I always am on the prowl for new and creative ways of testing and analyzing the confidentiality, integrity and availability of our enterprises and the devices that populate them.

Sometimes you run across a company that just deserves to be selected as an innova­tor. You look them over and won­der why you didn't pick up on them before. Mandiant is one of those companies. There is a reason, of course. Mandiant started as a services company providing forensics, litigation support and incident response. So if you were in the product purchasing mood, you would not have run across these folks.

ArcSight gets a lot of play among security experts in the security event management (SEM)/security information manager (SIM) game.

How do you differentiate a product that keeps getting mixed up with a commod­itized market, but really doesn't belong there? What differentiators do you look for that can keep you from being included in a herd where you don't belong?

I just love these folks. Take the best open source pen testing tool you can think of, put it on steroids, give it a user interface that makes it simple and fast to pen test in a production environ­ment without losing the granularity of manual testing if you need it, and you have Core Impact. Well, almost. Every year I say that I am going to find a better tool, and I actually do comb the market -- unsuccessfully.

When your price starts at $50,000 and you are unique in your marketplace, you'd better have a good product. For Mu Dynamics, that is just where the story starts. When I first met the Mu folks, they were Mu Security. A new name later, they still are the innovators they were a couple of years ago. My conversation with a Mu visionary was an eye-opener.

This category is my personal favorite because it touches on the types of tools we use in the lab. These tools cover a lot of territory - from vulnerability analysis to forensic tools. Even within a category, such as forensic tools, we see some splits that we have needed to extract as product types in themselves. For example, many, including me, view SIEM as a network forensic tool and, as such, we might put it in the forensics subcategory. Not so here, though. Here we give it its own subcategory.