Enterprises individually face the third largest economy of the world after those of the US and China—the cybercrime economy that is growing 15% each year. It was a $3 trillion industry in 2015 and will grow to a $10.5 trillion industry by 2025. The cybercrime economy already costs the real and productive global economy a trillion dollars in damages annually.
Enterprises also face a bewildering range of cybersecurity solutions that tackle different layers and areas of the cyberthreat landscape, as well as increasing demands for compliance from regulators, shareholders, and insurance companies.
In response to these major challenges for enterprises worldwide, MEF has developed and published industry standards and delivered a new certification program* underpinned by those standards. Together, these standards and certification program help service providers deliver cybersecurity services that protect their enterprise customers in the constantly evolving worlds of cybercrime and cybersecurity.
*The program is currently in beta phase and will enter general availability in 2024.
MEF has published standards in three core areas of cybersecurity—SASE, Zero Trust, and SD-WAN.
These MEF standards enable all stakeholders to use the same terminology and core concepts on which to build solutions that shrink the attack surface of enterprises by minimizing vulnerabilities introduced by bespoke, proprietary approaches to cybersecurity.
SASE Certification = SD-WAN Certification + SSE Certification + Zero Trust Certification
MEF’s approach to certification of cybersecurity service providers is modular.
Under the unifying umbrella of SASE (Secure Access Service Edge), service providers can certify their service’s effectiveness in the following scorecard categories:
Based on the score achieved, the certifying company achieves a badge displayed on the MEF website.
In the current phase of the cybersecurity services certification program, the certification is derived from the certification of the cybersecurity technology vendor used by the service provider. The next phase of the program will extend the service certification to include Information Technology Infrastructure Library (ITIL) and technology integration aspects of the cybersecurity service.
MEF 3.0 Cybersecurity certifications for services enables service providers to establish a standards-compliant presence within a federation of automated networks.
CyberRatings.org is a nonprofit organization formed by former executives from NSS Labs to provide transparency through testing.
NSS Labs was an independent analysis and testing company recognized around the world for its fact-based cybersecurity guidance. Vikram Phatak, founder of CyberRatings.org, was CEO of NSS Labs from 2007–2018.
Launched in December 2020, CyberRatings acquired the assets of NSS Labs to jump start its testing program. Initial testing began in a dedicated data center followed by a physical lab now running in Austin, Texas.
CyberRatings’ proprietary ratings system (similar to Moody’s) provides guidance on the capabilities of products and services in a language understood by all.