NetEvents: IT chiefs urged to fine-tune their system defences

NSS Labs chief says most security products are operating at well below their maximum effectiveness

Certified security products might not be all they are cracked up to be, according to the head of security product tester NSS Labs.

Speaking at the NetEvents conference in Barcelona yesterday, NSS Labs president Rick Moy said that since all the 40 to 50 global anti-virus companies have been given "a blanket certification" by standards bodies, there is nothing to differentiate them from one another.

"All of them have been certified by the regular bodies, so I mean what is the point? Vendors do not want their products not to be certified, so as a result standards agencies have lowered the level of testing.

"Differentiation in products is essential. For instance, if you are using SAP as opposed to Oracle, you are going to have different vulnerabilities and this is what you should be focusing your security on," he said.

Moy also described how companies often get vendors to implement security products for them but then do not continue to monitor how they are being used.

"A lot of companies just default their security products and don't fine-tune them on a regular basis," he said.

"What they don't realise is that this often means your product could be up to 45 per cent less effective," he added.