2012 SC Awards U.S. [SC Magazine]
By Anonymous | |
Proquest LLC |
The Judges
CO-CHAIR
VP, editorial director,
CO-CHAIR
principal,
CO-CHAIR
VP, IT risk management and architecture services,
Rebecca Bace
president and CEO, Infi del
VP and CISO,
VP risk management & CSO,
CEO, The CSO Board
VP - information and communication technology,
CISO and VP,
director of analysis, Team Cymru
partner,
global CISO,
Stephen Fridakis
senior IT offi cer - IT security, FAO (
CISO,
chief, information security & ePrivacy,
André Gold
VP and CISO,
VP and global internal audit services, IT,
VP, information security and privacy,
CSO,
senior security program manager,
president and founder,
CSO, state of
CEO,
CISO,
VP & CSO,
CISO,
The Sponsors
HP Enterprise Security
HP is a leading provider of security and compliance solutions for enterprises that want to mitigate risk in their hybrid environments.
A global cloud security leader, creates a world safe for exchanging digital information with its content security and threat management solutions.
IBM
IBM's security portfolio provides the security intelligence to help organizations holistically protect its people, infrastructure, data and applications.
RSA
RSA is a provider of security, risk and compliance solutions, helping organizations succeed by solving their most sensitive security challenges.
A leader in security, storage and systems management solutions to help secure and manage information and identities.
Developed a unifi ed security monitoring approach based on the Nessus scanner engine for securing enterprise networks worldwide.
BEST ANTI-MALWARE GATEWAY
WINNER
Cisco Web Security enables organizations to capture the potential of the web as a collaboration and productivity tool while mitigating risks and protecting users from malware delivered via the web while enforcing acceptable use and data security policies, according to the company.
A multilayer threat defense protects users from malware. Web Reputation and Outbreak Intelligence combined with anti-malware engines, provide protection and accuracy against zero-hour threats.
As well, application controls provide visibility and granular controls over Web 2.0 and social networking apps. Reporting and tracking ensure that customers have in-depth visibility and forensics.
Integration with
Additionally, choice of appliance, cloud and hybrid deployments provide customers with fl exibility to meet the specifi c needs of their organization.
Cisco Security Intelligence Operations (SIO) gathers telemetry from 700,000-plus sensors and 600-plus third-party threat intelligence feeds. Cisco SIO delivers web reputation, stopping more than 70 percent of malicious transactions, as well as Outbreak Intelligence, a content-based zero-day threat detection technology. Cisco SIO technology is layered on top of multiple thirdparty anti-malware signature scanners to provide 35 percent better threat detection than any single engine, according to the company.
Finalists 2012
*
* McAfee for McAfee Web Protection
*
*
*
BEST ANTI-MALWARE MANAGEMENT
WINNER
With the rise of high-profi le hackers, 2011 has proven to be one of the biggest years for cyber attacks that the online community has ever seen, reaffi rming the need for proactive security solutions.
In addition to anti-malware protection, the product includes anti-spyware, personal fi rewall, anti-spam, host-based intrusion prevention and internet security training. These features work together to provide maximum protection for a complete computing experience.
The
Overall, for the customer, security is not about collecting data, but rather about separating the wheat from the chaff so their IT staff can take action to mitigate risks.
Finalists 2012
* Bit9 for Bit9 Parity Suite
*
*
* IBM for IBM Tivoli Endpoint Manager
*
BEST CLOUD COMPUTING SECURITY
WINNER
IBM for IBM Cloud Security Solutions
IBM's cloud security solutions span multiple domains including risk and compliance, application and data security, physical and logical infrastructure security and identity and access management. Taking into account unique challenges of cloud computing - like multitenancy, virtualization, rapid provisioning and federated identities - IBM has designed security solutions specifi c to the cloud. Additionally, it has adapted other offerings to meet cloud security needs, including cloud security strategy and assessment services for the development of cloud strategy based on business goals, security requirements and best practices; professional security services for the assessment and penetration testing of cloud applications and infrastructures, assessment and design of identity management controls, cloud based risk/compliance assessment, and policy management; host and network intrusion prevention solutions for the protection of networks and hosts within the cloud infrastructure from attack or misuse; and managed security services, which reduces costs, improves cloud security and assists with compliance through outsourcing management to IBM experts, according to the company.
IBM's history coupled with experience in developing and delivering its own cloud solutions, such as SmartCloud Enterprise, Lotus Live, and more, are big differentiators, the company says.
Its cloud capabilities span all security domains with the ability to deliver security end-to-end - from strategy and design, to implementation and management, to assessment and continuous monitoring.
Finalists 2012
* IBM for IBM Cloud Security Solutions
* McAfee for McAfee Cloud Security Platform
*
*
*
BEST COMPUTER FORENSIC TOOL
WINNER
RSA for RSA NetWitness 9.6
By performing full-packet capture and session recreation, RSA NetWitness provides network forensics and situational awareness for organizations.
