Test Report November 2007. Cyberoam Identity Based UTM Appliance Unified Threat Management Technology Report

Test Report November 2007 Cyberoam Identity Based UTM Unified Threat Management Technology Report

Vendor Details Name: Elitecore Technologies Address: 29 Water Street, Newburyport, MA 01950, USA Telephone: +1-978-465-8400 Website: www.cyberoam.com Product: Cyberoam CR Series 50i, 100i, and 250i Models Test Laboratory Details Name: West Coast Labs, Unit 9 Oak Tree Court, Mulberry Drive Cardiff Gate Business Park, Cardiff, CF23 8RS, UK Telephone: +44 (0) 29 2054 8400 Date: November 2007 Issue: 1.0 Author: Rob Tanner Contact Point Contact name: Rob Tanner Contact telephone number: +44 (0) 29 2054 8400 2

Contents Test Objectives 4 Checkmark Certification 5 The Product 6 Test Report 7 Test Results 11 West Coast Labs Conclusion 13 Security Features Buyers Guide 14 Test Methodology and Specifications 21 3

Test Objectives Through a series of rigorous tests, West Coast Labs is providing a thorough examination of all the main technology components in the devices under test in a real world test environment to establish the level of functionality and performance of both. For the purposes of this Product Test Report, West Coast Labs tests the following technologies: Firewall VPN Anti-Spam URL Filtering IPS West Coast Labs engineers test and evaluate each device in a controlled environment. Throughout the test period, each product has internet access and is configured as recommended to update online. The testing environment mirrors that of a small to medium sized business and the internal interface of the firewall is connected to a 100Mbs network, and traffic loads are set accordingly. Products are tested in accordance with the functionality and performance criteria, which form the Checkmark certification programs for Firewall, VPN, IPS, URL Filtering and Anti-Spam. (See Appendix D). 4

Checkmark Certification Upon completion of all testing within each UTM technology subset, individual product results are manually analyzed and confirmed, and Checkmark accreditation is awarded on achieving the following standards: Checkmark Anti-Spam Certification Premium 97% and over Catch Rate Standard 90% and over Catch Rate Checkmark Anti-Virus Certification 100% Detection Checkmark Anti-Spyware Certification 100% Detection Checkmark IPS Certification 100% Detection and Prevention Rate Checkmark URL Filtering Certification Premium 100% adherence to policy Standard 95% and over adherence to policy Checkmark Enterprise Firewall Certification 100% adherence to policy Checkmark VPN Certification 100% adherence to policy 5

The Product Introduction The Cyberoam range of UTM solutions are designed to meet the diverse and complex security requirements of multiple organisation types; from SOHO via SME to Enterprise. The solutions are ordinarily deployed as gateway appliances, each contains a core set of security components, including firewall, VPN, IPS, anti-virus, anti-spam, URL content filtering, and spyware blocking engines. The hardware is usually rack-mountable and has a dedicated serial console connection for management. The devices contain multiple Ethernet interfaces that are configurable to meet the diverse networking requirements of most organizations. 6

Installation and Configuration The solutions proved straightforward to install. Initial configuration was achieved by directly connecting a cross-over cable between a management computer and port A on the Cyberoam appliances. The IP address of the management computer was set to 172.16.16.2 with a 24 bit subnet mask, to allow data connectivity to the default IP address of the appliances. Connecting from the management computer, the devices were configured via a web browser, to remotely access an integrated set-up wizard. Using the wizard, West Coast Labs enabled the in-built Ethernet ports and assigned IP addresses to WAN, LAN, and DMZ interfaces, in a gateway mode configuration. In addition to the web console, the solution may be remotely configured via telnet and ssh client software, providing increased flexibility. The appliances ship with accurate documentation and the included quick start guide proved particularly helpful during the initial set-up process. 7

Operations and Features The solutions are easily and securely managed via an SSL-encrypted central web-based console, normally accessed from a standard web browser. All management options are available via a hierarchical menu system that is intuitively laid out. Specific appliance functionality is controlled and defined by multiple policies from within this console. The solutions provide in-built anti-malware capabilities that actively scan incoming and outgoing traffic to identify viruses, spyware, and other malicious content. The solutions dynamically scan the HTTP, FTP, IMAP, POP3, and SMTP protocols. The appliances contain an antispam technology that uses Recurrent Pattern Detection, designed to identify zero-hour spam in both text and image based email. The antispam engine can be configured to process SMTP, POP3, and IMAP traffic for maximum coverage. 8

