Tag: Ian Foo

Futuriom: NSS Labs Is Back! And That’s a Great Thing

Posted on by CyberRatings.org

It’s important to have quality independent testing of technology. That’s why I think it’s great that technology testing firm NSS Labs has been relaunched as NSS Labs 2.0.

Originally founded in 2007, NSS Labs was a respected testing firm that filled a vital role in independent testing for many years, putting out detailed testing of firewalls and other networking and security products from the top vendors. The original NSS Labs was taken over by a private equity company in 2019 and shuttered in 2020.

The reimagined NSS Labs has been created by original founder Vikram Phatak, who will now serve as the CEO of the new NSS Labs. The company will be wholly owned by senior partners and the executive team. Among the executives joining Phatak are Cathy Main, Chief Marketing and Communications Officer; and Ian Foo, CTO and EVP of Product. NSS Labs will also serve as the Official Testing Partner of CyberRatings.org, the non-profit that publishes public test results and research on cybersecurity technologies.

Read the full article here.

CyberRatings.org Names NSS Labs as Official Testing Partner

Posted on by CyberRatings.org

AUSTIN, TX – July 9, 2025 — cyberratings.org/ (CyberRatings), the non-profit dedicated to insight into the capabilities of cybersecurity products and services through independent testing, today announced that NSS Labs has been named its Official Testing Partner. This collaboration marks a significant step forward in delivering unbiased, high-impact cybersecurity assessments to enterprises, governments, and the public sector.

By partnering with NSS Labs, a newly re-launched and revitalized leader in independent security testing, CyberRatings reinforces its mission to bring greater clarity, accountability, and objectivity to an increasingly complex cybersecurity landscape.

“Our mission is to empower stakeholders with the data they need to make confident security decisions,” said Ian Foo, CTO and EVP of Product for NSS Labs. “By serving as the Official Testing Partner to CyberRatings, NSS Labs will help extend that mission, combining our lab’s deep technical expertise with CyberRatings’ commitment to transparency.”

Partnership Highlights

  • Methodology-Driven Testing: CyberRatings will continue to develop robust, real-world test methodologies and will contract with NSS Labs to execute independent testing on behalf of CyberRatings.
  • Publication of Results: The test results will be published by CyberRatings, offering end users unparalleled visibility into how products perform against sophisticated, evolving threats.
  • Thought Leadership and Education: In addition to product testing, NSS Labs will contribute to educational initiatives from CyberRatings—authoring comparative studies, providing expert commentary, and participating in forums that advance cybersecurity best practices.

A Shared Vision for Cybersecurity Assurance

NSS Labs, newly relaunched as “NSS Labs 2.0,” brings a rich heritage as the gold standard for cybersecurity product testing, now enhanced by interactive tools, expanded testing of advanced technologies (including AI/ML-powered defenses and post-quantum cryptography), and a leadership team deeply experienced in cybersecurity strategy and technical validation.

CyberRatings will continue to set the benchmark for transparency in cybersecurity by openly publishing the results of these rigorous tests. This shared commitment to integrity and openness ensures that organizations worldwide can make more informed decisions about cybersecurity investments—backed by credible, real-world data.

MEF: Securing the Future – Certifiably SASE

Posted on by CyberRatings.org

Ian Foo, CTO and EVP of Product for CyberRatings.org, MEF’s testing and certification partner, details the rise of cybercrime, particularly state-sponsored cyber threats, and the critical need for securing operational technology. He discusses the role of SASE certification in mitigating these risks, highlighting its comprehensive testing methods for malware, exploits, and evasions. How does third-party certification enhance vendor trust and validate enterprise security and performance amid rising cyber threats?

In this Executives at the Edge episode, host Pascal Menezes explores these topics and more with Ian Foo of CyberRatings.org:

  • How is the cyber-crime space evolving?
  • Which industry opportunities and challenges are key in the SASE arena?
  • How does CyberRatings.org’s testing for MEF SASE certification differ from other types of testing in the industry?
  • What value does testing and certification bring to the table for SASE vendors, service providers, and enterprise end users?
Listen to the full podcast here.

