NSS Labs Is Back! And That’s a Great Thing

Test lab

By: R. Scott Raynovich
July 14, 2025


It’s important to have quality independent testing of technology. That’s why I think it’s great that technology testing firm NSS Labs has been relaunched as NSS Labs 2.0.

Originally founded in 2007, NSS Labs was a respected testing firm that filled a vital role in independent testing for many years, putting out detailed testing of firewalls and other networking and security products from the top vendors. The original NSS Labs was taken over by a private equity company in 2019 and shuttered in 2020.

The reimagined NSS Labs has been created by original founder Vikram Phatak, who will now serve as the CEO of the new NSS Labs. The company will be wholly owned by senior partners and the executive team. Among the executives joining Phatak are Cathy Main, Chief Marketing and Communications Officer; and Ian Foo, CTO and EVP of Product. NSS Labs will also serve as the Official Testing Partner of CyberRatings.org, the non-profit that publishes public test results and research on cybersecurity technologies.

Targeting Vendors, Enterprises and SPs

In deep technology markets with many vendors, independent testing labs serve an important role for getting information to customers. Otherwise, customers are stuck with only the propaganda from the vendors, which typically says that everything is always wonderful. There is no doubt that the business model of testing labs is difficult, because many vendors aren't incentivized to have deep tests revealed to the public.

NSS Labs 2.0 aims to diversify its offerings to avoid some of these problems, expanding its role in testing products for enterprises and service providers in addition to vendors. The new incarnation of NSS Labs will deliver “confidential, data-driven testing services.” The reimagined company aims to negotiate the tricky business model by aiming its services at three different constituencies (descriptions from NSS):

Enterprises will benefit from objective testing and continuous validation of security technologies, whether that's on-premises, in the cloud, or delivered via third-party services. These assessments can help enterprises with risk governance, supply chain validation, vendor accountability, and regulatory compliance.

Security Vendors will get rigorous third-party validation of products using real-world attack scenarios. Testing data will help refine product strategy, accelerate go-to-market timelines, and support credible claims in a competitive market.

Service Providers will receive evaluations built for multi-vendor environments, helping them benchmark offerings, support procurement decisions, and communicate service value with independently validated data.

Lessons Learned from NSS 1.0

Why now? We recently caught up with the NSS executive team. NSS Labs Founder Phatak had been supervising tests at CyberRatings.org, but he clearly felt the need to restore the mission of his former company. Phatak bought the assets of NSS Labs back from the private equity company and is once again in charge of the company he once lost.

In an email, Phatak told me that he’s inspired to take back control of the original mission.

“The biggest lesson is to be true to yourself," wrote Phatak. "Taking outside equity investment was a mistake because it changed the culture of the company. This time around, we’re following our passion and testing exciting new technologies.”

I also asked Ian Foo, CTO and EVP of Product, if he thought that there is a stronger imperative for independent testing in the current environment.

"Yes," write Foo. "In the past, security testing tended to be more of a discrete event to enable a singular point-in-time purchasing decision for security products. Whereas now ongoing or regular security validation and testing is becoming more important."

Foo also told me he believes that the quick evolution of the cybersecurity landscape means that organizations are starved for independent partners that can guide them through the complex technology. Here are the following challenges the industry faces, according to Foo:

  • The security landscape is evolving at an unprecedented pace. Threat actors are leveraging AI to continuously enhance their tools, tactics, techniques, and procedures (TTPs), resulting in a constant advancement in the sophistication of threats.
  • The widespread use of GenAI/LLMs is introducing a new era of attack surfaces, leading to increased data leakage and malicious behavior. Consequently, new security technologies, products, and solutions are emerging and require thorough validation.
  • Additionally, concerns regarding post-quantum cryptography and the “harvest now, decrypt later” strategy are growing as quantum computing edges closer to practical usability.
  • Furthermore, the shift toward cloud-based SaaS/XaaS services compels enterprises to balance change control and risk management with operational offloading. In this cloud/SaaS/XaaS environment that relies on CI/CD, security testing becomes a crucial element of supply chain auditing and governance.

Phatak and NSS Labs Chief Technology Officer Ian Foo were previously running tests for CyberRatings.org, including a very interesting test that showed gaping holes in cloud firewalls, which we pointed to here.

Partnership with CyberRatings.org

CyberRatings.org and NSS 2.0 have a close history. CyberRatings.org is a non-profit, 501(c)6 membership. It’s funded by memberships, published test reports sold from its website, and corporate donations. It was formed by Phatak (Founder, CEO and Board Member), Main (Co-Founder, President and Board Member), and Carma Austin (Co-Founder , Executive Vice President and Board Member). Peter Armstrong serves as an Independent Board Member.

NSS Labs LLC will be wholly operated by its senior partners and executive team: In addition to Phatak, Main, and Foo, it includes Austin (Chief Strategy Officer); Tim Otto (Vice President of Test Operations); and Thomas Skybakmoen (Vice President of Research).

NSS Labs will contribute to CyberRatings.org by developing test methodologies, authoring both individual and comparative reports, and producing educational and thought leadership content for the broader cybersecurity community. It’s also launching an expanded product portfolio, which includes the following:

  • Interactive, Data-Driven Tools: Stakeholders can engage with test data through intuitive interfaces, enabling real-time comparison and deeper insights into product performance.
  • Expanded Testing Portfolio: Beyond traditional technologies like enterprise firewalls and SD-WAN, NSS Labs now evaluates advanced solutions such as AI/ML-powered tools, ransomware defenses, and post-quantum cryptographic systems.
  • Tailored Services by Audience: Purpose-built programs for enterprises, vendors, and service providers combine transparency, speed, and rigorous technical validation.

Futuriom Take: The resurgence of NSS Labs 2.0 is an exciting opportunity for the cybersecurity and networking industry, which is thirsty for independent testing and validation.



Trending Articles