The information security market faces two major problems. First, the vast majority of innovation is narrowly focused on chasing the latest threats, not broader risk profi les. Second, merger and acquisition and threat research plug together disparate, proprietary systems and sources, perpetuating a closed model, while the criminal community benefi ts from widely shared technologies, techniques and resources. Additionally, with nearly 100,000 new malware samples discovered daily, the ability for cyber adversaries to quickly adapt has rendered signature-dependent malware defenses obsolete. It also severely challenges the effi cacy of newer approaches that still look exclusively for "bad," based on previous attacks. This leaves a world of activity with little scrutiny - which malicious actors exploit with great success. NetWitness changes the game by allowing organizations to know everything.
Numerous security software makers have realized the signifi cant fi nancial value of the software solution produced at NetWitness, and are attempting to retool their traditional products to compete, according to the company. Although many of these vendors may have the ability to capture network traffi c, none have demonstrated any capability whatsoever to perform in-depth applicationlayer analysis, particularly of an automated and real-time nature. Ultimate value to an enterprise requires pervasive adoption of a solution - not just the purchase of one or two network appliances.
Finalists 2012
*
*
*
*
* RSA for RSA NetWitness 9.6
BEST DATABASE SECURITY SOLUTION
WINNER
McAfee for McAfee Database Security
Enterprises store their most sensitive information in databases - yet breaches announced almost weekly tell us that perimeter protection and the basic security that comes with these systems is not enough. McAfee's database security solutions include vulnerability assessment, comprehensive audit and database activity monitoring, virtual patching with real-time intrusion prevention, integrity monitoring/change control and end-user accountability.
By implementing the McAfee database security solutions, customers gain visibility into where their databases are, which ones contain sensitive information, and how secure they are, as well as comprehensive protection against all database threats. Out-of-the-box templates and reports for PCI-DSS, HIPAA/HITECH, Sarbanes-
By delivering a complete family of products, fully integrated through McAfee ePolicy Orchestrator's dashboard, McAfee simplifi es the deployment and monitoring of the security infrastructure. McAfee Vulnerability Manager for Databases provides comprehensive testing, with more than 4,000 checks of potential weaknesses across the most popular database platforms. McAfee Database Activity Monitoring requires no changes to the database itself, and no confi guration changes to the network, and yet can provide real-time alerting or session termination with minimal overhead, according to the company.
Finalists 2012
* Application Security for DbProtect
* BeyondTrust for PowerBroker Database
* IBM for IBM InfoSphere Guardium
* Idera for Idera SQL Secure
* McAfee for McAfee Database Security
*
BEST DATA LEAKAGE PREVENTION (DLP)
WINNER
Symantec Data Loss Prevention delivers a unifi ed solution to discover, monitor and protect confi dential data wherever it is stored or used.
In order to protect their IP, organizations must know where it is. This has been a challenge for organizations because IP is spread out across the enterprise and there can be subtle differences between what is sensitive and what is not, so fi nding it is timeconsuming and costly.
Symantec Data Loss Prevention 11 is the current version of
Finalists 2012
*
* NextLabs for NextLabs Enterprise Data Protection
*
* Trustwave for Trustwave DLP
*
BEST EMAIL CONTENT MANAGEMENT
WINNER
An increasingly complex regulatory environment, a heightened awareness of data leakage risks, and a rising tide of increasingly malicious and hard-to-detect email threats this past year has heightened enterprise concerns around email content management. These concerns are driving increased demand for both inbound and outbound email security solutions. Proofpoint Enterprise addresses this market with a solution that delivers unifi ed inbound/ outbound email security, data leakage prevention and email encryption features, according to the company. The solution is designed to meet the security and performance demands of even the largest enterprises, and
Finalists 2012
*
*
*
*
*
BEST EMAIL SECURITY
WINNER
Astaro Security Gateway offers complete UTM protection, and can be installed as either hardware, software or a virtual appliance. For more sophisticated deployment scenarios, the company offers additional Gateway Accessories that enable new functionality for the gateway.
The Astaro Security Gateway uses a combination of antispam, encryption and anti-virus scanning, such as a reputation service with spam outbreak detection, recipient verifi cation, reverse-DNS and
Version 8.2 of Astaro Security Gateway includes several new features, including application control, log management and several other enhancements. These improvements will help organizations protect their network from modern threats, according to the company. It simplifi es security by making it easy to deploy and manage while still being powerful enough to protect against email, web, network and web app threats, as well as wireless security.
Astaro says it is the only
Finalists 2012
*
*
* McAfee for McAfee Email Protection
*
*
*
BEST ENTERPRISE FIREWALL
WINNER
Barracuda NG Firewall enables customers to take full control over their entire network by integrating Layer 7 application control of rogue applications with full integrated user awareness. The solution optimizes network traffi c fl ow via intelligent adaptive WAN routing, while extending security and application control to every location - be it small offi ces or large headquarters. Further, it provides integrated easy-to-manage and full-featured network access control (NAC), and saves considerably on management overhead via complete, scalable and centralized management of all functions and lifecycle that was built in, according to the company.
