Best Authentication Technology
ForgeRock Identity Platform
All journeys have a beginning, middle and an end, and it’s the job of the ForgeRock Identity Platform to ensure that every authentication journey, from start to finish, remains safe for the client and easy for the user.
The platform’s Intelligent Authentication feature delivers the unique ability to visually map user authentication journeys with a drag-and-drop interface and, post-implementation, use analytics to measure the user experience.
This makes it possible to offer a more personalized and frictionless authentication experience across channels and digital touchpoints in a manner that caters to customer or employee needs. Meanwhile, the organizations implementing these journeys are able to consolidate multiple logins into a single, consistent and secure experience; audit all login events; and minimize the risk of DDoS attacks and breaches.
One of the keys to Intelligent Authentication’s effectiveness is the use of “authentication trees” that allow for multiple paths and decision points throughout a journey. These trees are composed of various nodes that define actions taken during authentication and can be combined to create unique user experiences.
A recent ForgeRock case study demonstrated how the state of Utah benefited from the Identity Platform by saving up to $15 million over five-to-six years, due to efficiencies from modernizing its identity and access management infrastructure.
In December 2018, ForgeRock enabled its platform to be deployed on any cloud environment, with preconfigured installation packages for 1 million, 10 million and 100 million identities. Customers reported reducing their implementation costs by 25 percent while doubling ROI. The platform is built for limitless scaling, and it supports DevOps practices using Docker and Kubernetes.
|Cisco Systems||Duo Security|
|ForgeRock||ForgeRock Identity Platform|
|RSA||RSA SecurID Access|
|SecureAuth||SecureAuth Identity Platform|
Best Business Continuity/Disaster Recovery Solution
Semperis AD Forest Recovery
It reportedly took 10 days for the global shipping company Maersk to rebuild its network following a devastating NotPetya disk wiper attack in 2017. It was an impressive comeback, but the company spent a large chunk of those 10 days recovering Microsoft Active Directory, a collection of services that are foundational to saving the rest of the network. Altogether, the attack cost Maersk up to $300 million.
Semperis AD Forest Recovery exists to prevent similar disasters from befalling another organization by automating and expediting the restoration effort with a “cyber-first,” three-click approach that can save millions that would be otherwise lost to business interruptions caused by such threats as ransomware and wipers.
According to Semperis, traditional AD back-up tools only address recovery from IT operational issues, where the AD is impacted but host servers aren’t. And legacy approaches such as bare-metal recovery can cause issues because backups contain boot files, executables and other artifacts where malware can linger and lie in wait to cause secondary infections.
AD Forest Recovery’s cyber-first approach, on the other hand, separates AD from the underlying Windows operating system and only restores what’s needed for the server’s role (e.g. a domain controller, DNS server, DHCP server, etc.), virtually eliminating the risk of re-infection, Semperis asserts.
Additionally, the tool’s automation helps organizations avoid human errors while accelerating the restoration process, including rebuilding the global catalog, cleaning up metadata and the DNS namespace, and restructuring the site topology. Such capabilities can help organizations reduce downtime to minutes rather than days or weeks, while restoring AD to the same or different hardware, on-premises or in the cloud.
|Arcserve||Arcserve Unified Data Protection (UDP)|
|Deloitte & Touche & Dell Technologies||Data Destruction Recovery Services and Cyber Recovery Solution|
|Onspring||Onspring's Business Continuity & Disaster Recovery Solution|
|Quest Software||QoreStor 6.0|
|Semperis||Semperis AD Forest Recovery|
Best Cloud Computing Security Solution
It’s easy to see the business benefits of cloud-based applications. But figuring out what cloud security solution is best to secure them all in a consistent manner? That’s when things can get a little, well, cloudy.
Bitglass’ CASB (Cloud Access Security Broker) solution clears up the fog, enabling enterprises to secure any SaaS apps, IaaS instances, data lakes, on-premises apps and private cloud apps built on any platform. The company’s total data protection suite provides end-to-end security and comprehensive visibility over corporate data, while limiting sharing and preventing data leakage.
Bitglass CASB protects data on any device, at any time, and from anywhere in the world – without the need for agent-based deployments. IT departments can confidently adopt cloud technologies and BYOD policies, knowing they are filling critical security and compliance gaps.
The solution doubles as a mobile device management solution, an identity and access management solution (replete with single sign-on), and a data loss prevention tool that works across any app or workload. This provides a single pane of glass for enterprise IT departments trying to manage disjointed cloud services and security tools.
Bitglass CASB owes its success to its hybrid architecture, which leverages a combination of proxies and API integrations – including reverse proxy – to ensure complete coverage against all risk of data leakage on any app or device.
The solution delivers real-time, advanced threat protection, capable of detecting zero-day threats at upload, at download and at rest. Other standout features include full- strength encryption, as well as unmanaged app control that renders apps read-only to prevent data leakage.
And because the agentless solution can be rolled out quickly and requires no software installations, customers report large operational cost savings.
|Centrify||Centrify Zero Trust Privilege Services|
|CipherCloud||CipherCloud CASB+ Platform|
|Illumio||Illumio Adaptive Security Platform® (ASP)|
|Mimecast||Cyber Resilience for Email|
Best Computer Forensic Solution
EnCase Endpoint Investigator and EnCase Mobile Investigator
Step aside, New York Yankees and New England Patriots. Your dynasties pale in comparison to that of the EnCase product line from OpenText, which has now won the SC Award for Best Computer Forensic Solution for 10 years running.
Collectively, EnCase Forensic, EnCase Endpoint Investigator and EnCase Mobile Investigator help law enforcement officers gather digital forensic evidence from endpoints such as computers, mobile devices and IoT devices. Meanwhile, the solutions also provide businesses with the tools to examine HR issues, compliance violations, regulatory inquiries and IP theft.
Despite its decade-long winning streak, OpenText isn’t resting on its laurels. The company just recently introduced its OpenTextMedia analyzer, a new module that allows investigators to quickly analyze large volumes of images and video collected as evidence.
Digital forensic investigators require court-proven tools that can deliver 360-degree visibility, collect evidence from vast datasets, and improve efficiency and effectiveness by automating the laborious investigation processes into a few simple steps.
EnCase Endpoint Investigator provides seamless, remote access to laptops, desktops,
and servers, ensuring that all investigation-relevant data is discreetly searched and collected in a forensically sound manner. EnCase Forensic offers broad operating system file parsing capabilities and encryption support, allowing users to quickly complete investigations of any operating system. And EnCase Mobile was introduced in 2017 to augment mobile forensic investigations.
User organizations can make confident decisions related to sensitive internal matters due to EnCase’s thoroughness and Endpoint Investigator’s unique ability to prove the chain of custody of data if a case faces legal challenges. According to EnCase, it is not unusual for users to exceed a 100 percent ROI after their first few investigations.
|AccessData||Forensic Toolkit (FTK)|
|Endace||EndaceProbe Analytics Platform Product Family|
|OpenText||EnCase® Forensic, EnCase Endpoint Investigator & EnCase Mobile Investigator|
Best Customer Service
Nobody scored better in customer service this past year than SecurityScorecard.