New Test of Google Cloud Platform’s Next Generation Firewall Shows Dramatic Improvement

Posted on by CyberRatings.org

 Austin, TX – January 21, 2025 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed a follow up independent “Mini-Test” of Google Cloud Platform’s Next-Generation Firewall (GCP NGFW). This new test follows the same methodology for the test results of three Cloud Service Providers (CSPs) published November 26, 2024. The security effectiveness score for Google’s cloud firewall improved from 50.57% to 86.97%.

“Last November’s cloud native firewall test results from Cloud Service Providers surprised a lot of people, including the product team at Google,” said Vikram Phatak, CEO of CyberRatings.org. “They wanted to understand what had caused their low score, and after reviewing use cases with them, one key recommendation was to modify their firewall’s default behavior,” adds Phatak.

By applying Google’s guidance to modify the firewall’s behavior to block exploits targeting low to high severity vulnerabilities (vs. the default of just triggering alerts for low to medium, and only blocking for high), security effectiveness increased dramatically. Testing was conducted using the same set of exploits as the original test in November using the KeySight CyPerf 5.0 strikes library. Only known Common Vulnerabilities and Exposures (CVEs) from the last ten years with a severity of medium or higher were used to assess security effectiveness, usability, and protection. The exploits (CVE) targeted servers and cloud workload deployments.

“This improvement underscores the value of fine-tuning security settings based on vendor best practice recommendations to maximize protection,” said Ian Foo, CTO and EVP of Product at CyberRatings. “The collaboration exemplifies how open communication, and shared goals can drive positive outcomes. At CyberRatings, we’re proud to work with organizations like Google to help ensure enterprise users benefit from secure and effective cloud-native solutions,” adds Foo.

This updated test for GCP remains in part one of a two-part test. Part two (the comprehensive comparative test) will include a higher number of exploits, along with evasions and malware as outlined in the Cloud Network Firewall Methodology v3.0. The second part of the test is expected to publish in March, comparing cloud service provider native solutions against market leading third-party cloud network firewall providers.

The native firewalls were tested using Keysight’s CyPerf v5.0 software testing platform. Enterprises can easily replicate the results with a 2-week free trial from Keysight. Further details of the strike library can be found here: https://www.keysight.com/us/en/products/network-test/cloud-test/cyperf.html

The test report is available for free at CyberRatings.org.

Ian Foo joins CyberRatings as Chief Technology Officer and EVP of Product.

Posted on by CyberRatings.org

Austin, TX – July 9, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, announced today that Ian Foo has joined as Chief Technology Officer (CTO) and Executive Vice President of Product. Tim Otto, also a veteran in cybersecurity technologies, has joined as Vice President of Test Operations.

Foo will be responsible for developing new testing programs, products, and building out the CyberRatings Spot Check service announced earlier this year. Otto’s responsibilities include test execution and expanding laboratory operations. Each executive brings more than 20 years of experience in evolving cybersecurity technologies.

Foo comes to CyberRatings from Google, where he was Senior Product Manager focusing on Cloud Networking and special projects within Google Cloud Platform (GCP). There he drove vision, strategy, roadmap, and development of networking and routing at global scale to create platforms enabling effective enterprise cloud transformation for Google’s customers. Prior to Google he was Director of Product & GTM for Service Providers at Commvault where he led product management for Service Provider transformation from traditional on-premises solutions to Cloud SaaS based models and platforms. Earlier in his career he held senior product and technical leadership positions focusing on security, enterprise solutions, service provider solutions, data center networking, global scale routing, and Software Defined Networking (SDN) at several global technology companies including Huawei, Cisco, and BBN/GTE Internetworking/Verizon.

Otto has a long history in testing cybersecurity products. Most recently he was Technical Marketing Engineer Director at Juniper Networks where he ran competitive and 3rd party testing for Juniper Networks Security branch. Prior to Juniper he was Domain Manager and Testing Team Lead for NSS Labs where he led the team that designed the harnesses and tests for all of the network security tests run by NSS Labs.

Both Foo and Otto will be reporting to CEO Vikram Phatak.

“We are incredibly fortunate to have both Ian and Tim joining our team,” said Vikram Phatak, CEO of CyberRatings.org. “Their wealth of experience and leadership skills will be a tremendous asset as we grow the organization.”