The Cyberoam approach to content filtering is effective and is based on the database analysis of application traffic including HTTP, IM, and P2P to identify and restrict access to specific content such as adult, undesirable, and illegal materials, as specified by pre-defined policies. Advanced firewall features include stateful and deep packet inspection, protection from flooding attacks, and rules for security that protect not only by IP address but also by user identity for deployment in static, DHCP and Wi-Fi environments The VPN module is tightly integrated with the firewall, providing industry standard L2TP and IPSec remote access and tunnelling capabilities. Both Preshared Keys and Digital Certificate authentication are supported. The solutions use an integrated IPS technology designed to block multiple attack types including intrusion attempts, DoS attacks, and blended threats. The IPS engine ships with a range of in-built policies to use out-of-the-box, in addition, administrators can easily create and tailor new policies to match their particular requirements. For example, administrators can configure the policy controls to simply detect individual attacks or to block such attacks, as required. Specific policies for Surfing Quota, Access Time, Internet Access, Bandwidth, and Data Transfer controls are easily created, and managed to a granular level. In some cases, once a policy has been defined, administrators can simply select the Enable or Disable settings via a radio button. Alternatively, certain settings may be changed using a checkbox or dropdown menu. The focus is on policy ease-ofuse, and any policy changes can be instantaneously applied to the devices. 9

Reporting A management dashboard provides the administrator with a snapshot of current system activity, in both graphical and tabular form. Additional information viewable on the dashboard shows DoS and intrusion attack status and recently detected malware statistics, as well as user identity information relating to internal threat sources. Cyberoam solutions also provide a comprehensive and flexible report generation engine, allowing an administrator to extract data from almost every system facet, co-relating it with identity information to give reports in tabular, graphical, printable, and CSV formats. Built-in reports allow for the generation of data across the main threat protection functions of the appliance, including anti-virus, anti-spam, VPN, and IPS components. Additional reports include data on Web Surfing, Traffic Discovery, Internet Usage, and Trends. Each of the main reporting categories is further enhanced by the inclusion of URL links, that allow administrators to quickly and easily view a snapshot of recent activity for example, the top users by internet surfing time or the top intrusion alerts. A system audit log is also available in the reports section 10

Results West Coast Labs tested anti-spam capabilities by directing a live internet domain feed at the solutions, containing a mixture of spam, genuine, and gray email. The solution acted as an email proxy between a preconfigured internal mail server and the external internet feed. The anti-spam test results are set out in the table below. Type of Mail Detected as Genuine Detected as Spam GENUINE 100% 0% SPAM 4% 96% In order to rigorously test the Cyberoam anti-spyware and antivirus engines, West Coast Labs introduced live malware within an isolated test environment to the network. Delivery vectors included a combination of HTTP, SMTP, and POP3 based streams. The solutions successfully blocked 100% of the West Coast Labs test suite. West Coast Labs tested the enterprise firewall components of the solutions using a combination of commercial, proprietary and open source tools. The tests included scans, intrusion attempts, packet injectors, and live worm samples, all within a controlled and isolated test environment. Packet capture and logging tools listening on all appropriate Ethernet interfaces were used to check whether any unwanted packets had traversed the solutions under test and contravened the underlying firewall policy. The solutions successfully prevented all attacks within the test suite. IPS testing was conducted using a combination of open source, commercial, and in-house developed tools. Verified published exploits were routed through the appliances in an attempt to circumvent 11

security and breach the protected network. Evasion techniques were simultaneously employed for the same purpose. All exploits triggered the Cyberoam IPS engine to successfully prevent all attacks, in line with the policy settings on each solution under test. West Coast Labs performed URL filtering tests on the solutions using specially developed proprietary software based around a well known internet browser that attempted to access live internet sites containing a variety of content types, including predefined restricted content as applied in the solution's current URL policy. The appliances did not allow access to any restricted content and performed in accordance with policy. A VPN was configured using the in-built functionality of the solutions under test. The VPN was subsequently probed and attempts made to contravene user access policy between live services on each separate VPN connected network. Basic encryption assurance and the integrity of the management console were also assessed as part the test process. The appliances policy controls were not contravened at any point and all tests were passed. West Coast Labs is pleased to award the Cyberoam CR Series the Anti- Spam, Anti-Spyware Gateway, Anti-Virus Gateway, Enterprise Firewall, IPS, Unified Threat Management, URL Filtering, and VPN Checkmarks. 12