The security ratings company assesses various companies’ cyber postures and assigns a score that security professionals can review, helping them assess the risk of current or future business partners.
The company’s customer service superiority starts with the Customer Success Manager (CSM) that each client is assigned as a strategic advisor. The CSM takes customers through a customized on-boarding process, which includes a live demo of the platform that’s specific to each client’s use case, and helps ensure that project milestones are met.
Supplementing the CMS is the Customer Support team, which reviews, validates and remediates disputed claims or ratings within 48 hours.
Customers also have a dedicated solutions engineer for technical support, while a customer reliability engineer ensures all remediation requests delivered through the platform are resolved in an appropriate and timely manner.
From a sales perspective, SecurityScorecard operates via a pod structure, with each pod focused on a territory supported by a field sales representative or inside sales representative, who acts as an additional line of communication.
Customers also have access to unlimited web-based help, as well as on-site support (via its Professional Services offering) and reading materials, including platform video tutorials, knowledge base articles, supplemental best practice documentation, eBooks, white papers and FAQs.
The company responds to customer feedback via reviews and social media, and its product management team also holds regular user feedback sessions. Additionally, SecurityScorecard has a Customer Advisory Board for knowledge sharing and strategic feedback.
|Cybereason||Cybereason's Customer Success Team|
|KnowBe4||Customer Success and Support|
|ThreatConnect||ThreatConnect Customer Success|
Best Cybersecurity Higher Education Program
Capitol Technology University
Capitol Technology University offers its students a bold guarantee: You will receive a job offer within 90 days of commencement, or the school will provide up to 36 additional undergraduate credits, tuition-free, while the search for employment continues.
There’s a reason the private South Laurel, Maryland school is so confident: By the time they finish sophomore year, most undergraduate students at Capitol are already employable. Also, the university maintains close relationships with private-sector companies and the nearby Department of Defense, regularly tailoring its curriculum to suit these organizations’ needs.
Capitol offers BS, MS and DSc programs. Undergrads gain technical knowledge and basic skills in their first semester, and in their ensuing years earn certifications such as Security +, CEH, and Access Data Forensics. MS students are trained to lead teams of security professionals for cyber defense operations, research and analysis, and can develop specializations (e.g. cyberlaw, forensics and cryptography). And its doctoral program is designed to produce senior cybersecurity leaders who take on challenging careers in cybersecurity and academia.
Capitol offers an extensive variety of cyber lab projects, competitions and clubs. Lab areas include cyber, digital and mobile forensics, identity management, IoT vulnerability assessments, quantum computing and SOC analyst training.
A designated a CAE-CDE institution, Capitol was chosen in 2014 to provide Master’s-level courses to newly hired NSA security engineers as part of their development program prior to permanent assignment. Capitol has also been selected by over 20 Cyber Scholarship Program scholars over the past 10 years to earn their degrees in cybersecurity and then return to government service in critical cybersecurity positions.
|Capitol Technology University|
|New York University|
|NYU Cyber Fellows (NYU Cybersecruity MS) - New York University Tandon School of Engineering|
|Red Rocks Community College|
|Master of Science in Cybersecurity Technology - University of Maryland Global Campus|
Data Loss Prevention (DLP) Solution
Digital Guardian Data Protection Platform
Combine DLP with EDR and UEBA and what do you get? Well, if you’re into anagrams, you might get BEAR PUDDLE, but if you’re into cybersecurity, then you get the Digital Guardian Data Protection Platform.
The solution unifies data loss protection capabilities with endpoint detection and response, as well as User Entity Behavior Analytics, enabling organizations to detect and gain insights into anomalous activity, while stopping insider threats and external attackers from exfiltrating data.
A key component is the Digital Guardian Analytics & Reporting Cloud, which incorporates an innovative function that leverages the same endpoint agent, network sensor and management console to prevent data loss. This approach simplifies management, streamlines information sharing, eases the burden on resources and reduces cost.
Users derive a rich set of analytics from monitoring system, user and data events. Alarms are only triggered for high-fidelity events, and when they do occur, security professionals can respond with drag-and-drop incident management and real-time remediation, blacklisting processes as needed.
The solution also comes with analyst-approved workspaces, which point security professionals to events relevant to identifying suspicious activity. Analysts can drill down to follow an investigation and determine next steps, or to create custom dashboards, reports and workspaces.
DG’s Data Protection Platform can be deployed as a software-as-a-service or on-premises solution, or as a managed service.
Digital Guardian made significant improvements to its DLP technology this past year. Fully integrated UEBA capabilities were optimized to supplement data classification and rule-based policies with even more granular insights. And the Security Risk Dashboard now allows users to view everything in a single user interface, while prioritizing the most important security alerts corresponding highly to sensitive data.
|Digital Guardian||Digital Guardian Data Protection Platform|
|Fidelis Cybersecurity||Fidelis Network|
|Proofpoint||Proofpoint Information Protection|
Best Database Security Solution
Imperva Data Security
After winning Best Database Security Solution in 2019, Imperva retains the honor this year for its Imperva Data Security product offering.
Imperva Data Security is equipped with machine learning and analytics to quickly detect, classify and quarantine suspicious data activity and protect sensitive information on premises, in the cloud and across hybrid IT environments. It also provides security teams with deep context to quickly investigate and remediate security incidents.
Imperva automates a litany of processes, helping users conserve resources. The solution discovers, identifies and classifies sensitive data; assesses database vulnerabilities; monitors data access and usage; analyzes user behavior and flags actions that contradict normal activity; and detects policy violations in real time, sending alerts or even terminating sessions in critical cases. Imperva can monitor and evaluate billions of database events in near real time.
Additionally, Imperva features built-in standardized auditing across heterogeneous
enterprise databases and also allows customers to take monitoring and reporting workloads off their database server so that the server can be optimized for database performance and availability.
A Total Economic Impact Study commissioned by Imperva found that organizations can save more than $3 million over three years by switching from a legacy database security solution to Imperva Data Security, due to reduced risk and lowered cost of compliance audits. The study further determined that users can achieve a return on investment in fewer than 16 months.
Imperva Data Security offers flexible and predictable licensing to fit the needs of customers regardless of the number, location or type of devices or services used, no matter where the data lives.
|Baffle||Baffle Advanced Data Protection Service|
|Imperva||Imperva Data Security|
|MarkLogic||MarkLogic 10, also offered as a data hub service|
|Penta Security Systems||MyDiamo|
Best Deception Technology
Your eyes are not deceiving you. The ThreatDefend Platform from Attivo Networks stands out among deception solutions due to its authentic-looking decoy environment and high-fidelity alert system that reduces false positives.
For user organizations, this results in a sharp reduction in attacker dwell time across all environments, including the network, endpoints, applications, databases, user networks, data centers, the cloud and even specialty attack surfaces like IoT devices, industrial controls systems and point-of-sale solutions – all with a focus on high-value assets.
According to Attivo, the challenge with many detection solutions is the time it takes for them to learn the nuances of an organization’s digital environment. But ThreatDefend provides immediate detection value with its ability to identify and flag attack engagement as well as spot activities such as reconnaissance, credential harvesting and lateral movement.
