Hall of Fame

Industry Innovators 2016: Hall of Fame

This is where our Innovators come to collect all of the marbles. After three appearances as Innovators and numerous good results in our monthly Group Test reviews and, perhaps, a First Look or two, the cream ends up here. We view this inclusion with mixed emotion because these Innovators may no longer participate in the yearly round-up, but, at the same time, we are proud that they have distinguished themselves over a sustained period of time.

Hall of Famers have a mixed future. They just about all go on to differentiate themselves in the marketplace. A few are acquired and a few merge with other, complementary companies to form new entities that might well end up here someday. We looked back over the years that we have had the Innovators issue and we don't think we ever have lost a Hall of Famer completely.

To get this far an organization needs to show creativity and innovation in product, business practices and go-to-market strategy. When we consider a company for its second and third years, we are tougher than when we selected the company originally. In order to be selected a second or third time, the company must demonstrate sustainability. It's not enough to be innovative if you want to be selected year over year. You also must show that you have sustained your innovation and, hopefully, upped your game. That is what gets you into the SC Media Hall of Fame.

Once a company makes it here, it can use the SC badge in its marketing and at trade shows. This means something to customers and potential customers. It means that the company is thinking toward the future and identifying and solving challenges in the future. That can be a significant market edge.

For many of our Innovators and Hall of Famers, this is important because – among other things – these tend to be smaller companies fighting giants with a lot more resources. Sadly, many of these larger companies are more content to be followers than leaders. They depend on market stature instead of innovation. But, we think that spells good news for smaller, creative companies with great ideas and the moxie to pull them off. So…drum roll, please…Here is the SC Media Hall of Fame for 2016.

Catbird Security

We expect that it is the last time for a while that we will be able to use the bad pun about this Innovator being in the Catbird seat. Bad pun or not, though, that certainly is where this Innovator is sitting now. Catbird didn't invent microsegmentation, but it has built a solid business on the concept. This allows more fine-grained security management than simply placing controls at the perimeter. The product was designed from the ground up for virtualized environments and it has two parts: the Virtual Machine Appliance (vMA) and the Control Center (CC). Both are, as one would expect, virtual appliances.

The vMA installs on the hypervisor and the CC is deployed as a separate virtual machine. The microsegmentation allows visibility at the virtual machine level. Because it has this visibility, it can see lateral traffic across the virtual enterprise. While it also sees traffic into and out of the virtual environment, the lateral movement is, perhaps, most useful to defenders. The fine-grained security policies allowed by microsegmentation help pinpoint possible malicious activity, potentially down to the individual device level.

This Innovator is beginning to spread its wings into other cloud and virtual platforms. The company was born and raised in the virtualized private cloud but now its customers are asking for broader coverage. Customers want to have coverage on all platforms, agentless where possible, but using lightweight agents where necessary. The eventual goal is to cover virtual, physical and private cloud environments.

Additionally, Catbird Security has increased the level and depth of its analytics using its unique trust zone constructs. That means, among other things, looking for anomalies measured against statistical norms on the systems. Catbird already has done a lot of workload analysis and now is adding more analytics. This is just another example of how this Innovator responds to customer demand. It already has high quality of correlated data and has a clear topological view of the virtual enterprise. The long term goal is to knock down the virtual wall between the NOC and the SOC giving security engineers and IT/network engineers a complete, correlated view of the entire enterprise. This will promote collaboration and lead to more rapid control of security incidents.

We welcome Catbird Security to the SC Media Hall of Fame.

We have been following Good Technologies for some time. The company's product mimicked the BlackBerry Enterprise Server approach and developed the same kind of implementation for other platforms. It also allowed running apps behind the firewall. Now, BlackBerry has acquired Good Technology and – excuse another bad pun, please – that looks very good for BlackBerry. This was one of those very nice matches where both parties contributed to the mix. BlackBerry has traditionally focused on command and control while Good Technology traditionally has focused on containerization of applications.

BlackBerry has taken Good Technology's products and technology and integrated them into new releases. Of course, there are a few Good Technology components or products that still stand alone, but the current offering is mostly BlackBerry. BlackBerry believes that taking the two product lines together forms best of breed for mobile device management and the best of breed for application security. The new products are, as one would hope, device agnostic. Probably the best part from the mobile device user's perspective is that complexity is abstracted away from users. Such things as VPNs, that can be so troublesome to use and keep connected, now are handled automatically.