Conclusion Cyberoam UTM appliances are proven, effective security solutions. Powerful protection capabilities, designed to counter attacks from multiple infection vectors, combine with straightforward administrative controls and advanced reporting that includes user identity data, to form a strong defensive barrier against internal and external threats. The appliances are simple to deploy and configure, supported by extensive documentation and a useful system integrated help guide. The configuration process is further enhanced by the straightforward layout of the menu system, helping to ensure that common administrative tasks are easy to execute. The robust security components of each appliance proved resistant to real-world attack methods and techniques, protecting multiple business crucial protocols. Such resilience should help to ensure that the appliances are a viable asset to the security conscious business of all sizes. 13

Security Features Buyers Guide The Product Cyberoam provides enterprise class, unified security with user visibility and controls through its unique Identity-based UTM appliances. The appliances deliver Firewall-VPN, Gateway Anti-virus, Anti-malware, Anti-spam, IDP and Content Filtering. url : http://www.cyberoam.com 14

Security Features Buyers Guide Business benefits... as stated by Cyberoam Cyberoam Identity-based security a) User and Application Visibility for security: Instant visibility into Who is accessing What b) Business Flexibility: Allows administrators to create customized identity based security policies based on work profile c) Dynamic Environments: Identity-based security in dynamic environments like DHCP and Wi Fi and multi-user environments where IP address based rules fail. d) Regulatory Compliance: Enables adherence to regulatory compliances through user based security controls and identification thus reducing the compliance cost by shortening audit cycles. Cyberoam UTM a) Unified Security: Delivers enterprise class Stateful Inspection Firewall, VPN, Gateway Anti-virus, Gateway Anti-malware, Gateway Antispam, Intrusion Detection and Prevention IDP, Content Filtering, Bandwidth Management and Multi-Link Manager over a single platform. b) Lower Capex and Opex: Single appliance eliminates need for multiple boxes, maintenance contracts, upgrades and maintenance. c) On- Reporting: All Cyberoam appliances come with reporting as standard feature significantly reducing the cost of solution acquisition for SMBs d) Centralized Management: Identity-based security and deployment of Cyberoam Central Console gives centralized control over remote and branch locations without IT staff at these locations. url : http://www.cyberoam.com/downloads/brochure/cyberoambrochure.pdf http://www.cyberoam.com/corporates.html 15

Security Features Buyers Guide Technical benefits... as stated by Cyberoam a) Identity-based Stateful Firewall: Uses user identity as a key parameter in the rule matching criteria ensuring single consolidated security. b) External Authentication: Supports integration with Active Directory, LDAP, Windows Domain Controller, RADIUS and local database. c) Covers the whole range of protocols: HTTP, FTP, FTPoHTTP, SMTP, POP3, IMAP. It also scans for IM, P2P traffic. d) Real time IDP Alerts with identity information: Know who is doing what allowing one to identify the users creating violations and vulnerabilities immediately e) Self-Service Virus Quarantine: Users can self-manage quarantined emails, saving IT staff precious time. f) Active-Active High Availability for protection against hardware failure and to maximize network uptime for uninterrupted access to business-critical applications. url : http://www.cyberoam.com/datasheets.html 16

Security Features Buyers Guide Developments over the last 12 months... as stated by Cyberoam Some of the significant developments during last 12 months include: Regulatory Compliance: Cyberoam s identity-based security identifies and controls users, enabling organizations to meet regulatory compliance and shorten audit cycles. Zero-Hour Protection: Offers protection before signatures are released against emerging malware outbreaks. Protection against Evolving Threats: Cyberoam Anti Spam s recurrent pattern detection technology is content agnostic and detects and blocks emerging spam outbreaks, including image, PDF, Excel, MP3 spam. Expansion of the Range: Cyberoam launched CR 25i, and Cyberoam Central Console (CCC). CR25i meets the comprehensive security demands of the Small Office Home Office (SOHO) and Remote Office Branch Office (ROBO) market. CCC enables Managed Security Service Providers and large enterprises across a broad spectrum of vertical markets protect themselves against zero-hour threats by managing and monitoring multiple dispersed Cyberoam appliances from a centralized location. Enterprise-Grade Security: Cyberoam s identity-based UTM appliances offer powerful performance through robust features like Active-Active High Availability with load balancing between Cyberoam appliances and stateful failover minimizes single point of failure and ensures business connectivity Dynamic Routing provides rapid uptime, increased network throughput with low latencies and trouble-free configuration to expedite network 17

growth Virtual LAN support enhances customers ability to create work profilebased groups across distributed locations and policy setting. Continuous performance enhancements to strengthen enterprises ability to meet tough security requirements and deliver high price-toperformance ratio. 18