Moreover, the platform enables enterprises to accurately mimic their real-life production environments inside the decoy environment, further enhancing its realism via Active Directory integrations. This tricks attackers into interacting with fake assets, revealing themselves in the process.
ThreatDefend’s machine learning-based preparation, deployment and management keep deception fresh and authentic. Its BOTsink attack analysis engine generates accurate alerts, which are substantiated with full TTPs and IOCs, simplifying and accelerating incident response while reducing fatigue caused by false alarms.
When an intruder is detected, the solution recommends potential attack paths for mitigation before a major attack occurs. And its 30-plus native integrations and ThreatOps repeatable playbooks automate and expedite incident response such as blocking, isolation and hunting.
Attivo customers have even started to generate additional value by further leveraging ThreatDefend for digital risk management operations, endpoint detection and response, managed services, incident response and continuous assessment/resiliency testing of IT environments.
|Attivo Networks||ThreatDefend Deception Platform|
|Fidelis Cybersecurity||Fidelis Deception|
|Morphisec||Unified Threat Prevention|
Best Email Security Solution
Proofpoint Email Security
E-mail-based attacks come in many forms: malware, credential phishing and fraud schemes among them. But not every threat carries the same weight, and not every target in an organization is equally desirable to cybercriminals.
Proofpoint Email Security is designed to catch and kill all of these species of threats, while also prioritizing them. The solution identifies an organization’s most frequently attacked people and surfaces interesting threats from the noise of everyday malicious activity. Security teams can set adaptive controls based on each user’s risk profile, enabling an automated response.
Delivered as a cloud-based solution available across all platforms and devices, Proofpoint Email Security combines inbound email analysis and filtering with outbound data protection, encryption and secure file sharing.
To combat polymorphic malware, weaponized documents and malicious URLs, Proofpoint Email Security uses sandboxing with static and dynamic analysis. The solution also provides email isolation to isolate URL clicks and prevent malicious content from impacting corporate devices.
To thwart attempts at credentials phishing and fraud schemes like business email compromise (BEC), Proofpoint incorporates detailed email analysis and classification with full kill-chain analysis, including dynamic sandboxing. It also signatures the output of the kits that attackers use to generate phishing pages and proactively detects lookalike domains.
The solution’s automated response capabilities include removing emails from an end user inbox if they are determined to be malicious after delivery, such as when a URL is weaponized after the email is sent. Meanwhile, the solution’s data loss prevention capabilities protect outbound emails by automatically detecting a wide variety of private information and blocking, quarantining or encrypting this info as appropriate.
|Agari||Agari Secure Email Cloud|
|FireEye||FireEye Email Security|
|GreatHorn||GreatHorn Email Security|
|Mimecast||Cyber Resilience for Email|
|Proofpoint||Proofpoint Email Security|
Best Emerging Technology
A 2018 survey of 1,000 companies found that businesses, on average, share sensitive information with about 583 third-party partners.
Unfortunately, it takes only one to cause a damaging data breach incident that harms customers and violates regulations that can lead to massive fines.
It’s imperative that modern security programs extend their security, privacy and compliance expectations to their vendors. Founded in 2016, OneTrust seeks to cut down on third-party risk with its Vendorpedia product, which security pros can use to assess vendors, access research and reference thousands of pre-completed vendor assessments, as well as monitor vendors in accordance with global laws and frameworks.
Vendorpedia lets users automate the entire vendor lifecycle from onboarding to offboarding. Offerings include dynamic assessments with automated risk identification; risk mitigation workflows and tracking; free vendor chasing services to offload assessment-related work; a global risk exchange with pre-populated research and assessments on roughly 8,000 vendors; contract management and service-level agreement performance monitoring; data flow visualizations and custom dashboards; and a breach and enforcement tracker for ongoing oversight.
The platform is updated with the latest privacy laws and security updates thanks to OneTrust’s 40-plus in-house, full-time privacy researchers and a globally available network of 500 lawyers representing 300 jurisdictions.
“Vendorpedia has allowed us to be more agile and scale rapidly to optimize our business processes and simplify our assessment, mitigation and monitoring of third-party risks,” said Jonathan Slaughter, director of compliance, security and privacy at cloud solutions provider ClearDATA.
OneTrust plans to further to advance its platform with future updates that will include expansion of its Global Risk Exchange plus enhancements to its depth of research; breach and enforcement automation workflows to enhance incident response; and an autocomplete assessment tool so vendors can respond to questionnaires faster.
|Blue Hexagon||Blue Hexagon Malware Protection|
|CyCognito||The CyCognito Platform|
|Cymulate||Breach and Attack Simulation|
|DUST Identity||DUST: Diamond Unclonable Security Tag|
Best Enterprise Security Solution
CyberArk Privileged Access Security Solution
Winning back-to-back titles in any endeavor is not an easy accomplishment, but the CyberArk team achieved this level of success by taking home the Best Enterprise Security Solution award in 2019 and once again in 2020.
What CyberArk delivers with the CyberArk Privileged Access Security Solution is the ability to protect its customers as they necessarily invest in digital transformational technologies, move to the cloud, bring on a DevOps team, and invest in IoT and robotic process automation. While these additions certainly make a company more viable, they also greatly increase its attack surface.
In order to continue delivering the highest level of protection against this ever-increasing attack surface, the company in July 2019 unveiled a suite of privileged access security solution products. This includes CyberArk Alero, a dynamic solution for mitigating risks associated with remote vendors accessing critical systems through CyberArk, and CyberArk Endpoint Privilege Manager, a SaaS-based solution that reduces the risk of unmanaged administrative access on Windows and Mac endpoints.
In addition, the company upgraded CyberArk Privilege Cloud. This is the company’s privileged access SaaS offering, which enables mid-sized organizations to improve their ability to continuously discover and manage privileged credentials across the enterprise.
CyberArk is backing up these products, and its customers in general, with a wide array of customer support services. These include security, consulting, implementation, onboarding, project management and certification program services.
According to CyberArk, major benefits include a 10x improvement in time spent on privileged account-related tasks, a 5x reduction in the time spent by IT auditors reviewing session recordings, and 3x faster connections to cloud platforms and web applications.
|Checkmarx||Software Security Platform|
|CyberArk||CyberArk Privileged Access Security Solution|
|Proofpoint||Proofpoint P1 Advanced Email Security Solution|
|Pulse Secure||Pulse Secure|
Best Identity Management Solution
Okta Identity Cloud
Identity and access management is all about connecting the right people with the right systems at the right time. And Okta Identity Cloud is among the very best of getting these “rights” right.
Originally built as a 100 percent cloud-based service, Okta Identity Cloud serves as a bridge to on-premises apps and services as well, acting as the connective tissue across an organization’s technology stack. The identity management solution leverages a recently expanded Okta Integration Network, which enables user organizations to choose from more than 6,000 pre-built integrations with cloud and on-premises systems used by customers or employees. Such capabilities allow businesses of all sizes to embrace technology and adopt the latest apps (e.g. Salesforce, Box, AWS, Workday, G Suite and Slack) without compromising security.
Okta introduced several key additions in 2019. Its new Identity Engine allows customers to address unlimited identity use cases through a set of customizable building blocks for every identity experience, and creates workflows that require less data collection and can be tailored to any particular use case.
