The multi-vendor, multi-lab NetSecOPEN initiative develops state-of-the-art, transparent, and realistic network security performance benchmarks. EANTC contributes expertise toward a transparent and realistic benchmarking methodology for application-layer firewalls, intrusion prevention, and unified threat management.
Next-Generation Firewall Benchmarking Certification
We are happy to announce the release of the NetSecOPEN certification program enabling vendors to receive an independent, realistic, and transparent benchmark certification. Recently, NetSecOPEN announced the publication of IETF RFC 9411. EANTC, as one of the accredited labs to do NetSecOPEN-sanctioned certification testing, contributed significantly to standard development and lab verification tests.
EANTC and NetSecOPEN invite you to join our test program for performance benchmarking and security effectiveness. The goal is to certify the performance of next-generation network security devices. The results can be used as a reference for your data sheets. Customers will have a comprehensive overview of your device regarding legal and illegal traffic performance.
We have developed an advanced test methodology for firewall benchmarking in the IETF over the last year, aligned with today’s increasingly complex layer 7 application use cases. This public methodology will be used for NetSecOPEN certification, resulting in a genuinely open and transparent network security certification program.
All NetSecOPEN certification testing is based on RFC 9411, co-authored by EANTC. We offer to conduct the following test cases:
- 7.2 TCP/HTTP connections per second
- 7.3 HTTP throughput
- 7.4 TCP/HTTP transaction latency
- 7.5 Concurrent TCP/HTTP connection capacity
- 7.6 TCP/HTTPS connections per second
- 7.7 HTTPS throughput
- 7.8 HTTPS transaction latency
- 7.9 Concurrent TCP/HTTPS connection capacity
Test cases 7.6-7.9 will be executed with one single cipher, as per NetSecOPEN certification guidelines (a subset of the four ciphers defined in the IETF draft).
Additionally, EANTC offers the following test areas, e.g.:
- Benchmark tests with industry-specific traffic mixes (office perimeter, web filter, fixed network operator, mobile roaming gateway, and others)
- Resilience against distributed denial of service attacks under load
- Security effectiveness tests to evaluate how well the system under tests protect against diverse security vulnerabilities
- Antivirus protection tests under load
- HTTPS certificate validation tests under load
- Virtualized and cloud implementation benchmarks beyond perimeter security, including cluster management aspects
- Service chaining tests in data center and edge environments
- Manageability tests for example relating to NETCONF/YANG device configuration; alarm management; performance monitoring
Get in touch if you would like to join the testing.