While most of these features would be available via the deployment of individual point products, the combined benefi ts - such as vastly reduced administrative overhead, a stabilized network, and a consistent security posture across the whole network - are now available with the Barracuda NG Firewall.
The platform has early development roots not only in centralized confi guration, policy and reporting, but also in site-to-site WAN traffi c management capabilities. The Barracuda NG Firewall is designed to optimize both the availability and performance of the WAN, with lower administrative overhead than competing solutions.
Combined with its unique capabilities for large-scale centralized management and intelligent traffi c management for site-to-site WAN connectivity, the Barracuda NG Firewall is one of the most advanced solutions of its kind at any price.
Finalists 2012
*
*
*
* McAfee for McAfee Firewall Enterprise
* Palo Alto Networks for Palo Alto Networks PA-5000 Series
BEST FRAUD PREVENTION
WINNER
IronKey for IronKey Trusted Access
IronKey's Trusted Access enables banks to provide their customers with a secure browsing solution for online banking and e-commerce that keeps customers safe on their own PCs, even if they are infested with fi nancial malware. It prevents online fraud by innovating in three layers of technology: a secure portable device, virtualization and a cloud-based secure network.
With Trusted Access, banks deliver to clients a customized, secure web browser protected in a fully virtualized, readonly environment tailored to work exclusively with IronKey's Trusted Network and the bank's systems to protect online banking sessions from known and unknown crimeware. It also offers Trusted Bookmarks, a safe way to access websites by using a "whitelist" managed by the bank. When shopping online, the service assures customers that they are accessing an authentic site and that payments are not being monitored or tampered with, according to the company.
Trusted Access protects online banking even if the client's computer is infected with the latest zero-day attack that would go undetected by anti-virus and other software. Anti-virus and fi rewalls cannot detect and stop new criminal attacks not seen before, so cyber thieves create new attacks to stay ahead of security tool updates. And, today the detection rate for new malware is less than 30 percent, according to spyeyetracker.abuse.ch.
IronKey delivers a complete secure browser application that is a read-only virtualized environment with its own encrypted keyboard driver. This architecture keeps it isolated from any malware on the host PC.
Finalists 2012
*
* Entrust for Entrust TransactionGuard
* Guardian Analytics for FraudMAP
* IronKey for IronKey Trusted Access
* Trustwave for Trustwave Fraud Prevention
BEST IDENTITY MANAGEMENT APPLICATION
WINNER
As organizations move through the process of hiring, transferring, acquiring and/or restructuring, it is diffi cult to keep track of ever-changing users and the access they have to business applications. With pressures to improve operational effi ciencies, reduce costs, mitigate risks and ease compliance, IT organizations are challenged to limit access based on users' business roles over time. This includes removal when users leave, effi ciently managing users' fl uctuating access needs, and validating appropriate access to address compliance requirements.
CA Identity Manager enables organizations to improve business effi ciency, security and compliance by governing and automating identity lifecycle processes, while adopting the next-generation technologies that help make IT fl exible and business more agile.
Scalability and depth of experience is evident in CA Identity Manager with implementations around the globe - all who require advanced capabilities, such as multilevel delegated administration, web services access and scalability to hundreds of millions.
CA Identity Manager also offers customization without coding for fast time to value. It offers visual tools and wizards to set up and change business policies, workfl ow and system connections in hours instead of weeks, advanced analytics to build a role model, and connectivity to a wide range of platforms and applications.
Finalists 2012
*
*
* IBM for IBM Tivoli Identity and Access Assurance
*
*
BEST IPS/IDS PRODUCT
WINNER
Today's threat landscape is dynamic, evolving and includes organized groups creating sophisticated attacks that specifi cally target the security weaknesses of their business target. Enterprises want to protect their business against the multitude of threats while simplifying their security deployment and reducing costs.
The Check Point IPS Software Blade provides complete, integrated, next-generation fi rewall intrusion prevention capabilities at multi-gigabit speeds, resulting in IPS security and performance. The IPS Software Blade provides complete threat coverage for clients, servers, OS and other vulnerabilities, malware/worm infections, and more. The Multi-Tier Threat Detection Engine combines signatures, protocol validation, anomaly detection, behavioral analysis, and other methods, including identity and application awareness, to provide the highest levels of network IPS protection, according to the company. By fi ltering 90 percent of incoming traffi c without requiring deep inspection, the IPS engine inspects for attacks only on relevant sections of the traffi c, thus reducing overhead and increasing accuracy.
The Check Point Software Blade Architecture and the IPS Software Blade help customers increase their security, reduce their security complexity, while also reducing security costs.
