Join Bishop Fox & Illumio at Infosecurity Europe, as we discuss "Why Third-Party Validation of Security Products Matters" in our session on Thursday, June 22 at 11:30 a.m. BST.

Why Third-Party Validation of Security Products Matters

Employing offensive security technologies and techniques to validate security controls has been commonplace for a few decades now. But more recently, we have seen the rise of automated platforms, particularly in cloud-based environments, that augment and amplify an ethical hacker or red team’s ability to stress test security at a scale and speed (and on a continuous basis) that wasn’t available previously. Modern capabilities like these empower organizations with an unprecedented level of scrutiny into, and confidence in, the strength of their organization’s defensive posture. In fact, regular third-party testing should be an essential practice of any comprehensive security program today.

But what of the underlying security technologies themselves? How are they evaluated? How do we confirm that they do exactly what they say? How can customers have confidence that the product they’re buying does in fact deliver the security benefits that the vendor claims? With macro-economic trends pointing towards a tightening of purse strings, every dollar spent needs to contribute measurably towards resilience. Customers need assurances that their investments will deliver expected benefits and a real return on investment.

In this joint session Illumio, the Zero Trust Segmentation Company, and Bishop Fox, the leaders in offensive security testing and adversarial emulation, come together to discuss the value of testing security technology capabilities using the same approaches that are used to examine customers’ security controls. Drawing on collaborative work from the last three years, Illumio and Bishop Fox will establish why testing the “security of security tools” should be encouraged, how security vendors can build a plan to test the efficacy of their products (then feed those findings into a continuous improvement cycle), what results customers should be looking for in such testing reports, and what it really means when a security technology claims to be ‘effective’.

This session is aimed at security vendors, security practitioners and customers who purchase security solutions. By attending this session, you will come away with a clear understanding of how security technologies should be tested, how test results can be leveraged to determine the ROI of a security investment, and - most importantly – whether the technology will deliver the expected benefit for the use case it is being targeted for.