This category has long been one of our favorites. Over the years we have seen some pretty exciting products and companies go through this group and many have passed into our Hall of Fame. Analysis and testing covers the entire gamut of testing – from forensic tools to penetration testing. This year we include one of each. We have a company that is the market leader in mobile device forensics and one emerging company in vulnerability and risk assessment. That one is run by one of the shining lights of another vulnerability and pen testing company that joined our Hall of Fame last year, Saint.
Testing and analysis holds a very special and sometimes misunderstood place in the information security pantheon. Being analysis, it requires special skills and knowledge on the part of the test engineer. That said, tool-makers are striving constantly to develop testing and analysis tools that require as little intervention from humans as possible. With systems becoming larger and more complex at an almost logarithmic rate, this is both necessary and much easier to say than to do.
The tools we featured in the past attempted, usually with good success, to achieve this. Sadly, there are many tools that achieve the automation but fail on the functionality needed to be truly useful. That is not the case here, of course.
This is our definition of the ultimate type of testing tool: simple, fast and comprehensive at the appropriate level or much deeper and more comprehensive when needed for more complete analysis.
The other tool really isn't a tool. Rather, it is a service, and it is simplicity itself. It is extremely cost-effective, nearly hands-off in operation and it gives specific results that are key. This is a case of giving back absolutely nothing that is not required under the circumstances. That makes it easy to use and interpret while at the same time providing exactly what the user expects it to provide. It doesn't get much better than that.
So, bottom line for this category? Appropriate to the testing task, effective, comprehensive with the right amount of human intervention and cost-sensible. That is what we found this year in our Innovators for this group.