The business and technical advantages include unmatched fl exibility and expandability. The Software Blade Architecture and the IPS Software Blade allows customers to deploy more security, while simplifying their environment and reducing costs, according to the company.
Finalists 2012
*
*
* HP Enterprise Security for HP TippingPoint S6100N Intrusion Prevention System
* McAfee for McAfee Network Security Platform
* Sourcefi re for Sourcefi re IPS
BEST IPSEC/SSL VPN
WINNER
Over the past several years, the workforce has become increasingly mobile, requiring anywhere/anytime access to the corporate network using a broad range of mobile devices. This has led to an era of "bring your own device" (BYOD), where employees at all levels are using their phones, tablets, laptops and other consumer devices to access the corporate network - with an expectation that IT will support them.
And since many of these devices are owned by the individual, IT has no control over what resides on the device, and it has little-to-no insight into the security posture of the device, prior to connection.
Cisco AnyConnect Secure Mobility Solution addresses these challenges by providing users with secure remote access to the corporate network using their device of choice, regardless of their physical location, to easily and securely use the applications and information they need to do their jobs.
Cisco AnyConnect Secure Mobility scales to 5 Gbps of VPN throughput or 100,000 users leveraging Cisco ASA security appliances, or Cisco ASR or ISR routers, for comprehensive secure connectivity. In addition, AnyConnect uses Cisco Ironport Web Security Appliances or Cisco ScanSafe in the cloud to integrate web security.
Always-on connectivity and the intelligence of AnyConnect automatically selects the most optimal network access and adapts its tunneling protocol, even accommodating latency sensitive traffi c. This keeps mobile workers effi cient and productive as they roam between locations, according to the company.
Finalists 2012
* Certes Networks for TrustNet Manager
*
*
* NCP Engineering for NCP Secure Enterprise Solution
*
BEST MANAGED SECURITY SERVICE
WINNER
Dell
Dell
To meet organizations' requests for fl exible security solutions, Dell SecureWorks delivers a wide range of services and integrated options, including full outsourcing, co-management, monitoring and reporting only, and ondemand software-as-a-service. Its proprietary, purpose-built security platform enables them to fi lter, correlate and analyze more than 15 billion events across its customer base every day. That, coupled with the company's Counter Threat Unit research team, a team of well-trained and certifi ed security experts, provide leading customer service, support and protection.
Ranked as a leader in managed security services by both
Dell
Finalists 2012
* Dell SecureWorks for Best Managed Security Service
* IBM for IBM Managed Security Services
*
*
*
BEST MOBILE/PORTABLE DEVICE SECURITY
WINNER
Information security professionals face considerable challenges protecting information on mobile computing devices, such as laptops and removable storage. In order to ensure that a lost or stolen device does not lead to unauthorized access to information, it is imperative to encrypt the data.
PGP Whole Disk Encryption from
PGP Whole Disk Encryption works together with a range of encryption solutions from
Further, strong management tools offer key management, and consolidated security management console with Symantec Protection Center.
The tool provides advanced support for
In addition, it provides validations/certifi cations with the toughest cryptographic and security standards, including EAL 4-plus, FIPS 140-2, plus DIPCOG approved and CAPS approved.
Finalists 2012
* Good Technology for Good for Enterprise
* IronKey for IronKey Trusted Access
* McAfee for McAfee Enterprise Mobility Management
*
*
BEST MULTIFACTOR PRODUCT
WINNER
Entrust for Entrust IdentityGuard
Entrust IdentityGuard enables organizations to implement strong authentication to employees, partner, contractors and authorized third parties - and only when it makes sense.
It offers one of the widest ranges of strong authentication options on the market today, which includes physical or non-physical approaches, and can be transparent to users or take advantage of existing mobile devices, according to the company.
It represents a more affordable approach to deploying a wide range of authentication capabilities at a fraction of the cost of traditional, singlepurpose solutions.
It provides fl exibility to tailor authentication to user preference, transaction risk and cost. And, it minimizes user impact, enabling a choice of authentication methods, only performing authentication when needed to reduce risk.
Entrust IdentityGuard Mobile helps enterprises strongly authenticate endusers without requiring specialized security hardware, such as one-time-passcode (OTP) hardware tokens.
Effi cient and non-invasive for end-users, the solution is an award-winning strong authentication tool that is affordable for wide-scale enterprise deployment. The platform, which offers one of the widest ranges of authenticators on the market, easily integrates with existing environments and minimizes the impact of security on employees, customers and partners.
As well, the platform approach allows customer to deploy a range of different authenticators based on the unique requirements of various user communities.