Another new innovation is Okta’s Advanced Server Access, which enables organizations to bring continuous, contextual access management to cloud infrastructure. Enterprises can now manage access to on-premises servers and across popular infrastructure-as-a-service vendors.
Also debuting in 2019: Okta Access Gateway, which enables seamless single sign-on access, management and visibility into on-premises applications through the Okta Identity Cloud; Risk-Based Authentication, which uses real-time intelligence surrounding individual login attempts to gain a holistic, personalized view of the context behind each login; and Okta Hooks, which provides developers and IT teams the power to add customer logic to Okta.
|CyberArk||CyberArk Privileged Access Security Solution|
|ForgeRock||ForgeRock Identity Platform|
|Okta||Okta Identity Cloud|
|Ping Identity||Ping Intelligent Identity Platform|
|Thycotic||Thycotic Secret Server|
Best IT Security-related Training Program
Boasting 50 skill and certification learning paths, more than 400 individual courses and over 100 hands-on labs, Infosec’s brand-new IT security training program is designed to help security professionals stay sharp and fill in their knowledge gaps.
Launched in April 2019, Infosec Skills is mapped to the NICE Cybersecurity Workforce Framework, which includes entry, mid-level and advanced cybersecurity roles, backed by research into the actual skills that are requested by employers. With Infosec Skills and NICE, users have the roadmap necessary to identify what employers want and the tools needed to follow the career path of their choice.
More than 2,200 students have signed on since inception, taking advantage of the program’s in-person and online courses, and its monthly and annual plans. Skill paths include: ethical hacking, computer incident response, mobile and computer forensics, web application pentesting and more, while certification paths include (ISC)2 CISSP, CompTIA Security+, Certified Computer Forensics Examiner, CISCO Certified Network Associate R&S and more.
Infosec’s 100-plus labs take place across seven cloud-based cyber ranges, offering skills in command line basics, Linux, networking, network traffic analysis, pentesting, SCADA systems and ISC/SCADA capture-the-flag-style pentesting.
Certification practice exams are also included in an education platform designed for flexibility. Students can study at any time on any device, where and when they learn best.
“I wear 50 different hats in my role and needed a compressed, to-the-point training course that would make sure I was ready for all the [certification] exam domains at a technical level,” said Julian Tang, CIO at Tennenbaum Capital Partners. “Infosec trains thousands of students… so I knew they’d be able to tell me what to expect on the exam and what topics to focus on most.”
|Mimecast nominated by LogMeIn|
Best Managed Security Service
Trustwave Managed Security Services
Trustwave Managed Security Services offer a new beginning for organizations struggling to fortify their increasingly complex IT environments. But just because it’s a new beginning doesn’t mean clients must start from scratch.
Trustwave defies the “rip and replace” mentality of traditional MSSPs by following a technology-agnostic approach that supports a wide array of vendors and cloud services. Customers save by leveraging the technology they already have instead of investing in something new, all while taking advantage of Trustwave’s offerings, including risk management, advanced threat detection and response, security testing, forensic investigations and third-party product management.
To ensure this model works, Trustwave collaborates with its clients to understand their unique tech environments, risk tolerance and personnel skillsets, and then designs a corresponding security plan that’s supported via the Trustwave SpiderLabs team of ethical hackers, threat hunters and incident responders. Moreover, the Trustwave Global Threat Operations team helps ensure that clients’ existing technologies are being used correctly through frequent audits, assessment and re-training.
September 2019 saw the debut of the Trustwave Fusion platform, which connects the digital footprints of clients to a security cloud comprised of the Trustwave data lake, advanced analytics, threat intelligence, managed security services and a team of elite security specialists.
Through a dashboard – accessed via computer, tablet or mobile phone – organizations can view protected assets and device health, respond to alerts, schedule penetration tests and vulnerability scans, manage third-party technologies, scale resources on demand or order a threat hunting team into action.
Trustwave Fusion integrates with the company’s global network of nine SOCs and the Trustwave SpiderLabs Fusion Center to give clients excellent threat visibility and the power to take swift action against incidents.
This is the second consecutive year Trustwave took top honors in the MSSP category.
|AT&T Cybersecurity||AT&T Managed Threat Detection and Response|
|Digital Guardian||Digital Guardian Managed Security Program|
|Trustwave||Trustwave Managed Security Services|
Best Mobile Security Solution
Aegis Fortress L3
Here’s a riddle for you: When is data both at rest and in motion at the same time? The answer: When it’s sitting on a portable device being transported all around by your employees.
With the rise of remote working and data on-the-go, company data has become increasingly exposed and in danger of being compromised. But the Aegis Fortress L3 portable storage drive from Apricorn removes the risk of sensitive information falling into the wrong hands.
The ultra-rugged and securely encrypted drive is designed to protect the most sensitive data of companies, especially those operating in industries where data security is federally regulated and compliance is mandated. And since it’s software-free and platform agnostic, it is compatible with all operating systems and machines with USB connectivity.
The L3 doesn’t mess around with preset default PINs – a common security vulnerability that could allow an unauthorized party to easily access the data if they were to take possession of the device. As an alternative, the drive comes standard with Apricorn’s “Forced Enrollment feature,” which requires the admin to register a unique PIN. The drive also allows for a separate user PIN to be established.
The L3’s complete FIPS (Federal Information Processing Standard) 140-2 Level-3 validation is the highest level assigned by the National Institute of Standards and Technology (NIST) to portable encrypted devices, and the validation boundary includes the electronics, drive, external fasteners and even the enclosure itself.
|Apricorn||AEgis Fortress L3|
|Data Theorem||API Discover and API Inspect|
|Lookout||Lookout Mobile Endpoint Security|
|MobileIron||MobileIron’s mobile-centric, zero trust platform|
Best NAC Solution
Cisco Systems, Inc.
Cisco Identity Services Engine (ISE)
As NACs go, the Cisco Identity Services Engine (ISE) plays well with others.
Benefiting from Cisco’s extensive partner ecosystem for automated solution integrations and an IETF standards-based integration platform, ISE also meshes with other products in the company’s extensive line, including Cisco Firepower, Stealthwatch and Advanced Malware Protection.
Cisco’s commitment to baked-in security is borne out with ISE, which builds advanced security directly into the network, enabling secure access while simultaneously turning it into a zero-trust enforcer.
ISE offers a bevy of rich features, including visibility to assets connected to the networks; secure wired, wireless and VPN access; device compliance; and network segmentation, which can reduce the scope of compliance. As with most Cisco solutions, ISE is highly scalable, supporting up to 2 million concurrent endpoint sessions. The company touts ISE as the only NAC solution that includes TACACS+ for role-based, administrative access control to networking equipment.
Its scalable architecture along with an intuitive interface and supported integrations translate into accelerated NAC project roll-outs, with organizations saying they spend less time configuring and troubleshooting and achieve key project milestones more quickly.
All in all, Cisco ISE users can expect a positive impact on economics and an impressive return on investment, according to an analyst who found that organizations using ISE have seen savings of about $1.9 million . ROI for some has hit 120 percent with payback of 12 months.
