IBM Raises the Bar on Security Testing

IBM Internet Security Systems Challenges the Security Industry to Support Monthly Testing for Consistent, Pre-Emptive Security Against Evolving Threats

ATLANTA, GA - IBM (NYSE: IBM) announced today it is the first vendor to commit to monthly testing to measure the security effectiveness across its entire product portfolio. The testing will be conducted by NSS Labs, a leading global independent testing lab that focuses on security product testing and certification. At the same time, IBM Internet Security Systems (ISS) is announcing results from its latest NSS Labs Security Update Monitor (SUM) report from December that showed 100 percent protection against tested exploits.

IBM ISS began measuring the effectiveness of its security products in 2002 to ensure its strong research and development arm was keeping up with the ever evolving threat landscape. In late 2008 the company chose to test its entire portfolio of products, from its unified threat management tool to host and network security, for third-party validation across its product portfolio. In addition to security effectiveness testing, IBM ISS submitted the IBM ISS Proventia Server for Windows 2.0 and the Proventia Multifunction Gateway products for PCI suitability testing to verify the presence of functionality required by the Payment Card Industry Data Security Standard (PCI DSS).

“Because cybercrime evolves at such a fast pace, security tools and companies must constantly prove their effectiveness,” said Rick Moy, President of NSS Labs. “The IBM GX6116 Network IPS product showed 100 percent accuracy in protecting against the latest threats selected by NSS in December 2008, up from 96% in November. IBM has set the bar incredibly high. Together, IBM and NSS Labs encourage the rest of the industry to monthly test their entire product portfolios and use this healthy competition to drive even greater innovation.”

The December SUM report was based on testing of IBM ISS’ Proventia Network IPS security product against the current set of threats. NSS Labs used a range of threats against the most common applications and operating systems spanning as far back as four years to reflect some of the most current attacks as well as older threats which are still prevalent. The full SUM report can be found at: http://nsslabs.com/IPS-SUM/ibm-iss-proventia-nips-gx6116-2008-december.html

In addition to IBM ISS’ significant SUM results, in April 2008, NSS Labs validated the comprehensive PCI DSS functionality support in both the Proventia Multifunction Gateway and Proventia Server for Windows 2.0. And late last year NSS Labs also tested IBM ISS Proventia Server for Windows 2.0 which was found to detect and block 98.5 percent of all attacker initiated exploits.

The combination of these tests shows a commitment to increase the security for each of the IBM ISS products as well as ensuring that the proper features are in place to help customers demonstrate security compliance.

“Monthly testing isn’t only a call to the industry to raise the bar, but a commitment to our customers to keep reducing the cost and complexity of security,” said Greg Adams, director of product and services management at IBM ISS. “Everything we do is intended to ease the lives of our customers and this is one more step in taking the burden off of their shoulders.”

IBM is the world’s leading provider of risk and security solutions. Clients around the world work with IBM to help reduce the complexities of security and strategically manage risk. IBM’s experience and range of risk and security solutions are unsurpassed -- from dedicated research, software, hardware, services and global Business Partner value -- helping clients secure business operations and implement company-wide, integrated risk management programs.

About NSS Labs
Founded in 1991, NSS Labs is a globally recognized leader in independent security and performance testing and certification. NSS Labs performs among the most comprehensive, high-performance security validation in the industry. Our proven methodologies reflect real-world traffic and usage conditions, helping information security professionals understand how products will work in their environments. NSS is a participating organization in the PCI Security Standards Council and a member of AMTSO. For more information, visit: www.nsslabs.com.

About IBM
For more information about IBM, please visit www.ibm.com