Of all the sections in our annual Innovator section, I like the Hall of Fame the best. Hall of Famers are in their third consecutive year of appearing here and that sends the strong message that they are Innovators and they have staying power. We look for that quality because innovation is a continuous process. While we have to say goodbye to these companies, we usually expect to see them do bigger and better things up the road. It’s just the nature of innovation.
When we look at our Hall of Famers we look at more than just their appearance in three consecutive Innovator issues. We look at what they have done to continue innovating. Are they addressing new challenges in creative, effective ways? Have they kept pace and perhaps moved ahead of the technical challenges that seem to always be snapping at our heels? How are they dealing with market trends?
Evolution in these pages is not a thing that we can predict reliably. Some of our companies have reinvented themselves or their products to meet rapidly evolving market of technology trends. Some simply have taken the right paths with their products to continue to stay ahead of the curve as the market space – and the threatscape – changes. It’s hard to predict what will succeed in today’s rapidly changing security environment and that is one thing that makes our Hall of Fame members so extraordinary.
I think that you will agree with me and our SC Labs team that this is a pretty impressive group of companies. It is not uncommon for companies that appear in the Hall of Fame to merge or be acquired. This is a market of convergences and convergence often occurs when an organization excels at what it does. Without question, the companies represented here have excelled and though we will look for them in group reviews and First Looks in the future we would not be surprised to see announcements of convergences in their futures.
So, as we reach the end of our December 2014 products section, sit back, relax and take a look at the brightest and best of the crop of Innovators that have graced these pages for the past three years. I think you;ll agree that our choices were pretty much on target. And, of course, we’ll see you in 2015 for another year in the SC Labs.
Vendor: Barrier1/The Barrier Group
Flagship product: Barrier1.
Innovation: Very high quality analytics combined with superior sensoring and modularity.
Greatest strength:These folks are an Innovator’s Innovator. They live in one of the most fast-moving markets in our industry with a threatscape that is constantly changing and they continue to rise to the occasion with newer and better analytics.
This is another one of those very cool products that is based on sophisticated mathematical algorithms. We get regular emails from the company pointing out various breaches that the tool could have prevented. Typically, I ignore that type of hype, but after knowing these folks a while I know, as a fact, that there is no hype here. They say what they mean and they mean what they say. The product works and it works exactly as advertised if not a bit better. Like most in our business, I really like the notion of under-promising and over-delivering. That’s just Barrier1’s style though, and after a while we got used to it.
We first met this tool up close and personal – not just in the review lab – when we installed one in our Center for Advanced Computing and Digital Forensics. We did not install it to protect us – we installed it to gather data for analysis. Recently, we had visitors to the lab and showed them the countries that had been knocking on our doors since we installed the Barrier1. Even we were surprised at the probes and potential attacks that the product had fended off.
There are a couple of reasons that this tool works as well as it does – beyond the algorithms, of course. First it is at a significant advantage over other similar products due to its modularity. It is designed from the ground up to grow. The second advantage is its sensoring technology. I often have said that you can’t find the answers until you know the questions. In this product it is the sensoring that allows you to grasp the questions fully so that the sophisticated analysis capability can take over and provide the answers.
Barrier1 is a seven-layer device. It sees and analyzes traffic on all seven OSI layers. Because of that it is hugely flexible. One of the objectives for the Barrier1 folks over the next year is to work with specialized markets to develop defenses for specialized attacks peculiar to those markets. That suggests looking at such things as industrial control systems. We’ll just have to wait to see what this Innovator has up its sleeve for a follow-up to their fine performance up to now.
Flagship product: UFED Touch and several other related tools
Cost: Varies depending on product and configuration.
Innovation: Comprehensive suite of mobile device forensic tools, including on-site portable devices.
Greatest strength:The ability to work with the market – from law enforcement to business and industry – to provide a comprehensive collection of tools that covers the full range of mobile device forensic needs.
These guys pretty much control the mobile device forensic market. And it really is no wonder given the depth and breadth of their offerings. From the hardware UFED Touch to the UFED Physical that goes on a PC, they cover the territory. Here is a case where innovation, creativity and imagination all converge to provide a solid platform for some task. In this case, the task is understanding, forensically, the contents of a mobile device.
That sounds pretty straightforward, but in reality it is not so simple. There are thousands of different mobile devices. Two devices of the same type from the same manufacturer might still be different. As well, there are knock-off chip sets from China and other countries that don’t behave forensically exactly as one would expect. Finally, there is the need to converge forensic data from multiple devices and, perhaps, with forensic data from a computer.
Cellebrite accomplishes all of this. We have been using Cellebrite tools in the SC Lab for more than three years and we are continuously amazed at their efficacy. We especially like the link analysis option. That lets us pull images off of several phones and tablets and look for shared information. Consider a crime where several people are alleged to have been involved. You have all of their cell phones, but it is a tedious task to analyze each one and look for correlations. With link analysis it’s a walk in the park to make the connections.
The big news over the past year, though, involved improving the utility of the tools. For example, you now can see an extraction immediately as it is done. JTAG decoding is now available and you can take screen shots of the phone while it is connected and those screen shots become part of the forensic report. Also, in link analysis the tool can integrate with IBM’s i2 link analyzer, the workhorse of link analysis. That means that just about anything that can be characterized using link analysis is fodder for the Cellebrite tools. It really doesn’t get much better than that if you are struggling with cases involving mobile devices.
Flagship product: myris
Cost: MSRP $279.
Innovation: Creative ways to use iris-based biometric identification.