Finalists 2012
*
* Entrust for Entrust IdentityGuard
* IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On
*
*
BEST NAC PRODUCT
WINNER
ForeScout Technologies for ForeScout CounterACT
The ForeScout Counter- ACT NAC solution is easy, integrated, interoperable and automated - delivering real-time visibility and broad control over all users, devices, OSs and applications before appropriate access to network resources is granted - without requiring agents and using existing infrastructure. ForeScout's network-based NAC delivers rich user and device classifi cation and built-in and extensible policies to determine who the user is (and what directory group association), what is the device, what is the confi guration and security posture of the device (active and current client security, patches, approved software, and more), as well as when and what network resources are being requested. Available as a scalable appliance or virtual appliance family, CounterACT's built-in advanced device classifi cation, infrastructure plugs-ins, 802.1x support, policies, gust registration, actions, remediation and reporting address evolve NAC requirements and accelerate time-to-value, according to the company.
CounterACT offers rich network access control, guest networking, endpoint compliance, mobile security, remediation and reporting.
It is fully integrated and interoperable, supporting the majority of network and infrastructure. It does not require multiple components to manage, or predefi ned knowledge of the endpoint. As well, there is no need to change or update network or endpoint devices, to deploy agents, nor manage 802.1x devices.
CounterACT offers robust network discovery and automated device classifi cation with rich device fi ngerprinting.
Finalists 2012
*
*
* ForeScout Technologies for ForeScout CounterACT
* McAfee for McAfee NAC
BEST POLICY MANAGEMENT SOLUTION
WINNER
Tripwire Enterprise 8.1 is a security confi guration management suite whose solutions work as standalone offerings or in tight integration to prevent, detect and correct issues affecting IT system integrity. It assesses confi gurations against relevant security policies and standards, detects fi le or confi guration changes that can impact system integrity, and corrects noncompliant confi gurations. The Compliance Policy Manager in Tripwire Enterprise helps customers meet the numerous security standards and regulations with which organizations must maintain continuous compliance, from PCI to SOX to in-house security requirements. Each policy assesses confi gurations against these standards, which are security best practices taken from more than 20 different recognized sources, such as the
Further, Tripwire Enterprise's agent-based Policy Manager can continually assess IT confi gurations against scores of policies and standards, platforms, hardware types and devices, removing the "uncertainty gap" that comes with periodic, external mega-scans.
And, because Tripwire Enterprise's Policy Manager is integrated "out of the box" with its File Integrity Manager, Tripwire Enterprise has the ability to re-test confi guration settings based on detected changes, and provide truly "continuous" monitoring.
Finalists 2012
*
* McAfee for McAfee ePolicy Orchestrator
*
*
*
BEST SECURITY INFORMATION/EVENT MANAGEMENT (SIEM) APPLIANCE
WINNER
HP for HP ArcSight Express
HP ArcSight Express combines SIEM, log management and user activity monitoring on a single appliance, moving beyond perimeter security to monitor what truly matters to HP ArcSight customers, according to the company.
It collects from any data source, consolidates the information for maximum storage effi ciency, and correlates the events in multiple dimensions, including, identity, vulnerability, asset, time, statistical calculations, pattern, and other events to detect the advanced threats that organizations face in a post-perimeter world.
ArcSight Express does three things: data collection, consolidation and correlation. It supports data collection from more than 300 commercial and open source products, and has a "fl ex" connector architecture that is used by customers to connect to thousands more data sources to establish full visibility into their environments. All of the connectors are virtualization and cloud ready.
The tool's consolidation architecture provides 10:1 compression of all events, signifi cantly increasing the data that can be monitored and stored on a single appliance. As attacks gestate over longer periods of time and compliance requirements tighten, this functionality is critical to helping customers stay secure and compliant, according to the company.
HP ArcSight Express can pull information from directories and identity management systems and use that data to monitor user activity, even when logs show an IP address or shared account credentials, according to the company.
Finalists 2012
* HP for ArcSight Express
* IBM for IBM Hosted Security Event and Log Management
*
*
*
BEST UTM
WINNER
The FortiGate-60C multithreat security appliance offers unmatched performance, fl exibility and security for remote, branch or small offi ce networks. The tool integrates fi rewall, IPsec and SSL VPN, anti-virus, anti-spam, intrusion prevention, web fi ltering, data leakage prevention (DLP), application control, SSL inspection, endpoint NAC and vulnerability management into a single device at a single price. And, dynamic threat updates are provided by
The appliance couples highperformance hardware with an internal data storage and innovative expansion options, such as wireless broadband support, in one appliance. It is
No other device in its price range offers the speed (1Gbps fi rewall throughput), breadth and depth of protection (FortiGuard) as the FortiGate-60C, according to the company. Custom processors maximize throughput with one or multiple security services - blocking unauthorized access and eliminating unwanted traffi c or threatening attacks. Virtual Domains (VDOMs) enable a single FortiGate-60C to function as multiple independent virtual FortiGate systems, enabling multiple uses for a variety of applications and user access with different policies on one box. Each VDOM contains its own virtual interfaces, security profi les, routing table and administration.
Finally, the FortiASIC processors in the FortiGate-60C allow organizations to deploy unifi ed threat management functionality without sacrifi cing network performance.