Security Features Buyers Guide Additional Noteworthy Product Features... as stated by Cyberoam Stateful Inspection Firewall Identity-based stateful firewall ensures consolidated security by allowing rules based on user in addition to source, destination and service. Policy-based control for anti-virus, anti-spam, IDP, content filtering, bandwidth management from firewall settings Multiple zone security with separate level of access rule enforcement for each zone Gateway Anti-Virus Self-service quarantine area Customized individual user scanning Malware protection Scans HTTP, FTP, SMTP, POP3, IMAP traffic Gateway Anti-Spam Filters based on message header, size, sender, recipient Tags subject line Redirects spam mails to dedicated email addresses Protects against image, pdf, excel, MP3 and other spam variants Intrusion Detection and Prevention 2500+ intrusion detection signatures Multiple, zone-based, user-based IDP policies Blocks HTTP proxy traffic Content Filtering WebCat Automated web categorization engine with millions of sites in 65+ comprehensive categories in addition to custom categories HTTP upload block Identity-based Internet access policies Blocks malware, phishing, pharming URLs Custom block messages per category Blocks Java applets, cookies, Active X 19

Enables adherence to regulatory compliances through user-identity based visibility and controls VPN IPSec, L2TP, PPTP VPN Domain name support for tunnel end points Bandwidth Management Application and user identity-based bandwidth management Guaranteed and burstable bandwidth policy Application and user identity-based traffic discovery Multi-WAN bandwidth reporting Identity-based Controls Controls based on access time, time quota, data quota Schedule- and identity-based committed and burstable bandwidth Schedule- and identity-based P2P and IM controls Automatic Windows Single Sign On Authentication through Active Directory, LDAP, Windows Domain Controller, RADIUS, internal database Networking Multiple Link auto failover WRR-based load balancing Multiple zone support Policy routing based on application and user Support for HTTP proxy mode deployment Parent proxy support 20

Test Methodology and Specifications Firewall Test Environment The test environment will consist of three distinct networks: the external (Internet), DMZ and internal (protected). The external network may include a telnet host, Web server, FTP server, DNS server and a "hacker" client to simulate the internet. The DMZ network may include a Web server and FTP server. The internal network may include a DNS server, SMTP server, file/print server, Web server and a "hacker" client. Machines on the internal and DMZ networks are not configured in a secure manner: they rely totally on the protection of the firewall. The firewall is the only link between the DMZ, internal & external networks. The link between the firewall and the external network is via a simple router. No packet filtering will be configured on this router: all protection must be provided by the firewall. Network monitors, protocol analysers and security monitors are employed on the external, DMZ and internal networks. Firewall Configuration The firewall is to be configured to provide the various services and enforce the various restrictions specified in this document. All firewalls are to be provided initially with an "out of the box" configuration, although vendors will be invited to remotely access their products if they wish to provide a best fit configuration. Network ranges will be provided to vendors as appropriate. No patches or configuration options will be allowed which are not available to the general public either in a current release or via a recognised and generally available support source. The configuration of all machines on the three networks will remain constant between tests. 21

Test Methodology and Specifications Firewall Service Configuration The firewall is to be configured to allow the following outbound services: Internal to External: DNS, FTP (active and passive), HTTP, SSL/HTTPS, SSH, Telnet, SMTP Internal to DMZ: FTP, HTTP, SSL/HTTPS, SSH External to Internal: DNS, SSH, and SMTP External to DMZ: DNS, FTP, HTTP, SSL/HTTPS, SSH, SMTP DMZ to Internal: syslog, SNMP Firewall Test Specifications The testing is designed to ensure that the firewall technologies under test achieve a basic level of protection against a number of common hostile attacks, from both inside and outside the organization. A range of tests will be carried out using a variety of firewall scanning tools: these will be configured with full knowledge of both the firewall and network configuration: Test that all specified outbound services (and no others) are available from internal clients. Test that all specified inbound services (and no others) are available to external clients. Test that the firewall management console is not available to any users unless authenticated. Test that the firewall is resistant to a range of known Denial Of Service (DOS) tests. Test that the firewall does not allow uncontrolled access to either the internal or DMZ networks. Test that the underlying OS is hardened and not vulnerable to known OS-specific attacks. 22