With numbers like those – and ISE’s ability to play well with others – it’s no wonder that Cisco has a commanding presence in the NAC field with 34.3 percent of the marketplace and more than 29,000 customers sprawled across the Fortune 500.
|Aruba, a Hewlett Packard Enterprise Company||Aruba ClearPass|
|Cisco Systems||Cisco Identity Services Engine (ISE)|
|Forescout Technologies||Forescout Platform|
Best Professional Certification Program
Certified Information Security Manager (CISM)
ISACA celebrated its 50th anniversary in 2019, and now in 2020 it has a new reason to rejoice: Its Certified Information Security Manager (CISM) program has won Best Professional Certification Program at this year’s SC Awards.
The global association, which provides training and education to 140,000 members via 460,000 engaged practitioners, calls CISM the only management-level certification for infosec professionals.
Most security certifications measure professionals’ comprehension of the technologies and processes they use. But CISM distinguishes itself by also assessing their understanding of how their work supports their various organizations’ specific business goals.
Such knowledge can be critical for CISOs who must communicate ideas to leaders within the C-suite and at the board level. And the payoff is significant: According to ZipRecruiter data, the average annual pay of a CISM in the U.S., as of January 2020, is $134,220.
Earned by more than 42,000 professionals since its inception in 2002, a CISM certification requires five years of work experience, including a minimum of three years of information security management in several job practice analysis areas.
CISM is updated frequently to reflect the ever-changing job roles and responsibilities of security managers, and the fast-evolving threat landscape. Rigorous continuing education is necessary to maintain the certification.
Members can receive their training via ISACA’s Cybersecurity Nexus (CSX), which offers courses and real-world lab environments. ISACA has a presence in more than 188 countries, with over 220 chapters worldwide.
“I already had the technical skills in the cybersecurity space and could demonstrate that, but the CISM gave me the credibility to talk to the business about risk and policies,” said security professional Michelle Malcher, CISM. “The CISM provided me the step I needed to move to an architecture role.”
|(ISC)2||Certified Information Systems Security Professional (CISSP)|
|Cloud Security Alliance||Certificate of Cloud Certificate Knowledge (CCSK)|
|ISACA||Certified Information Security Manager (CISM)|
|ISACA||Certified in Risk and Information Systems Control (CRISC)|
|Offensive Security||Offensive Security Certified Professional (OSCP)|
Best Regulatory Compliance Solution
Privacy Management Software
An alphabet soup of privacy regulations proliferating across the country and the world are creating compliance headaches for enterprise security teams. But instead of adopting a steady diet of aspirin, companies in myriad industries, including 250 of the Global 2,000, have turned to OneTrust’s Privacy Management Software, a privacy, security and third-party risk technology platform designed to make compliance with the likes CCPA, GDPR, HIPAA, GLBA and ISO27001 a lot less painful.
OneTrust is finding an eager audience among companies keen on showcasing their commitment to privacy and transparency to consumers and boosting their market position. To keep up with the latest privacy laws and security updates, OneTrust has created an agile process that includes issuing a new major product release every three weeks.
The company’s 2019 acquisition of DataGuidance has enriched and deepened the OneTrust privacy and security regulatory research platform. The company has inspired what it says is the largest privacy community, with more than 10,000 active users. And it offers more than 250 free, one-day PrivacyConnect workshops globally, as well as two PrivacyTech annual global user conferences.
A 1,000-person-strong team dedicated to privacy technology, including 450 in R&D, keeps OneTrust au courant and ahead of the game. With more than 200 services and support team members providing 24/7 support, it’s clear why OneTrust has racked up a 95 percent customer satisfaction (CSAT) score.
“One of the advantages of OneTrust is the ability to streamline compliance globally where it's not just siloed to one department or one location,” said Renate Lang, legal counsel/Head Practice Group HR & Data Protection at Schindler, a Swiss provider of elevators, escalators and moving walkways. “My colleague in Germany can use it same as I can in Switzerland.”
|Cloud Conformity||Cloud Conformity|
|Immuta||Immuta Automated Data Governance Platform|
|Mimecast||Mimecast Cloud Archive|
|OneTrust||Privacy Management Software|
Best Risk/Policy Management Solution
The huge volume of data leaks caused by misconfigured databases this year is a sure indicator that many IT security teams are having a hard time managing the complex nature and scale of a modern infrastructure.
To help IT teams get a handle on this situation, SaltStack offers its advanced capabilities in infrastructure automation to the security and vulnerability management markets, in the form of its SaltStack SecOps IT security remediation solution.
SaltStack automates the work of fixing thousands of possible configuration issues, vulnerabilities and non-compliant infrastructure settings, instead of simply informing the organizations that there is a problem and then leaving their work in their hands.
Additionally, SecOps scans infrastructure environments; determines non-compliance with policies and standards such as CIS Benchmarks, DISA-STIGS, or NIST; and then automates remediation of any discovered vulnerabilities or misconfigurations. This level of automation includes a persistent connection between a master command-and-control server and minions or proxy agents on any managed infrastructure (e.g. public and private cloud, network infrastructure, any OS and containerized environments).
“SaltStack forms the basis of a comprehensive audit, remote execution, configuration management, patch, and baseline enforcement suite for the IBM Cloud network,” said Brian Armstrong, an IBM Cloud executive. “This has replaced several disparate legacy tools with a single command-and-control layer that allows us to automatically roll out new security policies and quickly react to any new security threats. Problem scoping, mitigation and audit is done in hours rather than weeks across our network."
The IBM Cloud team saves thousands of hours by automating SecOps, reducing vulnerability remediation time by 75 percent.
|Brinqa||Brinqa Cyber Risk Services|
|ProcessUnity||ProcessUnity Vendor Risk Management|
|Skybox Security||Skybox Security Suite|
Best SCADA Security Solution
CyberX IoT/ICS Cybersecurity Platform
The threat level against manufacturers, utilities and critical infrastructure operators has never been higher, meaning the need for ICS/SCADA security products like CyberX’s IoT/ICS Cybersecurity Platform is equally in demand.
Simply put, extending legacy cybersecurity technologies that were originally constructed for IT networks is not the best solution when it comes to protecting ICS/SCADA environments.
Since no two of the entities requiring this type of protection are the same, any product for use in these environments must be built from the ground up, and tuned for the specialized devices, protocols, vulnerabilities and machine-to-machine (M2M) behaviors found in ICS/SCADA environments. It also must incorporate a deep understanding of the world of ICS/SCADA, particularly when IoT devices are thrown into the mix. CyberX’s IoT/ICS Cybersecurity Platform fits the bill in both cases.
The platform addresses three key areas – asset discovery, passive risk and vulnerability management, and continuous threat monitoring – while using patented, M2M-aware behavioral anomaly detection and self-learning to immediately identify zero-day attacks and stop them.
A feature is speed, both during installation and while actively working. Within an hour of being installed, the software will begin to deliver insights without the need for additional configuration by the customer. It can quickly identify and mitigate malicious activity, enabling companies to avoid the high cost of targeted attacks and malware in industrial environments that could potentially result in plant shutdowns, theft of intellectual property or even catastrophic safety incidents.
