Secure Computing's Sidewinder G2 Security Appliances Attain First and Only EAL4+ Common Criteria Certification Against US Government Application-Level Firewall Protection Profile
World's Strongest Firewall Exceeds Highest Internationally Recognized Certification Level
SAN JOSE, Calif.--(BUSINESS WIRE)--Aug. 10, 2004-- Secure Computing Corporation (NASDAQ:SCUR), the experts in securing connections between people, applications, and networks(TM), today announced that the company's recently introduced line of Sidewinder G2(TM) Security Appliances has achieved EAL4+Common Criteria (CC) certification. EAL4 is presently the highest internationally recognized Evaluation Assurance Level, and Sidewinder added FLR.3 flaw remediation assurance (the +) which is also internationally recognized.
The Sidewinder G2 certification includes compliance to the U.S. Department of Defense Application-level Firewall Protection Profile for Basic Robustness Environments. Even though this protection profile only requires EAL2, Sidewinder's certification was enhanced to EAL4, with added augmentation to include the FLR.3 requirement for tracking and correcting security flaws. The result is far greater product assurance in the areas of design, implementation, test, vulnerability analysis and flaw remediation. Sidewinder G2 remains the only security appliance or firewall to meet any U.S. Department of Defense-defined application-level firewall protection profile with an EAL4 or higher certification.
The protection profiles (PP) developed by NSA (U.S. National Security Agency) provide an independent set of benchmarks to validate how well competing security products, such as firewalls, address threats that exist in real-world environments. The U.S. National Information Assurance Acquisition Policy (NSTISSP No. 11) now mandates that U.S. government agencies only purchase information security products that have been evaluated against a common set of protection profiles.
IT executives are becoming aware that all EAL4+ CC certifications are not equal because the scope of security requirements and product functionality can vary greatly. In this case, Sidewinder increased the scope by complying with a US Government Protection Profile and also included the appliance's operating system, SecureOS(R). Unfortunately, many firewall vendors define a lesser set of security requirements for evaluation.
"Most firewall vendors do not include their operating system for a Common Criteria evaluation at EAL4+," said Mike Gallagher, senior vice president of product development for Secure Computing Corp. "This is a key differentiator in favor of Sidewinder G2 in that competing offerings often sit atop commercial operating systems and their associated vulnerabilities and security flaws. This means that regardless of how hardened the firewall application itself may be, it is often only as secure as the OS on which it sits. There has never been a CERT advisory posted against Secure Computing's SecureOS(R) operating system."
"We completed the Sidewinder G2 Security Appliance certification just five months after our general availability to ensure we meet the NSTISSP's compliance standards," said Rick Kruse, vice president of firewall engineering at Secure Computing, "This rapid certification turnaround is a testament to the quality of Sidewinder G2, its underlying security architecture, and our disciplined approach to software development and release documentation."
The Sidewinder G2(TM) Security Appliance consolidates the widest variety of security functions in one line of appliances, thereby greatly reducing the management complexity for IT professionals. These security functions include an unprecedented Application Defenses(TM) firewall with application-level intrusion prevention; protocol anomaly protection; a secure e-mail, Web, and DNS gateway; anti-spam; anti-virus; IPSec VPN; IDS and response; outbound Web access filtering; SSL termination, and clientless VPN access. Some functions beyond the scope of the protection profile were not evaluated; customers should refer to the Security Target and Certification Report for details of those functions not covered by the evaluation.
About Common Criteria
The Common Criteria for Information Technology Security Evaluation (CCITSE) is a set of evaluative criteria agreed to by the National Security Agency/National Institute of Standards and Technologies and equivalent bodies worldwide. It was designed to resolve technical and conceptual differences among existing standards for evaluating network security systems and products. An international standard for levels up to EAL4 -- ISO 15408 -- the Common Criteria represents the outcome of efforts to develop criteria for evaluating IT security that are widely accepted within the international community and mutually recognized by 19 countries: US, UK, Australia, Austria, Canada, Finland, France, Germany, Greece, Hungary, Israel, Italy, Japan, The Netherlands, New Zealand, Norway, Spain, Sweden and Turkey.
About Secure Computing
Secure Computing (NASDAQ:SCUR) has been securing the connections between people and information for over 20 years. Specializing in delivering solutions that secure these connections, Secure Computing is uniquely qualified to be the global security solutions provider to organizations of all sizes. Our more than 11,000 global customers, supported by a worldwide network of partners, include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. The company is headquartered in San Jose, Calif., and has sales offices worldwide. For more information, see http://www.securecomputing.com.
All trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
This press release contains forward-looking statements relating to the common criteria EAL4+ certification for the Sidewinder G2 Firewall, and the expected benefits of such certification and relationship, and such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are competitive pressures, technical difficulties, changes in customer requirements, delays in product development, undetected software errors or bugs, general economic conditions and the risk factors detailed from time to time in Secure Computing's periodic reports and registration statements filed with the Securities and Exchange Commission.
Contacts
Secure Computing Corporation
David Burt, 206-892-1130
David_Burt@securecomputing.com
or
The KMC Group
Pam Miller, 425-450-9965
pamm@kmcgroup.com
[ Comment, Edit or Article Submission ]