Test Methodology and Specifications Tests will be repeated in the following manner: Probe the internal network from the Internet Probe the DMZ from the Internet Probe the firewall from the Internet Probe the external network from the internal network (test security policy) Probe the DMZ from the internal network Probe the firewall from the internal network Management of the firewall will be evaluated using the following criteria: Local console must be secure. Management console should not be open to the external network. The firewall configuration should be fully protected and tamper proof (except from an authorised management station). Authentication should be required for the administrator for local administration. Authentication and an encrypted link should be available for remote administration. All attacks should be logged with date and time. 23

Test Methodology and Specifications VPN Test Environment The VPN Test Environment will be based on the specification for Firewall as shown above, although another network will be specified as a Remote Office (RO). This may contain a telnet host, DNS server, SMTP server, FTP server, file/print server, Web server and client machines. Network monitors, protocol analysers and security monitors will also be deployed on the RO network. VPN Configuration and Service Configuration Initial configuration of the RO firewall should allow no inbound traffic to services hosted on the RO network. Clients on the RO should have access to the DNS, HTTP and SSL/HTTPS servers on the External network. The initial configuration of the VPN should allow unrestricted traffic flow between the RO and the main Internal network. This should include as a minimum ICMP, DNS, FTP (active and passive), HTTP, SSL/HTTPS, SMTP. 24

Test Methodology and Specifications VPN Test Specifications The testing is designed to ensure that VPN technology achieves a basic level of security performance in that it: Allows a secure point-to-point link between two networks and between a roaming client and a network (optional) Provides authentication and access control mechanisms to restrict resource access on a per-user or per-group level Provides packet filtering or proxy services within the tunnel to restrict tunnel traffic to specific protocols or source/destination points Enforces a reasonable level of encryption and data integrity. Penetration Tests A range of penetration tests will be carried out using commonlyavailable scanning tools All tools will be configured with full knowledge of both the VPN and network configuration: Check that VPN management console is not available to any users unless authenticated and that the remote management link (if available) is encrypted or can be disabled Check that the VPN configuration is fully protected and tamper proof and that the VPN is resistant to a range of known Denial Of Service (DOS) attacks Check that the VPN has no known vulnerabilities and that it does not allow uncontrolled access to the networks behind it if traffic is restricted (see Services) Check that the VPN does not pass mis-configured packets to the networks behind it if traffic is restricted (see Services) and that the VPN correctly enforces access control policy on a per user and/or per group basis 25

Test Methodology and Specifications Additional Tests Stage 1: Probe the VPN from the protected network with no tunnel established Stage 2: Probe the VPN from the external network with no tunnel established Stage 3: Attempt to establish tunnels using incorrect credentials Stage 4: Establish a valid tunnel (gateway-gateway and optionally client-gateway) and ensure that data is being encrypted Stage 5: Probe the remote network from the local network with valid gateway-gateway tunnel established attempt to violate tunnel traffic policy (eg. pass prohibited protocols, etc.) Stage 6: Probe the remote network from the local network with valid client-gateway tunnel established attempt to violate tunnel traffic policy (eg pass prohibited protocols, etc). Stage 7: Probe the remote network from the local network with valid gateway-gateway tunnel established attempt to violate access control policy (eg. user to access restricted resources). Stage 8: Probe the remote network from the local network with valid client-gateway tunnel established attempt to violate access control policy (eg. user to access restricted resources). 26

Test Methodology and Specifications Management Management of the VPN will be evaluated using the following criteria: Local console must be secure and the Management console should not be open to the external network The VPN configuration should be fully protected and tamper proof (except from an authorised management station) Full authentication is required for the administrator for local administration Full authentication and an encrypted link is required for remote administration. If the remote link cannot be encrypted, there should be the ability to disable it. IPS Test Environment The network structure will be the same as for the VPN testing (if the DUT supports it, otherwise it should be the same as for firewall testing) with deployments of Network monitors, protocol analysers and security monitors on each network. Configuration The configuration of the DUT should be the same as the VPN testing (if the DUT supports it, otherwise it should be the same as for firewall testing). 27

Test Methodology and Specifications Testing The IPS testing module is designed to ensure that the Intrusion Detection and/or Prevention technology contributes to a basic level of protection for an organization against hostile attacks. All IPS testing will be conducted with full knowledge of the configuration of the DUT. The testing will include a variety of different testing methodologies using both proprietary and established tools and code. Further exploration and attempted exploitations will take place dependant upon the DUT and results received from scans made. The IPS will be expected to monitor all traffic between the external and internal networks. Machines on the internal network are not configured in a secure manner. Network monitors, protocol analysers and security monitors are employed on the external and internal networks. The configuration of all machines remains constant between tests. A full range of tests will be carried out using tools, which will be configured with full knowledge of the network configuration. Tools used will include port scanners and vulnerability testers. Attacks will be launched including denial of service attacks and targeted buffer overflows. The internal network will also be subject to attack using spyware, worms and Trojans drawn from the West Coast Labs AV, Spyware and Trojan test suites. The IPS will be tested for reactions to: multiple, varied attacks (flood and swarm). obfuscated URLs and obfuscated exploit payloads speed adjustments in packet sending fragmented packets The testing will also review IPS logs and alerts, matching them to vulnerability scans. They will also be matched to password cracking activity. 28