Customers benefit from ease of deployment, as well as platform maturity and scalability that comes from deployments in 2,500-plus ICS/SCADA networks. Founded in 2013, CyberX bills itself as the longest-standing pure-play provider of ICS/SCADA security.
|BlackRidge Technology||BlackRidge TAC Identity Device (TAC-ID)|
|CyberX||CyberX IoT/ICS Cybersecurity Platform|
|Dragos, Inc.||Dragos Platform|
|Tenable||Tenable Industrial Cybersecurity Suite|
|Radiflow||iSID Industrial Threat Detection solution|
Best Security Company
By any account, it was a momentous year for CrowdStrike in 2019.
The company in June made its initial public offering on the NASDAQ stock exchange, raising $612 million in what has been described as the biggest IPO ever for a cybersecurity company.
CrowdStrike also held its ground and stood firm after being subjected to a false conspiracy theory and high-profile political attack that sought to discredit the company’s role in the investigation of the 2016 Democratic National Committee hacking attack.
But first and foremost, the primary reason SC Media has named CrowdStrike Best Security Company for 2020 is the company’s latest outstanding efforts at protecting the user community.
Such efforts begin with CrowdStrike Falcon, a next-generation, cloud-native platform that unifies anti-virus, endpoint detection and response, managed hunting, IT hygiene and threat intelligence – all delivered through a lightweight, single agent. The solution defends customer workloads across on-premise, virtualized and cloud-based environments running on a variety of endpoints, on or off network.
Additionally, CrowdStrike offers organizations access to OverWatch, an elite force of renowned threat hunters, intrusion analysts and first responders.
In February 2019, the company launched the CrowdStrike Store, a cloud-based application platform-as-a-service for cybersecurity, through which new start-ups or technology partners can develop their own applications to integrate into the Falcon platform for user organizations to discovery, try and purchase. And to stoke further innovation, CrowdStrike announced the Falcon Fund, which will act as a co-investor and strategic partner alongside lead investors looking for innovative start-ups whose products will be added to the CrowdStrike Store.
|VMware Carbon Black|
Best Security Team
Penn Medicine Information Security
The health care industry has been under siege for the last several years as malicious actors try to exploit the myriad, and often older, connected systems found in a medical facility. For that reason, Penn Medicine, also known as the University of Pennsylvania Health System, has found itself on the very front lines when it comes to being targeted by cyberattackers.
The environment protected by the Penn Medicine Information Security team is truly daunting. The 35-person-strong unit oversees the security of 50,000 employees spread across six hospitals and outpatient facilities. To handle this gargantuan task, Penn Medicine has more than tripled the number of cybersecurity personnel in the last two years, and during this time period has evolved its internal structure from one to five teams: Information Assurance, Security Engineering, Security Operations, Security Architecture and Office of the CISO (OCISO).
The high level of success achieved by Penn Medicine Information Security is due to the close relationship it maintains with corporate leaders and those on the medical side of the operation. This is accomplished by “taking security into the field” to work first-hand with the clinical and research communities, which helps bring them closer to the technology and policy decisions that help ensure data remains protected. This also helps create a culture where all staffers know that cybersecurity should be part of their daily conversation.
As any health worker knows, a body must remain strong in order to fight off an infection, so Penn Medicine Information Security has several programs in place to make sure its security workers are operating at their highest level. This includes certification training, bi-weekly training and the Penn Test Challenge, which uses gamification to improve diagnostic and mitigation skills.
|Penn Medicine SecurityTeam|
LogRhythm NextGen SIEM Platform
It’s easier to ask forgiveness than permission – or so the saying goes. That might be true in other walks of life, but not when it comes to cyberattacks where the damage to assets and reputation can be devastating. Staying a step ahead of attackers is getting harder by the day, but the kind of analytics that identify threats and the ability to mitigate them delivered by the LogRhythm NextGen SIEM Platform empower organizations to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats.
LogRhythm recently made available on the cloud the same data lake technology, AI, security analytics and security orchestration, automation, and response (SOAR) to power and unify forensic visibility, advanced threat detection, and incident response that have distinguished the NextGen SIEM Platform as an scalable end-to-end on-premises solution.
The platform lets organizations manage threats throughout the entire attack lifecycle via a single user interface and the RespondX component streamlines investigation and mitigation through SOAR capabilities, accelerating both threat investigation and incident response. Security teams will benefit from centralized forensic visibility into activity across the extended IT and operational environment that provides deep and immediate insight into threat activity.
LogRhythm’s singular focus on security has paid off with a platform that it is easy to adopt – as much as three times faster than with other solutions, the company says – and risk-based monitoring and prioritization that reduces alarm fatigue and helps focus analysts on the most impact security events through the use of environmental risk characteristics and threat context that assign risk-based scores to all events and alarms.
|LogRhythm||LogRhythm NextGen SIEM Platform|
|RSA||RSA NetWitness Platform|
|Securonix||Securonix Next-Gen SIEM|
Best SME Security Solution
Cyberattackers don’t take pity on the little guy. Underfunded, understaffed municipalities, local school districts and small businesses all fall victim to malicious attacks and, despite a victim’s diminutive size, the consequences can be enormous.
For over 40,000 small-to-medium enterprises, Untangle is the bodyguard that stands up to the big cyber bully. Its network security framework provides cloud-managed security and connectivity options that ensure protection, monitoring and control across the entire digital attack surface from headquarters to network edge. And its flagship product, NG Firewall, provides scalable unified threat management capabilities, with the ability to set policies for specific devices or people, but without the need to maintain additional hardware.
Untangle recently released NG Firewall v14.2, which introduced significant enhancements to web security and content filtering, the ability to synchronize users with Azure Active Directory, and enhancements to intrusion detection.
The solution continuously monitors emerging malware threats and zero-day exploits through Untangle’s cloud-based threat intelligence service. Known threats are blocked at the gateway, promptly short-circuiting the attack.
NG Firewall pricing starts at free. Customers can then choose the individual features they want, only paying for what they need. NG Firewall is sold as scalable software solution, and
Untangle’s technology applications and cloud-based solutions provide unique deployment options for customers, many with complex deployment levels based on budget and network infrastructure.
Untangle offers U.S.-based technical support that does not force customers to contend with time-wasting call-center menus. Such convenience likely helped contribute to an average 95.91% customer satisfaction rating over the last four years.
|Alert Logic||Alert Logic Professional|
|Arctic Wolf Networks||Arctic Wolf SOC-as-a-Service|
|Sophos||Intercept X Advanced|
Best Threat Detection
Ask any pilot: low visibility can lay ruin to the best laid flight plans. Same goes with cybersecurity strategies, where visibility is crucial to detecting and responding to threats.
Fidelis Elevate seeks to provide that visibility across the entire kill chain using multiple detection methods. The platform integrates network and cloud traffic analysis, endpoint detection and response, and deception technologies with open threat intelligence feeds, cloud-based sandboxing and advanced malware analysis as a means to automate threat detection, investigation and response.
Elevate taps content- and context-rich metadata for more than 300 attributes – it custom tags up to 360 days for network traffic analysis and 90 days for endpoint process and event metadata. Many of the threat detection, investigation and response process steps are automated, reducing response times and minimizing business impacts.