Finalists 2012
*
*
*
*
*
BEST VULNERABILITY MANAGEMENT TOOL
WINNER
Rapid7 for NeXpose Enterprise
As the number of attacks and vulnerabilities continue to rise, security professionals need real security risk intelligence to help them prioritize threats and remediate the greatest risks fi rst. Rapid7's web-based vulnerability management product, NeXpose, leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases and web applications.
NeXpose manages the entire vulnerability management lifecycle, including discovery, detection, verifi cation, risk classifi cation, impact analysis, reporting and mitigation. Risk is classifi ed based on real exploit intelligence combined with industry standard metrics, such as CVSS, as well as temporal and weighted risk scoring. NeXpose provides a detailed, sequenced remediation roadmap with time estimates for each task. NeXpose is used to help organizations improve their overall risk posture and security readiness, as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH Act, FISMA, Sarbanes-Oxley and NERC CIP.
NeXpose's unique capabilities for complex IT environments earned the highest possible ratings for vulnerability management from both
Finalists 2012
* McAfee for McAfee Vulnerability Manager
*
* Rapid7 for NeXpose Enterprise
* Skybox Security for Skybox View Enterprise Suite
*
BEST WEB APPLICATION FIREWALL
WINNER
While small and midsized businesses (SMBs) have little option but to adopt Web 2.0 and use apps served up as SaaS or cloud solutions, they often lack the inhouse capabilities necessary to keep up with rapidly evolving web security challenges. As a result, web applications are increasingly becoming targets for criminal attacks - like SQL injection, cross-site scripting and cookie tampering, as well as credit card theft.
The SonicWALL Web Application Firewall Service offers a complete, affordable, easy to manage and deploy, out-of-the-box compliance solution for businesses and managed services providers that protects web applications against a relentless barrage of threats and attacks, according to the company.
The Web Application Firewall feature set demonstrates the company's ability to offer key enterprise options to small offi ce/home offi ce and SMB customers. The offering is available across
Finalists 2012
*
* IBM for IBM Security Network Intrusion Prevention System
*
*
*
BEST WEB CONTENT MANAGEMENT PRODUCT
WINNER
With more social networks, an increasingly mobile workforce and sophisticated modern malware, many companies are rolling out Websense Web Security Gateway Anywhere (WSGA). It combines onsite appliances with cloud security services to provide web content management to users onsite or remote. It also features a common console and easy single-policy deployment. Unique to WSGA is integrated data theft protection, real-time content classifi cation, real-time security classifi cations, and the ACE (Advanced Classifi cation Engine) defense architecture that uses patented algorithms to detect web threats and data theft. Further, the ACE protects against malicious scripts and zero-day threats that circumvent anti-virus products. ACE analyzes web traffi c in real-time, categorizing dynamic social web content/ threats, plus preventing data theft. ACE and Websense ThreatSeeker inspect three to fi ve billion pieces of content from more than 50 million sources daily.
Proactive social web content analytics/controls enable policies for social media sites to address detailed functional controls. Additional functionalities address viral videos, put quotas on surveillance or entertainment videos, and limit access to sites using dynamic DNS.
Websense Web Security Gateway provides a single management console and a single policy that manages appliance and cloud/SaaS defenses for users in the offi ce or remotely. This is part of the TRITON solution that unifi es web, email and data security across both on-premise and cloud platforms for a lower cost, according to
Finalists 2012
*
*
* McAfee for McAfee Web Protection
*
*
Excellence Awards
BEST REGULATORY COMPLIANCE SOLUTION
WINNER
Agiliance for Agiliance RiskVision with Agiliance Compliance Manager Application
Between 2007 and 2010, Agiliance's success contributed to a 4,909 percent revenue growth rate, according to the company. And, in 2010, grew more than 100 percent year-over-year - well above the governance, risk and compliance (GRC) market growth rate. Based on its growth, Agiliance was listed as number one security software company, number one GRC software company and number 39 fastest-growing private company in America on the 2011 Inc. 500 annual rankings.
Around seventy-fi ve percent of Agiliance customers are Global 2000 enterprises, spanning a number of verticals. such as fi nancial services, government, health care, technology, and retail.
As well, its customer loyalty is strong with nearly 100 percent retention rate. More than 70 percent of customers license multiple applications, and more than 35 percent of customers are repeat buyers.
Agiliance's commitment to making risks visible, measurable and actionable extends beyond delivering comprehensive GRC solutions. Agiliance offers a variety of services - from training and implementation to ongoing architecture assessment. Also, its highly trained customer services team delivers consulting services for project planning and analysis, implementation, onsite and remote training, and custom development, according to the company. Its support programs maximize the performance and availability of mission-critical GRC resources, including the provisioning of technical support (via telephone, web portal or email), as well as maintenance.