Test Methodology and Specifications Anti-Spam test Environment WCL has a number of domains available which act as honeypots for spam, receiving genuine, not canned spam. These domains receive varying levels of spam and are intended to mirror different email environments. Within each domain are designated user accounts with a variety of email practices and needs. Test Methodology During the course of testing, test engineers use several different internal and external accounts to send emails that simulate real life email transactions common in a business environment. These include requesting meetings, distributing notifications to groups and sending non-business related social emails. Emails are also sent from web-based accounts to simulate external users sending non-business related emails and home workers. Individual user accounts are subscribed to several mailing lists and daily newsletters for grey mail purposes. Each solution is configured initially to fit in with the test network using the vendor s recommendations and is placed into the stream of live mail to ascertain how it copes in an out-of-the-box situation. The only alteration made to standard working practices is that all emails should be forwarded on (although with altered headers or some sort of flag marking the offending mail as spam) to allow for later classification. For ascertaining the level of performance, each solution will receive a set number of emails. These are then classified by hand into genuine, spam and grey mail by test engineers with full knowledge of the mailing lists that have been previously signed up for. These figures are then compared with the figures given by the solution to give an overall detection rate. 29

Test Methodology and Specifications Each solution will be assessed in three specific areas Management/ Administration, Functionality, and Performance. 1. Management/Administration. Ease of Setup/Use; Logging and reporting function; Rule creation. Customization; Content Categories; Product Documentation 2. Functionality Email Processing; Allow/Blocking of Email; Quarantine Area; Blacklist/ Whitelist 3. Performance Volume or % of spam detected; False positive rate Spam incorrectly passed thru; Legitimate mail blocked

Test Methodology and Specifications URL Filtering Test Environment The tests replicate a number of hits on sites or emails received that fall outside of a prescribed Acceptable Usage Policy, along with providing genuine sites as a control group. URL Filtering Test Methodology TEST I - A proprietary piece of software loads in a list of URLs from a file. This switches through the list changing web page every 6 (six) seconds until it either runs out of URLs or receives an END command. The HTML code from each web page is appended to a log. The designated test engineer will then look through these logs to ascertain if any pages have been passed through the solution. TEST II - The list from TEST I is re-run through the software. This is accompanied by two human operators manually following a prespecified list of URLs in a pre-specified order, and also by a background load provided by specialist hardware. The logs are then appended again to a log file and will be checked further. Test Specifications Basic assessment of the solutions under test will consist of attempts to access material via the web in contravention of the security policy. A standardised user session will be employed for this purpose with reproducible http requests being generated. It is expected that attempts to access web sites outwith the terms of the security policy will be blocked, and that all such attempts will be logged and recorded. 31

West Coast Labs Disclaimer While West Coast Labs is dedicated to ensuring the highest standard of security product testing in the industry, it is not always possible within the scope of any given test to completely and exhaustively validate every variation of the security capabilities and / or functionality of any particular product tested and / or guarantee that any particular product tested is fit for any given purpose. Therefore, the test results published within any given report should not be taken and accepted in isolation. Potential customers interested in deploying any particular product tested by West Coast Labs are recommended to seek further confirmation that the said product will meet their individual requirements, technical infrastructure and specific security considerations. All test results represent a snapshot of security capability at one point in time and are not a guarantee of future product effectiveness and security capability. West Coast Labs provide test results for any particular product tested, most relevant at the time of testing and within the specified scope of testing and relative to the specific test hardware, software, equipment, infrastructure, configurations and tools used during the specific test process. West Coast Labs is unable to directly endorse or certify the overall worthiness and reliability of any particular product tested for any given situation or deployment. 32

US SALES T +1 (717) 243 5575 EUROPE SALES T +44 2920 548 400 GLOBAL HEADQUARTERS West Coast Labs Unit 9 Oak Tree Court Mulberry Drive Cardiff Gate Business Park Cardiff CF23 8RS, UK