Critical Infrastructure Security

Industry Innovators: Hall of Fame


The Hall of Fame is reserved for our best of the best. That is not a simple or knee-jerk kind of decision, either. There are lots of organizations that have cool products – and, in fact, there are publications that address the “cool product” issue quite well. We, on the other hand, are concerned that, no matter how cool the product is, the company will be around in one form or another for quite a while.

Our readers look to us for advice on where the next move should be. Subscribers have told us repeatedly how important these reviews are to them and that charges us with a pretty serious responsibility. If we are going to put a product or company in the Hall of Fame, that product or company needs to belong there on several levels.

First, given that this is the Innovator Hall of Fame, the recipient needs to be a demonstrated innovator. That is not a one-year proposition. That means sustained performance. Second, the company needs to show depth. That means that not just the product or service is innovative, the organization itself must demonstrate an innovative approach to its business and the market. Third, the winners need to be responsive to real challenges, and those challenges need to be important over time to an identifiable segment of the market.

Finally, our Hall of Famers need to demonstrate in other ways – such as winning Best Buy, Recommended and other SC designations – that they have reached the level of excellence that belongs in the Hall of Fame and have sustained that level of excellence over time.

All of that said, we were quite pleased with this year's inductees. We have watched them all for some years and they are all strong performers, creative and innovative businesses and have solid products that creatively address serious problems. All four of this year's Hall of Famers are in crowded markets and they don't necessarily own their market segments. But what they do have is a loyal following, good year-on-year growth and the right stuff for their respective niches. They are, of course, poster companies for innovation. We heartily welcome them to the SC Magazine Innovator Hall of Fame.


It is a real pleasure to induct AccessData into our Hall of Fame this year. We have been using AccessData products for years and they just seem to get better and better. AccessData was well-known early in the history of digital forensics for its Password Recovery Toolkit (PRTK). Then came their flagship product, Forensic Tool Kit (FTK), and the company has never looked back. Over its history, AccessData has traditionally been in the top two computer forensic tools. Whether in first or second place depends on who one asks. In the world of digital forensics, religious wars erupt with great frequency. Most serious labs, however, have a copy of FTK, regardless of what else they are using.

This Innovator has a strong suite of forensic tools that span much of the digital forensic continuum. FTK and its network equivalent, AD Lab, take care of the computer forensic duties. A couple of first-rate add-ons are available for these tools. The Cerberus Expansion Module enables malware analysis down to the bit level. The Visualization Expansion Module changes the way one sees the relationships between documents or email messages. For mobile devices, MPE+ (Mobile Phone Examiner) is a strong entry and is available either for the desktop or on its own tablet for portability. This tool covers around 3,500 mobile devices and outputs an image compatible with the rest of FTK allowing it to be included in a case. On the network side, there is Silent Runner, a strong network forensic tool.

The overall effect of these tools is a complete suite for computer and network-centered digital forensics. It really covers a lot of territory. For example, using Cerberus, one can develop Indicators of Compromise by analyzing an infected computer.

Not content with reactive analysis of digital systems, this Innovator has entered the incident management fray with CIRT (Cyber Intelligence and Response Technology), which combines all of the tools in the AD suite in such a way as to offer a proactive look at what traditionally has been reactive analysis. By applying the concept of “no prior knowledge,” or blind analysis, forensic analysts can go hunting for artifacts that help tell the forensic story.

Where will this aggressive Innovator go next? It's hard to say, but one thing is certain: The digital forensic community will be better for it.


Vendor: AccessData Group

Flagship product: Forensic Toolkit (FTK), Cerberus, Visualization, Mobile Phone Examiner Plus (MPE+) and Cyber Intelligence & Response Technology (CIRT)

Cost: Various, depending on the product.

Innovation: Bringing multiple aspects of digital forensics under a single pane of glass and in a single case.

Greatest strength: Probably the best thinkers in the digital forensics world.

Mobile Active Defense

It's hard to secure mobile devices. There are a large number of possible vendor-specific configurations, even within the same operating environment, and apps are relatively uncontrolled. When BlackBerry introduced the BlackBerry Enterprise Server the company took a formative step towards forcing compliance with an organization's security policy, but there were weaknesses even there that became obvious as the trend toward BYOD took hold.

Mobile device users want to be able to use their devices the way that they wish, even if the device needs to communicate securely with the organization. On the BlackBerry server there are some limitations that impact that and, of course, the biggest limitation is that it works only with BlackBerries. So, if one has an Android or an iOS device, one needs another solution. Mobile Active Defense, or M.A.D., has the answer.

Conceptually, it's simple. Force the mobile device to communicate through a dedicated server. That is exactly what this Innovator's MECS Server does. When one connects to the internet via Wi-Fi using M.A.D. MECS, one actually connects to the MECS Server. This manages activities from that point on and allows security administrators to control the actions of mobile users through policy enforcement. And it does this in such a way that users can have the best of both worlds: The freedom to use their devices for personal activities and the security to use the same devices for organizational business.

