Technology Testers \ Researcher’s \ Certifiers
There are a vast amount of vendors providing IT Security services and solutions. Choosing a product from 20 plus vendors can be an overwhelming task. Fortunately however we do have expert, none biased help out there from independent organisations.
Gartner is a very popular example. Gartner not only measures by what the service or product can do and how well the solution is designed, but also looks at the vendor as a whole. Gartner looks at the vendor's geographic strategy, innovation, future plans by the vendor, the vendor's current customer base, customer references and so on.
We also have independent organisations that provide accreditation and levels of accreditation on certain aspects. Virus Bulletin provide how well a vendor performs against viruses and spam.
FIPS and Common Criteria are government recognised standards. FIPS 140-2 will test cryptographic modules and Common Criteria test and evaluate the security assurance provided by solutions. Some firewall vendors have a subset of their products certified by Common Criteria with an Evaluation Assurance Level (EAL) at level 4.
Aberdeen Group offer research and analysis of IT companies and products. IT security is just one of a number of areas Aberdeen Group provide their professional research and results on.
AV Comparatives are an independent anti-virus testing company.
Bloor is an independent IT research, analysis and consultancy organisation.
Butler Group is an IT technology solutions research and analyst company providing analysis and advise.
Cascadia Labs provide independent evaluations of technology products. Cascadia Labs are very security focussed.
Common Criteria is an official framework where vendors can build their security technology\functionality to the standard of the framework. The technology can then be tested and evaluated and appropriately assigned a rating known as EAL (Evaluation Assurance Level). In plain english it will tell you the minimum level of protection a product / technology provides. Many companies accept firewalls at a minimum with an Evaluation Assurance Level of 4.
Federal Information Processing Standard (FIPS)140-2 is a US government computer security standard issued by NIST. It is used to accredit cryptographic modules that are implemented within hardware and software products and solutions.
Frost & Sullivan provide research in a number of industries. They report on companies, technologies and various other aspects. They have a professional research team providing customers with a global perspective of the market.
Gartner is a reputable and well known information technology research and advisory company. Gartner are famous for their Magic Quadrant graph where vendor technology is appropriately placed showing how they compare against one another.
International Data Corporation (IDC) provide intelligence and advisory services on information technology, telecommunications and consumer technology products and services.
ICSA Labs provide independent and vendor neutral 3rd party product assurance for end users and enterprises. They provide testing and certifications by measuring product compliance and performance.
NSS Labs is an independent analysis company of IT security products, functionality and technology.
Osterman Research offer market research on messaging, web 2.0, social media, collaboration, information management and others. Majority of the research comes from gathering information from end users, whom work with the vendor products themselves.
Ovum provide their own research into different areas. One area in particular is Network Infrastructure.
The Forrester Wave research and test vendor, products and services. They provide tools for end users to easily compare products.
TheInfoPro is an advisory and research company who a viewpoint on information technology solutions.
The 451 Group is an independent technology research and analyst company.
Virus Bulletin provide independent comparative testing of anti-virus products. Virus Bulletin also provide other testing such as anti-spam products.
West Coast Labs provide testing and certification of information security products.