The platform automatically validates across layers, consolidating similar alerts, which offers busy analysts a streamlined workflow and focuses them on the most important detections. The heavy integration between products in the Fidelis platform creates force multipliers such as information sharing, and software inventory and known vulnerabilities from endpoints shared with network and deception solutions. An open threat intelligence feed supporting network and endpoint solutions includes internal threat intelligence and custom indicators and rules that are developed by users.
Fidelis touts a lower TCO than other market offerings thanks to the integration of EDR, network traffic analysis and deception.
|Armis||Armis Agentless Device Security Platform|
|Bitdefender||Bitdefender GravityZone Ultra|
|Fidelis Cybersecurity||Fidelis Elevate|
|Fortinet||FortiSandbox and FortiDeceptor|
Best Threat Intelligence Technology
Some organizations collect endpoint data to track down threats only when some kind of anomalous behavior is detected. The problem is, the best cyberattackers know how to conceal their malicious activity to make it look like everything is perfectly normal.
For that reason, Carbon Black has programmed its CB Threat Hunter solution to collect all endpoint data – completely unfiltered – and analyze it to proactively seek out and uncover suspicious behavior, disrupt active attacks and address gaps in defenses before bad actors can.
Unfiltered data, collected by Carbon Black’s cloud-native endpoint protection platform, provides users with the most complete picture of an attack at all times. Meanwhile, the solution provider’s advanced artificial intelligence/machine-learning technology helps teams parse data more efficiently, reducing lengthy investigations from days to minutes.
According to Carbon Black, the massive amounts of data that CB Threat Hunter collects would be overwhelming for organizations using more conventional solutions, because the volume of information collected would consume too much time and money for security teams to store and analyze.
But Carbon Black created proprietary data-shaping technology that overcomes the data pipeline challenge and delivers high-volume endpoint data to the cloud. To realize the potential of this unfiltered data set, the company leverages streaming analytics to evaluate behaviors over time. Its real-time analysis is based on event stream processing, the same technology that has transformed many other industries like credit card fraud detection.
CB ThreatHunter provides the power to respond to threats and remediate them in real-time, stopping active attacks and repairing damage quickly, all from a cloud-based platform using a single agent, console and dataset.
|VMware Carbon Black||CB ThreatHunter|
|LookingGlass Cyber Solutions||LookingGlass scoutPRIME®|
|IntSights||External Threat Protection Suite|
Best UTM Security Solution
More than just a sentry standing between an organization’s most valuable assets and the threats that lie beyond, the SonicWall NSa 2650 provides high-speed threat prevention over thousands of encrypted and unencrypted connections, delivering high security effectiveness to mid-sized networks, branch offices and distributed enterprises. All without diminishing network performance.
Marrying two advanced security technologies – a multi-engine Capture Advanced Threat Protection sandbox service enhanced by Real-Time Deep Memory Inspection (RTDMI) technology and the company’s ReassemblyFree Deep Packet Inspection – the NSa 2650 proactively blocks mass-market, zero-day threats and unknown malware and examines every byte of every packet.
It only takes a single appliance to automatically update malware and IPS signatures daily, connect to cloud-based sandboxing to spot and stop unknown attacks, decrypt and inspect TLS/SSL traffic over thousands of encrypted and unencrypted connections, eliminate attacks without slowing performance, and provide users with a unified deployment experience through seamless integration of 802.11ac Wave 2 wireless connectivity.
Drawing from real-time information from the SonicWall Capture Labs threat research team as well as industry collaboration and threat research communities that gather and share around 140,000 attack and vulnerability samples daily, SonicWall automatically deploys countermeasures to the NSa 2650.
Central management through the SonicWall Global Management System (GMS) on-premises solution or the cloud-based Capture Security Center (CSC) reduces total cost of ownership and helps relieve the burden on IT.
|Ericom Software||Ericom Shield|
|WatchGuard Technologies||Firebox M270|
Best Vulnerability Management Solution
Global IT Asset Inventory
Qualys lives by the motto “You cannot secure what you can’t see.” With that in mind, the infosec and compliance solutions provider is offering user organizations the gift of sight – with its free(mium) Global IT Asset Inventory (ITAI) solution.
ITAI provides complete and continuous asset inventory in complex hybrid environments, allowing users to instantly know what assets connect to their network, and assess their security and compliance posture in real time. Such visibility allows organizations to find unknown assets before an attacker does and takes advantage.
The solution offers automated classification for clean, reliable data; the ability to search and identify known and unknown assets in seconds; and integrated IT, security and compliance data.
Combining all these capabilities into one solution represents a significant improvement over having to manually clean up and correlate the asset data of multiple disparate point products – a complicated and time-consuming process.
In the process of scrubbing a company’s data, ITAI makes it uniform, eliminating variations in product and vendor names – for instance, “Microsoft,” “Microsoft Corp.,” and “Microsoft Corporation” – that clutter asset inventories and render them ineffective.
ITAI allows an organization’s security team to expend less manual effort on constantly checking the networks for threats, because the app is already doing it. And the freemium model allows companies to allocate their resources toward other security products that are necessary to maintain the best security posture and stay compliant with federal regulations and standards such as PCI DSS, HIPAA, GDPR and FedRAMP.
|Checkmarx||Software Security Platform|
|Qualys||Global IT Asset Inventory|
Best Web Application
Cequence Application Security Platform
The open, highly scalable Cequence Application Security Platform protects web, mobile and API applications from external attacks using a powerful pair of app security modules, with the promise of more in the works.
Easily managed through a single pane of glass, Cequence’s ASP can be deployed on premises or in the cloud, across any number of locations.
The CQ appFirewall module combines advanced WAF security capabilities, supporting OWASP requirements, and detecting and defending against known and unknown vulnerability exploits by bad actors.
Meanwhile, the CQ botDefense module protects against automated bot attacks, including those designed for account takeover, fake account creation, API abuse, content scraping and financial fraud.
The modules work seamlessly with Cequence ASP’s CQAI AI-powered engine, which performs a single-pass, multi-dimensional analysis to detect attacks, then automated mitigation to stop them in their tracks, before they achieve their objectives.
Enterprises large and small benefit from an open architecture that provides seamless integration and information exchange with other security tools in the network and gives security teams a more complete view of attack and response information. Security teams also gain visibility into apps that need protecting through automatic discovery of all web, mobile and API-based applications an organization has deployed.
Its ability to detect and eliminate unwanted app traffic can translate into higher staff productivity, better app performance and measurable cost savings. One Fortune 500 customer, Cequence says, saved $1.7 million in 60 days because ASP eliminated the need for unnecessary infrastructure oversizing and resolved compromised accounts from bot attacks.
|Cequence Security||Cequence Application Security Platform|
|WhiteHat Security||WhiteHat Application Security Platform|
|White Ops||White Ops Bot Mitigation Platform|
CSO of the Year
CISO, Hospital for Special Surgery
As the first CISO of the Hospital for Special Surgery (HSS) in New York, Vikrant Arora aims to attack cyber risk with surgical precision.