M.A.D. has been a mainstay in these pages since it first introduced the MECS Server, and always impressed us with its innovation, forward thinking and the way it views the mobile market. However, a major differentiator is that the driving force behind M.A.D. is security. All of the key people came from a security background. Security is, as one visionary in the company told me, in their DNA. The company is relatively young, bringing its product to market in 2010, but it has made a significant impact.

Further, MECS is strong on compliance reporting. It controls email, browsing, jailbreak remediation and many other capabilities that one would expect in a strong security policy. Because everything passes through the MECS Server, everything is auditable. And, with FIPS 140-2 compliant containers, personal and organizational email can be safely separated.


Vendor: Mobile Active Defense (M.A.D.)

Flagship product: Mobile Enterprise Compliance Security (MECS) Server

Cost: Starts at $25 per device.

Innovation: Treats mobile devices the same as other computers within the enterprise.

Greatest strength: Understanding of the mobile device market and the technologies that form it.


NIKSUN is one of those companies that has stepped into an established market and, through forward thinking, carved a niche that they still control. When NIKSUN began to develop its platform, some thought that it was just another SIEM. But it's not a SIEM, it is a network forensic appliance and is evolving into a whole lot more. The big distinction is that it does its own data captures. Using an approach more like an IDS than a SIEM, NIKSUN's core Alpine platform collects data on the network and analyzes it in lots of different ways.

Whether one is using the tool for network forensics or as an alerting system, it takes a forensic-based approach. That means that it collects every packet it sees, analyzes it and saves it for future analysis. Such capabilities, as playing a violation of policy back after the fact, has been around since NIKSUN's earliest products. When it was introduced, it was one of those forward-looking capabilities that now are routine for this New Jersey-based innovator.

We have tested the NIKSUN NetDetector – the core of the NetOmni enterprise suite – and used it in live applications. It provides the ability to see events at a distance and then to drill down to the packet level for more detailed analysis. As a network security analytic tool taking a forensic approach, it is without peer. Its ability to function at network speeds enhances its value, and its forensic approach puts it over the top.

The NetOmni Suite is a one-stop access point for all of the Niksun devices on the enterprise. It allows correlation across those devices, custom reporting, performance monitoring and configuration management – all from a centralized location on the network.

NIKSUN credits its people with making it an Innovator. Having met many of them, we couldn't agree more. The team that develops and brings NIKSUN tools to market is a dedicated group, driven by the pursuit of excellence and encouraged to develop new ideas. The NIKSUN tools are built on the company's Alpine codebase. This gives consistency and maturity to the products and allows the creative development of new solutions to new challenges. The combination of the people and the technology has proven to be a real winner for this Innovator.


Vendor: NIKSUN

Flagship product: NIKSUN NetOmni Full-Suite

Cost: $45,000.

Innovation: As the Niksun motto says, the ability to “know the unknown.”

Greatest strength: Its people and culture of innovation and forward thinking.


SAINT as a penetration testing tool has a long history. Born in the open source community in 1995, this was based on the SATAN tool written by Dan Farmer and Wietse Venema. In 1998, the SAINT Corp. was born – initially as World Wide Digital Security changing to SAINT Corp. in 2002 – and it has since become a staple vulnerability and penetration testing tool. SAINT was the first company to integrate pen testing and vulnerability assessment in a single tool, and the company has not stopped innovating ever since.

This Innovator is characterized by a deep commitment to its customers and to supporting them. Testimony to this comes in the form of very low customer turnover and a support satisfaction level – based on surveys – in the high 90 percent range. SAINT's products traditionally have been priced reasonably.

We have been testing SAINT for several years and have observed it improving consistently. The biggest improvements we have seen are in areas of versatility and ease of use. In these areas it is clear that the company listens to its customers and bases its innovations largely on their feedback.

SAINT updates its products regularly and new versions of SAINT Enterprise Edition will contain such things as customizable dashboards and scan/penetration testing data stored in a relational database. However, because the SAINT products are based on a consistent scan/pen test engine, innovation in new functionality is enabled. This consistency leaves SAINT developers free to think about new ways to address customer challenges. An example is WebSAINT, a vulnerability scanner for external targets provided as a cloud-based SaaS option. WebSAINT Pro adds pen testing capability, as well as web application scanning.

One of the important challenges for any vulnerability scanner is managing large networks. SAINT addressed that problem by developing a distributed scanning/pen testing architecture with centralized management using SAINTmanager. SAINT is a certified PCI scan vendor and its SAINT writer reporting tool enables clear PCI compliant reports. In addition to that, however, the reporting tool – part of all SAINT products – supports multiple compliance reporting formats, as well as trend analysis and custom reports.


Vendor: SAINT

Flagship product: SAINT Enterprise Edition

Cost: Starting at $18,995 for 2,000 unique targets.

Innovation: Integrating vulnerability assessment and penetration testing.

Greatest strength: Customer focus and technical support.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.