Certifications12 Years StrongFor 12 years, BorderWare has committed itself to delivering to its customers the most secure network security appliances available. Many companies make this claim, yet few actually take the time to validate this non-trivial statement. BorderWare was the first security vendor in the industry to adopt the Common Criteria certification process for its BorderWare Firewall Server, and MXtreme Mail Firewall.
The Common Criteria (CC) Certification scheme, also known as ISO standard 15408, was developed in 1999 as the international standard replacing the older C2 rating by the National Computer Security Center (NCSC). Common Criteria is a worldwide standard that was co-developed by national security organizations in the United States of America, Canada, the United Kingdom, France, Germany and The Netherlands. Common Criteria provides a comprehensive range of evaluation criteria for government-use installations and corporate security products, and has been adopted by most major software vendors. The Common Criteria certification process has 7 levels, referred to as Evaluation Assurance Levels (EAL’s). The highest level that a firewall can obtain is CC EAL4+. To become certified, a product must undergo and pass over 150 unique tests, a process that can take up to 1 year to complete at a cost of up to $1 million. Such expense and cost required to validate a product at a CC EAL4+ level gives customers an indication of the stability of the organization seeking certification and the quality of its products. The Certification Process Common Criteria has emerged to become the world standard for certifying software and appliances as it involves formal rigorous analysis and testing to examine all security aspects of a product or system. The Common Criteria organization analyzes the security down to the coding level and also covers all aspects of implementation and documentation. Part of this certification is extensive testing which involves a formal and comprehensive audit to ensure that repeatable processes are put in place, thus confirming the validity of the product design. Each level of Common Criteria certification becomes more difficult to pass as the depth of testing and audit becomes more challenging. For example, the highest level obtainable for a security product requires extensive analysis of security weakness by performing vulnerability analysis. MXtreme - First to Achieve Common Criteria EAL4+ BorderWare’s MXtreme Mail Firewall and Firewall Server have both achieved Common Criteria EAL4+ certification, the highest level of third party certification for network security devices. This means that both products have been subjected to formal rigorous analysis and testing to examine all aspects of the product and its security services. BorderWare’s Firewall Server was the first commercial firewall to obtain this level of certification and the MXtreme Mail Firewall is the only mail firewall appliance in the world to obtain CC EAL4+ certification. Hundreds of products are submitted for CC EAL4+ certification each year, yet only a handful actually pass and achieve certification. Some competing products have attempted to obtain CC EAL 2 certification but these products have not been physically tested for vulnerabilities and breaches, an important requirement for any network security software or appliance. The Bottom Line Common Criteria certification provides the following business benefits:
Why would you trust your mission critical communication infrastructure to anything other than a Common Criteria EAL4+ Certified solution? |
