At CyberRatings, our mission is to provide objective, real-world validation of cybersecurity products, ensuring enterprises have the insights they need to make informed security decisions. To achieve this, we employ a rigorous, industry-leading testing methodology, leveraging a combination of commercial, open-source, and in-house developed tools.
The Tools Behind Our Testing
Our testing arsenal consists of both commercial and custom-developed platforms, allowing us to generate realistic and complex network conditions. One of our key technology partners is Keysight Technologies, whose platforms—including CyPerf, PerfectStorm, BreakingPoint, and Network Emulator—enable us to simulate high-scale network traffic and sophisticated attack scenarios. Additionally, we have partnered with TeraPackets, utilizing their advanced traffic replay tools when needed.
Comprehensive Threat Testing
A critical aspect of cybersecurity validation is ensuring products can detect and block real-world threats without excessive false positives. To accomplish this, we curate threat packages from a vast range of sources, including:
- Exploits from 240,000+ known vulnerabilities documented in the CVE database. These exploits are carefully selected based on the focus of each test program, ensuring alignment with real-world security concerns. Our library includes both commercially sourced and in-house developed exploit samples.
- Malware from over 1,000,000+ live samples publicly available across the internet, covering a wide range of threat actors and attack techniques.
- Advanced evasion techniques, meticulously crafted to test how well security products handle obfuscation and bypass attempts. Our in-house techniques allow us to apply hundreds of evasion layers on malware and exploit samples, creating millions of potential threat variations.
- Legitimate application traffic to assess the rate of false positives, ensuring that security solutions effectively distinguish between malicious and benign activity.
Business and Technical Value
Our approach to testing provides tangible business and technical benefits for enterprises, security teams, and vendors alike:
- Enterprises gain confidence in the products they deploy, knowing they have been tested against real-world threat conditions rather than artificial lab environments.
- Security teams receive actionable insights, helping them choose solutions that offer strong protection while minimizing disruptions from false positives.
- Vendors benefit from transparent, data-driven validation, allowing them to optimize product performance and improve detection efficacy based on objective results.
By leveraging industry-leading tools, an extensive threat database, and advanced evasion techniques, CyberRatings sets the standard for security validation, helping organizations navigate the evolving cybersecurity landscape with confidence.