suffering a heart attack, today launched CyberRatings.org, an Austin, Texas.-based member-based organization that will generate ratings, reports, and analysis on security products and services. The new organization's first release will be product ratings based on new and unpublished NSS Labs test data for software-defined wide area network (SD-WAN) vendor offerings, and will be followed by ratings of next-generation firewall and breach prevention system products.

NSS Labs abruptly closed its doors on Oct. 15 due to what it cited as "COVID-related impacts." Privately, former employees and sources close to the company said the shutdown was due to the closure of its private equity investor, Consecutive Inc., which ultimately dried up its funding for NSS Labs. Consecutive had acquired NSS Labs for an undisclosed sum in the fall of 2019 in a move that was not publicly announced by the companies but which they later confirmed.

Related Content:

NSS Labs' Abrupt Shutdown Leaves Many Unanswered Questions

The Changing Face of Threat Intelligence

New on The Edge: 5 Signs Someone Might be Taking Advantage of Your Security Goodness

At the time, the privately held testing firm had shown signs of financial woes with layoffs, and several sources said the merger was a way to keep NSS Labs afloat. Jason Brvenik, who had served as CEO until its shutdown, told Dark Reading in a February interview that the deal allowed for a reorganization of the company.  

Phatak, NSS Labs' CEO from 2007 to 2018, recently acquired all of NSS Labs' testing data - including the unpublished findings - in a licensing transaction with the custodians of its assets via a liquidation process. His newly formed organization, CyberRatings.org, aims to provide a more open and inclusive source of security product assessments that also encompasses the consumer sector, he says.

CyberRatings.org will contract testing to reputable third-party testing labs, says Phatak, chairman and CEO of CyberRatings.org. "We'll focus on the ratings part [and] on information and community," he says. "Our goal is to help [people] understand how well these products work or not."

Test results alone are basically a snapshot in time, Phatak explains. "The goal of ratings is to make a forward-looking statement of what we think of the reliability of a company or product or service," he says, starting with security products but also expanding to rating managed security service providers and professional security services firms.

CyberRatings.org also will incorporate strategic information about a security firm in its ratings, such as its financial health and senior-executive hirings and departures. "All of these things go into calculating ratings," Phatak says.

Not an Island
Phatak envisions a community effort for CyberRatings.org rather than the "island" model of NSS Labs, which he admits often created an atmosphere of NSS Labs versus the security vendors. "Vendors can be part of the system being measured, but it's not 'you failed this'" with this new model, for example, he says.

NSS Labs' security-product testing infrastructure, meanwhile, is up for sale via a Silicon Valley liquidation firm. Phatak says he has no plans to purchase any of NSS Labs' testing systems, but his firm will be creating its own testing methodology for third-party testers to use as a template in their work for CyberRatings.org.

And unlike the investor-backed NSS Labs, CyberRatings.org won't be under pressure to constantly grow and increase revenue.

"This is not going to be a moneymaker," Phatak notes. "NSS Labs had a limited budget, so it had to remain narrow [in its scope]. The community is far bigger than any one organization can do, so we wanted to create that ecosystem."  

Several former NSS Labs employees have joined Phatak at the new organization, including Cathy Main, former vice president of marketing and corporate relations, who is now president of CyberRatings.org, as well as some testing analysts who had worked for the now-shuttered company.

CyberRatings.org's free community membership includes security product and services testing and rating summaries. The firm also offers higher-level memberships with more access to testing data and analysis. For example, personal membership costs $100 per year and includes detailed product rating reports.

Soon the organization plans to offer professional membership for $500 per year, small business membership for $1,000 per year, and membership for corporate and service providers for $10,000 per year.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVE-2021-34067
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.