He maintains a strong focus on supporting digital innovation, raising organizational confidence in security, hiring quality talent, and laying the foundation for a multi-year security program that aligns with HHS’ mission.
Edward Marx, CIO of the Cleveland Clinic, said Arora “has been first amongst peers to leverage machine learning and DevSecOps, while simultaneously developing solutions that addressed gaps in otherwise lax security standards.”
For instance, Arora implemented deep learning and behavioral-based authentication for privileged access, and also incorporated machine-learning-based malware detection on more than 6,000 endpoints. HHS assesses that Arora’s efforts have reduced the risk of unauthorized exposure of electronically protected health information by more than 80 percent in the public cloud and on-premises infrastructure.
A long-time advocate of addressing the security of connected medical devices, Arora envisions an ecosystem of security solutions fueled by data. He has implemented solutions that provide real-time visibility into all connected biomedical devices, enabling HSS to promptly identify ones that may be vulnerable to key threats and exploits.
Arora has also put in place a robust risk management framework at HSS, integrating security into business decisions, application development and the supply chain right from inception. Under Arora’s watch, HHS also implemented the DMARC email authentication protocol to prevent malicious actors from spoofing HSS’ email domain as a means to trick external users.
Additionally, Arora is collaborating with law enforcement, security vendors and other healthcare organizations on an Early Warning System that could potentially allow the health care industry to stay ahead of the curve in a volatile threat landscape.
|Vikrant Arora, CISO||Hospital for Special Surgery|
|Derrick A. Butts, Chief Information & Cybersecurity Officer||Truth Initiative|
|Dan Costantino, CISO||Penn Medicine|
|Janice Lim, DEO & CISO||Los Angeles County Metropolitan Transportation Authority (Metro)|
|John Masserini, CISO||Millicom|
Rookie Security Company of the Year
London-based cybersecurity start-up Barac says it can detect malware hidden within encrypted traffic with 99.997% accuracy. Even more impressively, it does so without resorting to decryption.
Here’s how: Every malware attack has its own SSL metadata signature between the user and the server. Capable of analyzing more than 100 million events per second, Barac’s Encrypted Traffic Visibility (ETV) platform picks up on these signatures and identifies these abnormalities with high accuracy by analyzing this metadata in real time using AI and behavioral analytics.
Conversely, more typical detection solutions inspect encrypted traffic by decrypting the data into cleartext, blocking any discovered malicious code, and then re-encrypting what remains. But according to Barac, this process can place significant computing stress on one’s network.
Barac customers, however, sidestep this problem, thus avoiding traffic slowdowns, user experience degradation and costly hardware investments. Additionally, user organizations need not worry that they are violating privacy regulations by decrypting communications.
The ETV platform is an especially important tool for companies, given the advent of the new Transport Layer Security 1.3 protocol, which doesn’t allow decryption. The solution is also useful for data centers, where the vast majority of traffic is already encrypted; IoT, where encryption renders normal security tools useless; and encrypted traffic between APIs and back-end applications.
Barac can deploy its software on a physical or virtual server, or can make it available as a software-as-a-service solution. Deployment is made easier through integrations via API with various SIEM platforms.
Barac operates R&D teams in London and Tunisia, and recently opened a U.S. office in Boston. In late 2018, the UK GCHQ’s National Cyber Security Centre selected Barac for its prestigious Cyber Accelerator program.
|Cloud Conformity (Note - Acq'd by Trend Micro in Oct.)|
Editor’s Choice AWARD
Global Cyber Alliance
When it comes to basic, yet fundamental, cybersecurity tools that can make the difference between a costly hack and business-as-usual, no organization should be relegated to “have-not” status. That’s why the Global Cyber Alliance, an international, multisector community of partners seeking to combat cyber risk, worked hard this past year to put free security toolkits in the hands of user organizations in need.
These toolkits can reduce cyber risk by as much as 85 percent, asserts the GCA, which was founded in 2015 by the City of London Police, the New York District Attorney’s Office and the Center for Internet Security.
Buoyed by a $1.068 million donation, the GCA in April 2019 launched the Craig Newmark Trustworthy Internet and Democracy Program to provide toolkits to news outlets, government functionaries, election officers and community organizations, in an effort to improve cybersecurity defenses as the 2020 U.S. election approaches.
The toolkits consist of easy-to-use operational tools, guidance and recommendations, helping ensure election integrity while protecting the media from attacks that could expose anonymous sources or manipulate public opinion. With the help of an additional $750,000 donation, the organization launched a second wave of the campaign in December 2019.
The election toolkit program is an offshoot of the Cybersecurity Toolkit for Small Business, which GCA launched last February in conjunction with Mastercard as a way to help SMBs –which often suffer from a lack of cyber resources – protect themselves, their customers and their partners.
“Our focus is on producing a dynamic clearinghouse of operational tools that help small and medium businesses address risk and improve their cybersecurity posture…” said Philip Reitinger, GCA president and CEO, when the program was first launched.
GCA reports that the small business toolkit has already been accessed more than 66,700 times, while the elections toolkit has been accessed more than 1,900 times.
The organization has also been pushing for more trustworthy Internet of Things devices, more secure emails via Domain-based Message Authentication & Conformance (DMARC), and safer Internet browsing through Domain Name System protections.
Last August, the group collaborated with partners to launch the Automated IoT Defense Ecosystem (AIDE), a development platform offering data collection, analysis and automated defense capabilities as a means to help users identify vulnerabilities and mitigate risks in IoT devices.
AIDE pools data from its own 1,200-node honeyfarm, as well as from other external organizations’ data feeds. The platform records an average 9.5 million attacks per day and, since inception, has collected more than 12 terabytes of attack data on IoT devices.
The platform also comes bundled with GCA ProxyPot, a custom IoT honeypot solution that can replicate an IoT device across multiple IP addresses and physical locations to help sniff out compromise attepmts. GCA intends to eventually open source this technology.
In a related effort, GCA has also entered into collaboration with Attivo Networks to build a SCADA honeyfarm to collect threat intelligence on attacks targeting industrial control systems.
Additionally, GCA has developed tools and services and advocated for policy changes that have enabled more than 7,300 companies and government agencies to deploy DMARC as a means to prevent e-mail spoofing and phishing.
According to the GCA, the Department of Homeland Security credited the Alliance with influencing its decision to issue a binding directive requiring U.S. government agency email domains to use DMARC. Later, the Department of Defense would follow suit.
In September, GCA completed its first DMARC Bootcamp, a tutorial experience designed to acquaint user organizations with the protocol and guide them through implementation. It was attended by more than 1,800 registrants from 55 countries and 40 industries.
Later, in November, the GCA released its DMARC Leaderboard, an interactive tool through which users can measure and quantify DMARC deployment. The Leaderboard can rank DMARC usage by country, industry and DMARC policy level, providing intelligence on tens of millions of email domains.
Additionally, in collaboration with IBM and Packet Clearing House, the GCA spearheaded the creation of Quad9, a free domain name protection service designed to stop consumers from accessing websites known to be infected with malware or associated with phishing campaigns. Launched in November 2017, Quad9 resolves billions of queries and blocks at least 10 million malicious events per day.