Finalists 2012
* Agiliance for Agiliance RiskVision with Agiliance Compliance Manager Application
* eEye Digital Security for Retina CS & Regulatory Reporting Packs
* Modulo for Modulo Risk Manager NG
*
*
Excellence Awards
BEST ENTERPRISE SECURITY SOLUTION
WINNER
Since entering the appliance space,
Billings for Websense Tritonbased gateways increased more than 200 percent year over year in Q2 2011, according to
All customers receive specialized assistance from technical support engineers in centers worldwide, which regularly average 8.91 (out of 10) in industry surveys. Offerings include Standard, Premium (unlimited 24/7) and Mission Critical (fastest, designated account manager). In fact, the company's customer support recently won the
"I've worked with many different vendors where it was hard to get a hold of anybody to get a question answered and fi nd people to help us with our problem," says
Finalists 2012
* Sourcefi re for Sourcefi re IPS
*
*
*
* WhiteHat Security for
Excellence Awards
BEST SME SECURITY SOLUTION
WINNER
QualysGuard Express is used by more than 3,800 small and medium enterprise (SME) organizations around the world as an on-demand solution that automates the process of identifying security vulnerabilities, tracking remediation and meeting regulatory compliance requirements, according to the company. QualysGuard Express has fl ourished in the SME space due to its ease of use and ability for customers to show immediate ROI through time and money savings. Whereas IT security and compliance was seen as a complex, costly task, QualysGuard Express makes it possible for any sized company to have an affordable best-ofbreed solution for security and compliance, protecting both company and customer data. The cost is typically 50 to 90 percent lower than enterprise software solutions, and product training, service and support are included.
QualysGuard Express includes free service and support - 24/7 by telephone, email or the web. The company's technical support also offers free product training, including web-based and online customer and technical training, certifi cation workshops, and access to annual and regional user conferences.
Its customers get automated testing of the platform, and continuous updates and enhancements of vulnerability signatures without the need for customer initiation. As well, if a false positive is reported, it is investigated immediately. Signatures are updated and automatically released to QualysGuard platform within 72 hours.
Finalists 2012
* eEye Digital Security for Retina CS
*
* Rapid7 for Metasploit Pro
*
*
Excellence Awards
ROOKIE SECURITY COMPANY OF THE YEAR
WINNER
eCert
eCert's offerings include its Email Protection Identity Cert (EPIC) and the FS-ISAC and BITS Trusted Email Registry. Launched in
eCert offers 24/7/365 enterprise support for its clients. Customer service includes complete deployment, testing and support services to members. This includes relationship and legal management with receivers (ISPs), project management, authentication and service deployment consulting, tools, data and threat analysis, trend reporting and metrics.
The company regularly hosts industry summits with leading fi nancial institution partners, internet service provider (ISP) and security partners to develop an ongoing roadmap to protect services for online communications, too. eCert hosts these summits every three months to ensure that all relevant, critical and topical issues in the industry are being addressed, according to eCert.
To improve online communications and restore trust and safety to email, in 2011, eCert donated its intellectual property and key specifi cations for the development of open industry standards to promote a scalable, industry-wide email security solution.
Finalists 2012
* CloudLock
* Dome9
* eCert
* Invincea
*
Excellence Awards
BEST SECURITY COMPANY
WINNER
It is investing signifi cantly in the delivery of next-generation threat detection and response through MCIRT, the
As well, clients and other industry end-users benefi t from
Finalists 2012
* Core Security Technologies
*
* McAfee
*
* Trustwave
Professional Awards
BEST SECURITY TEAM
WINNER
In
Staff is largely co-located and the workforce is integrating across risk disciplines. The ESG provides situational awareness briefs at regular board meetings, plays an active role in the risk management process, provides frequent consultations at the highest levels of executive management, and executes innovative visible and behind-thescenes programs and projects to reduce risk. As a result, the ESG enjoys strong support from all levels in the company.
In addition, the ESG has earned the trust and confi dence of corporate leaders and colleagues who rely on information intelligence, security operations and protection services to run their businesses without disruption. Examples include: operating an operations center; developing a fi ve-year strategy; deploying new member and employee information capabilities; delivering new ATM and fi nancial center security; issuing daily threat reports with USAAcustomized impact statements; developing and using a threat rating methodology to assess physical threats in countries/ cities; and recognizing individuals and teams for innovation implementations.
Finalists 2012
* Afl ac
*
*
*
*
Professional Awards
BEST PROFESSIONAL CERTIFICATION PROGRAM
WINNER
(ISC)2 Certifi ed Information Systems Security Professional (CISSP)
Touted as the gold standard of information security certifi cations, the rigorous Certifi ed Information Systems Security Professional (CISSP) was the fi rst information security certifi cation accredited to ISO/IEC Standard 17024. The CISSP is a globally recognized standard of achievement and provides an objective measure of mastery. It requires at least fi ve cumulative years of direct, full-time work experience in two or more of the 10 domains of the CISSP common body of knowledge (CBK), or four years of work experience and a four-year college degree or a master's degree in information security. Seasoned subject matter experts update exam content quarterly. Further, CISSP holders are required to obtain 120 continuing professional education (CPE) credits every three years, with a minimum of 20 quality CPEs posted during each year of the cycle.
