ICSA Labs introduced a new program on to help enterprises safeguard against intrusions through network-connected devices such as printers, faxes and point-of-sale systems, as well as help device manufacturers ensure that their products are secure. The new capabilities offered by ICSA Labs--a vendor certification program and a comprehensive enterprise assessment--are designed to protect these typically stand-alone, unattended devices, which connect directly to a network but are not part of the network infrastructure itself. Also included in this product class of network-attached devices are copiers, ATM machines, digital signs, proximity readers, security cameras, and facility management systems for power, lighting and HVAC systems. ICSA Labs has found that unprotected devices such as these can allow hackers easy access to corporate networks. According to the Verizon Business 2009 Data Breach Investigations Report, many breaches occur through what is called 'unknown, unknowns,' which can involve systems such as printers and faxes. The report also points out that attackers choose the path of least resistance, targeting vulnerable systems. ICSA Labs' first new offering, Network Attached Peripheral Security (NAPS) certification, provides manufacturers an opportunity to work with ICSA Labs to help identify and remediate existing and potential vulnerabilities in the devices the manufacturers sell. The NAPS certification program service also applies to manufacturers whose products are still under development and are seeking recommendations to make their products safer.

ICSA Labs announced the availability of new reports that can help businesses that store, process or handle credit card transactions comply with industry requirements for the secure handling of this data. Payment Card Industry Data Security Standard (PCI DSS) Product Capability Assurance Reports assist organizations handling sensitive cardholder data in selecting ICSA Labs certified computer and networking security products that also help the organization meet PCI standards. In addition, the reports can guide businesses in choosing additional products and taking other security measures that may be necessary to achieve full compliance with the PCI security standard. To create ICSA Labs Product Capability Assurance Reports, data is first pulled from ICSA Labs' rigorous certification testing criteria and then compared with version 1.2 of the PCI DSS requirements to identify any overlap.

SkyRecon Systems announced that it has engaged with ICSA Labs to perform FIPS 140-2 Validation testing for its Embeddable Encryption Module(TM)--a core component of its StormShield(R) unified endpoint protection solution. FIPS 140-2 is a rigorous federal security accreditation jointly defined by the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) that establishes the standard used to accredit encryption algorithms and modules intended for use in protecting sensitive information. SkyRecon's Embeddable Encryption Module (EEM) is set to meet this standard by the end of the year, 2008. Leveraging AES 256-bit encryption standard, the SkyRecon Embeddable Encryption Module is delivered through a streamlined SDK that provides an extremely lightweight, efficient implementation of on-the-fly file-based encryption services. Upon completion of the validation, SkyRecon's own use of the EEM in their current released versions of StormShield and TradeShield solutions will provide the immediate benefit of quality assurance to its existing customers and future prospects. Similarly, technology partners that have integrated the EEM in their own product offerings will pass these same benefits on to their clients.