BlackBerry of late has focused on its software which has a lot more applications than mere smartphones. For example, it is being used today to track over-the-road trucks. That is just one example of how BlackBerry can extend its – and Good Technology's – innovations into a wide variety of applications and markets. Its software also has done well in reviews so it is pretty clear where this Innovator is headed.

For today's enterprise, this acquisition allows BlackBerry to provide devices and a software platform that enables and manages security, mobility and communications between and among hardware, programs, mobile apps and the Internet of Things. Addressing the Internet of Things can be a challenge, but certainly considering the Good Technology containerization scheme, it is not an impossible task. BlackBerry has seen its share of challenges over the years, but it is the mark of an Innovator that it sees adversity as an opportunity. BlackBerry clearly saw things from that perspective and never looked back.

Welcome BlackBerry to the SC Media Hall of Fame.

When we first met PhishMe we thought that the name was a bit curious. However, the premise behind the company at the time was interesting so we began following it. At the time, this Innovator was largely involved in anti-phishing training. Because that threatened to become a commodity, the company started looking for ways to enhance its services. That led to offering, as part of its training, testing in the form of crafting phishing emails and sending them to clients' employees. For those who “bit,” PhishMe then would provide some additional coaching. It became a sort of closed loop training. One thing that assuredly has contributed to the company's success is that it can point to documented results. It has trained millions of employees worldwide.

The company has developed its Simulator product which uses behavioral conditioning to train employees how to detect and avoid phishing emails. Simulator is provided as a cloud-based conditioning platform. The tool generates customized phishing attacks simulating a variety of attack techniques including spear phishing, social engineering, malware and malicious attachments, and advanced conversational phishing.

The Reporter lets employees, having detected a phishing email, report it through their own chain of command. This helps administrators block phishing sites and lower the prevalence of phishing, spear phishing and whaling. It also is effective against malware and other types of attacks that are delivered or triggered by a phishing email. This is a pretty big deal since a very high percentage of successful breaches are the result of responding to phishing.

PhishMe now has over 300 employees worldwide and has opened several offices around the world. An important step in its evolution, PhishMe acquired Malcovery for its cyberintelligence-gathering capability and folded it into PhishMe as its intelligence arm with a significant international flavor. Triage – introduced last year – has grown very well and is evolving into a workbench for analyzing phishing attacks and messages. Along the way, this Innovator is creating new analytic modules and automating. Meanwhile, it is making enhancements to the Reporter and working on a mobile edition. PhishMe continues enhancing its natural language process to allow it to cluster similar emails for analysis.

We welcome PhishMe to the SC Media Hall of Fame!

This Innovator has a very interesting history that, perhaps, could not really have predicted where it would end up today. The earliest Pwnie Express tools were for remote pen testing from inside the network. Today, of course, that still exists, but there is a lot more to the Pwnie Express lineup. Its tools set provides continuous monitoring and detection, identification and classification of wireless, wired and Bluetooth devices. All of this data, gathered from a Pwnie Express sensor, feeds a cloud-based dashboard called Pulse. There is a lot that can be accomplished directly from the dashboard, but users also can access the underlying sensor operating environment for adding further capabilities or finetuning the ones you've already deployed.

The Pwnie sensors don't care what wireless band you're using. It monitors everything. The tool used multiple sensors at Super Bowl 50 to gather wireless data coming from over 75,000 users in the stadium. All sensors are self-contained units that require only power and Ethernet with internet to function. In addition to Wi-Fi and Bluetooth (which the sensors can detect in real-time) there also is rogue 4G detection. So, using your data plan instead of the Wi-Fi won't hide you from the Pwnie. Coupled with that capability is the ability to pass data to a SIEM, making this Innovator's tool a full partner in the security fabric of the organization.

During testing in our lab, we found the products very easy to work with. Participating in a deployment at a financial services organization – across multiple locations – we found that deploying and tuning was straightforward. The sensors come in a couple of versions. One is small and simple – about the size of a large, square hockey puck. The other a small-footprint desktop device. The larger – the PwnPro – has the space to add to the software in it already. On that one you can run Metasploit, whereas on the smaller one you only can run OpenVAS for vulnerability testing. For remote penetration testing, using the Metasploit option is a very significant benefit.

Overall, this is an innovator that certainly belongs in the SC Media Hall of Fame. Welcome, Pwnie Express!  

Click here for Virtualization and cloud-based security