The CISSP is often a requirement for jobs in the public/private sectors worldwide. A CISSP candidate must demonstrate a breadth of knowledge and experience and understand the full spectrum of the (ISC)2 CBK. In addition to the required fi ve years of relevant work experience in two or more of the 10 CBK domains, CISSPs must also adhere to the (ISC)2 code of ethics, be endorsed by a current (ISC)2 member, and undergo continuing education to keep the certifi cation current. By meeting these requirements, employers can rest assured that when they hire a pro who holds the CISSP, that person has demonstrated comprehension of industry best practices, made an investment in the fi eld, and a commitment to ethical conduct.
Finalists 2012
*
* (ISC)2 for Certifi ed Information Systems Security Professional (CISSP)
* (ISC)2 for Certifi ed Secure Software Lifecycle Professional (CSSLP)
* Global Information Assurance Certifi cation Program (GIAC) GIAC Security Expert (GSE)
* Global Information Assurance Certifi cation Program (GIAC) GIAC Certifi ed Web Application Penetration Tester (GWAPT)
Professional Awards
BEST PROFESSIONAL TRAINING PROGRAM
WINNER
SANS Institute
SANS also features a variety of free resources for security professionals: The Internet Storm Center is a free analysis and warning service for internet users and organizations. Additionally, the
According to SANS, it differs from other training programs in four important ways: course content, instructors, methods of delivery and commitment to the community. Most importantly, it also promises immediate practical application: "You will be able to put what you learn into practice the day you return to the offi ce."
SANS authors and instructors are authors of best-selling information security books, as well as course authors. They also are quoted in the media and information-security-related articles for publications and websites.
Overall, SANS courses empower students with the knowledge they need to protect their systems and data
Finalists 2012
*
* (ISC)2 for (ISC)2 Information Security Education and Certifi cation
*
*
* Secure Ninja
* Security Innovation for TeamProfessor and TeamMentor
Professional Awards
CSO OF THE YEAR
WINNER
As a strong proponent of knowledge management, he continuously looks for best practices in IT security and applies these to the global environment in an effective and effi cient manner, according to Experian. Scharf strives constantly to stay updated on the latest security threats facing the industry, and consistently shares this knowledge with his team - integrating it into team building, cross-training among various business groups, and problem solving - and leverages feedback from the team with the broader organization to ensure security goals are aligning with business needs.
Scharf's motto is to "treat security as a partnership." IT security is intimately involved in every part of Experian's operations. As a result, he works closely with all areas of the business - from developers and engineers to his colleagues in IT and the executive team - and dedicates himself to understanding their concerns.
Scharf is steadfast on remaining cognizant of everything across the security portfolio - from users on the network, application security, viruses and more - and works with the executive and IT teams to create a solution that benefi ts all aspects, while maintaining the focus on overall business needs.
Finalists 2012
*
*
*
*
*
Professional Awards
EDITOR'S CHOICE
WINNER
Five companies win Phase One funding, which totals about
Some rookie companies actually prefer to deal with government rather than seek support from angel or private investors. "Not all small entrepreneurs know how to navigate the venture landscape," Maughan says.
He adds that the program,
And there have been numerous HSARPA success stories. Since 2004, SBIR has provided Phase Two funding rounds for 22 companies, resulting in eight commercial products currently available. Three of the winning fi rms have carried their maturity all the way to acquisition.
Maughan points to an eightemployee business, Komoku, founded in 2004. The fi rm, which sprung out of the
"By the time we hit 2007, malware was very prevalent, and they were being courted by McAfee,
Beyond leading the charge to make certain that innovation doesn't die, Maughan's team is involved with a number of other initiatives.
His department is the sponsor and driving force behind the HOST program, whose mission is to investigate open security methods, models and technologies and identify viable and sustainable approaches that support national cyber security objectives. To achieve this mission, HOST is leading efforts of discovery, collaboration and seeding development in open source software and practices that produce a measurable impact.
During 2011, DHS S&T released "Mobile Device Forensics," to support research and development by small business to support law enforcement requirements.
As well, Maughan's team at DHS supported the development and release of Trustworthy Cyberspace: Strategic Plan for the
No matter what the drivers,
The goal of the alliance is to "accelerate the deployment of network test beds for specifi c use cases that strengthen the resiliency, security, integrity and usability of fi nancial services and other critical infrastructures' functions, processes and people," according to blog post written by federal CTO
Copyright: | (c) 2012 Haymarket Media, Inc. |
Wordcount: | 9980 |
Rutherfoord processes 1 million transactions in Applied Systems CSR24
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News