Greatest strength: Vision – no pun intended – these folks have a knack for seeing what real problems need to be solved and apply their technology to effect a solution.
These folks are just plain cool. There are no two ways about it. We have been watching the evolution of EyeLock for quite a while and they never cease to amaze us. When we first met EyeLock they made some pretty wild claims. The big one was that they could spot people at a distance using iris-based biometric scans. The people could be in motion. Imagine picking out individuals passing through security at an airport or gambling at a Las Vegas casino. The people could be moving around but the still could be picked out.
Now, consider that deployment of this device – actually quite small – was industry compatible, requiring nothing particularly special. In fact, it could replace your existing card swipe system without a lot of trouble. Sounds like a pretty good deal. Add that it is priced attractively and what else could you want?
Well, let’s start with physical access control. Can it do that? Yep. No problem. OK, I want this for my computer. I travel a lot and it would be nice to know that my system was secure from malware, phishing, etc., because it knows who I am. I want this capability to be able to be embedded in the Internet of Things. Well, that was the latest innovation from this Hall of Famer.
The newest addition to their stable of tools is a device that is simply a USB device. It is a simple USB-powered peripheral called Myris that secures my PC just by plugging into it. That’s all there is to it. I can’t wait to make this part of my inventory of gadgets. It is truly useful in helping secure my computer and it is priced attractively.
This is the sort of thing that has kept this Innovator at the forefront of biometrics. First, they settled on a reliable method of biometric identification and authentication. Then they stepped back and considered how it could be used. Not just a product, it turns out, but a concept that could be applied across a range of potential products. Finally, without worrying about which products were cool – and all of theirs are – they were more concerned with what problems needed to be solved. That’s the road to innovation. Solve problems efficiently and elegantly and you’ll end up in these pages.
The CounterACT appliance – software or hardware – is really a lot more than a simple security appliance. It is a platform for innovation. The ForeScout folks have created this platform based on customer use cases and they never have stopped listening to their customers. They have the pulse of the market as well as just about any company in the security space that we have seen.
Vendor: ForeScout Technologies
Flagship product: CounterACT
Cost: $9,752 (software appliance); $13,995 (CT100/A hardware appliance)
Innovation: The notion of the appliance as a platform for innovation.
Greatest strength:The vision to convert customer use cases into a powerful tool that addresses them directly and does it in a way that invites customer innovation as well.
Like many of our most successful Innovators, ForeScout has built the CounterACT tool to meet the evolving needs of a market space characterized by rapid change. The key is the platform. With a platform that is flexible and has the ability to morph over time to meet new challenges, the company is free to listen to customers and innovate solutions to those tough challenges. An example is just-in-time vulnerability management. With the platform comes the ability for others to innovate as well. That, according to ForeScout, is an evolutionary process, but one that is well underway.
One of my pet peeves is that everything today is a “solution.” Nobody wants to tell you what problem their product actually solves. They simply call it a solution. In my view, a solution is a solid dissolved in a liquid until you explain what it is that you are solving. Imagine my happy surprise when this Innovator informed me that the CounterACT was a “solution to use cases.” Not only are they using the characterization correctly, they are describing succinctly exactly what their product does. They also are telling us that what they do is important, unique and effective.
What is on the horizon, then? The natural evolution of the product suggests that at some point these use cases could be most effectively solved by the users themselves. And that is exactly the direction ForeScout is heading. They envision a sort of app store that integrators could use to add applications to the platform. That makes a lot of sense because along with the solutions to use cases there are bound to be other customers who need the same solutions. It’s sort of like having an app store that supports Android devices. The devices are the platform and the applications satisfy the customers’ use cases. Now that’s innovation!
Flagship product: MetaFlows Security System (MSS)
Cost: Small enterprise: $2,736/year; corporation/university: $10,972-plus/year.
Innovation: Hybrid combination of on-premises sensors and cloud analysis taking advantage of global intelligence.
Greatest strength:This hasn’t changed since we last visited them. They still pride themselves on listening to their customers and imagining the future beyond what the customers tell them.
You may recall this Innovator from the past two years. They have been among the pioneers in putting security at the perimeter in the cloud and their approach was a model for other similar approaches. Fundamentally, the idea behind the MetaFlows model is that all of the security analysis is done in the cloud where a greater level of support is available. Taking advantage of aggregating responses from their large customer base, MetaFlows can disseminate the results of analysis – of malware, for example – to all customers. This adds an element of early warning to their service.
In addition to the usual malware analysis, however, agents on the enterprise allow the cloud-based system to provide IDS/IPS as well as SIEM services. On the malware side, communication with VirusTotal is automatic and there is a new correlation engine rule API that keeps track of multiple sessions and creates incident reports as necessary. The new wrinkle here is that this all is based on a meta-description of the event being analyzed and reported.
Analysis consists of both event and flow analysis. Correlating this information allows MetaFlows to avoid false positives while not missing important alerts. Also, the correlation creates powerful new heuristics that can be used across the user base. This approach is unique and indicative of the company’s creativity and innovation.
The whole approach that the company takes is that perimeter defense is no longer enough, in fact, may not even be relevant. That means that to protect the enterprise the focus must be on assets, including external ones, analyzed using behavioral analysis. Using multi-session analysis, patterns emerge that allow a more complete defense than typical traditional perimeter tools.
We were pleased that this Innovator continues to blaze the trail ahead for perimeter defense in an environment increasingly consisting of less and less perimeter to defend. The problem is a tough one and MetaFlows has brought creativity and insight to the solution. This is one of the most positive uses of the cloud for security purposes that we have seen in quite a while.