Best Data Leakage Prevention (DLP) Solution
Products in this category include those that help organizations safeguard their intellectual property and customers' critical data persistently – inside and outside the company. Network-based and endpoint data leakage prevention products will be considered. Products should prevent data from unauthorized exit from the network, or protect data on the endpoint – whether the endpoint is connected to a network or not. Products typically are policy-driven and should include scanning of all data, regardless of protocol or application leaving the network, and/or keep track of peripherals, such as removable storage and attached to the endpoint – reporting that inventory to a central location or administrator. All entrants should have the capability of being managed by a centralized administrator. Those products considered part of this category include: network DLP products, which are typically gateways; those products protecting only endpoints; and hybrid products that operate at both the gateway to the network and at the endpoint. Specifically for endpoint DLP, traffic should be monitored and encryption should be available.
- AirWatch by VMware for AirWatch Secure Content Locker
- Check Point Software Technologies for Check Point DLP Software Blade
- General Dynamics Fidelis Cybersecurity Solutions for Fidelis XPS
- McAfee for Data Loss Prevention (DLP)
- Varonis Systems for Varonis IDU Classification Framework
- Websense Triton AP-Data + AP-Endpoint
Best Risk/Policy Management Solution
These products measure, analyze and report risk, as well as enforce and update configuration policies within the enterprise, including but not limited to network encryption, software and hardware devices. Contenders' products should offer a reporting format that covers the frameworks of multiple regulatory requirements, such as Sarbanes-Oxley, Gramm-Leach-Bliley and other acts and industry regulations. As well, this feature should be network-centric, providing reporting to a central administrator and allowing for companies to centrally manage the product.
So, overall, entrants' products should be enterprise-centric; collect data across the network, including threats and vulnerabilities; report associated risk, endpoint configuration, enforcement, auditing and reporting; provide remediation options (but are not exclusively patch management systems); and, finally, offer centralized reports based on regulatory requirements and local policies.
- Qualys for Qualys Policy Compliance (PC)
- RSA, the security division of EMC for RSA Archer Policy and Risk Management
- SolarWinds for SolarWinds Network Configuration Manager
- Tripwire for Tripwire Enterprise
- Trustwave for Trustwave Compliance Manager
Best Customer Service
Support and service of products and services sold are critical components of any contract. For many organizations that seek out help from information security vendors and service providers, the assistance they get from customer service representatives is crucial to the deployment, ongoing maintenance and successful running of the technologies they've bought and to which they have entrusted their businesses and sensitive data. For this new category, we're looking for vendor and service providers that offer stellar support and service – the staff that fulfilled its contracts and maybe even goes a little beyond to ensure that organizations are safe and sound against the many threats launched by today's savvy cybercriminals.
Best Professional Certification Program
Programs are defined as professional industry groups offering certifications to IT security professionals wishing to receive educational experience and credentials. Entrants can include organizations in the industry granting certifications for the training and knowledge they provide.
- (ISC)2 for Certified Secure Software Lifecycle Professional CSSLP
- (ISC)2 for CISSP
- Global Information Assurance Certification (GIAC) for GIAC Security Expert (GSE)
- ISACA for Certified information Security Manager (CISM)
- ISACA for Certified Information Systems Auditor (CISA)
Programs are defined as those geared toward strengthening expertise of information security professionals via training, by an outside industry expert, on secure coding, end- user awareness and more. Entrants can include companies offering such training and which does not conclude with the winning of a particular professional certification.
- (ISC)2 for (ISC)2 Education/Training Program
- Guidance Software for EnCase
- RSA, the security division of EMC for RSA Education Services' Advanced Cyber Defense Curriculum
- SANS Institute for SANS Securing the Human (STH)
- Wombat Security Technologies for Security Education Platform