Innovators 2010: The top security companies

In this special year-end section, we call out companies that are leading the fray with their mission, product development and more, says Peter Stephenson, technology editor.

It is innovators time again. We take time at the end of every year to explore those companies that are setting the benchmarks within their respective product areas. These companies are innovators, not just in their technologies, but in their business practices and how they go to market. Some of our innovators are small and some not so small. Some are with us still and some have been acquired. A very small few have failed to make it through the gauntlet of the past few, very difficult years due to lack of financing, unexpected competition or any of a host of other spoilers. We miss them.

We have a fine crop of innovators this year, including a new and important category: Innovators Hall of Fame. These are the companies that have demonstrated both a long-term commitment to innovative excellence and actually have delivered on that commitment. Another category that is evolving is virtualization. There are not a lot of security products that are made exclusively for the virtualized world, but they are not far off.

What does it take to be in this annual issue as an innovator? I discuss some of that in my opening column as those characterizations frame a Hall of Fame innovator. That, of course, is the long-term story, but on a year-to-year basis, we have a few things that point us to companies we'd like to include in this year's issue.
First, we like to see that the company takes the business of security as seriously as the technology of security. Today we have – conceptually, at least – solved the single point-of-failure and defense-in-depth challenges that come with consolidation. One of our innovators spoke of “data center consolidation.” In other words, let one box do the work of many. This, of course, is part of the rationale behind virtualization.

Including a company in an innovators issue naturally requires innovation.

Innovation often is seen as some sort of leading-edge technology, but in my view that's not all that is necessary. When times are tough, getting to the market is tougher. Most of our innovators said that they looked for niches that were not affected by the economic downturn. And there were some. Many of the companies that you will read about in these pages matched those sectors that still were active with their products, shifted their marketing emphasis a bit to take advantage of new opportunities, and not only weathered the storm, but profited from it.
Virtually all of our innovators told me that they had neither pulled in their horns nor sought suitors – although some previous years' entries were, in fact, acquired. Rather, they expanded their efforts and, as a result, grew well. One company, which last year impressed us with their attitude toward off-shoring, has continued its practice of keeping all of its development in the United States. Too expensive? Hardly. This company thrived and grew well through the recession.

Innovative technology is not just a new set of cool whiz-bangs. The notion of consolidation of the data center has resulted in the convergence of several types of products offering point solutions to individual problems into broader-based products that address several types of problems in one product. I have been following convergences for years. Convergence can be a very good thing. Two years ago, we began to see innovative companies planning for convergence by developing a combination of broad platforms into which special-purpose modules could snap – resulting in a multipurpose security application that could address several security challenges.

Finally, we looked for a positive pro-customer attitude. Today I returned a rental car and commented to the woman at the desk that I had kept the same rental car company for years, even though I have switched airlines and hotel chains frequently. I told her that it was largely because of the superb customer service – especially at her branch – that I never considered other companies. She told me that was what she and her colleagues were there for: to serve the customer. While that attitude is far too rare these days, it is alive and well with our innovators. Perhaps that is their greatest innovation of all.


Access control is a changing field even though its core premise has not changed. Controlling who can access what – and what they can do with it when they get access – is a sort of Holy Grail for security professionals. It really seems pretty straightforward on the surface. Just identify users, figure out what the user can do, what the user can access, and the level at which the user can access an asset, and that should be it.

Well, not quite. Of course it used to be that way, but now the finger has to point in both directions. First, all of those things that legacy access control systems do are still there. No way around it…you need to determine if a user can enter the system, access the asset and use the asset at the proper privilege level. Nothing new about that.

But the next thing we need to worry about is what did that user actually do? Was it consistent with our intentions as stated in policy? And what is the user? Is it a person, a process or, perhaps something a bit more nefarious? What dictates the rights the user has? Are they dictated by network security? Application security? Answers are becoming a bit fuzzier as networks and applications become more complex.

New challenges demand new solutions and this year we have an interesting innovator – so new I cannot find a universal definition for it – user activity management.

Not only do we have an innovator with a completely new take on access control, we have a renewing of the emphasis on management. At the end of the day, it really is no longer access control…it is access management. Our innovator in this space reminds us of the importance of that. Complicated problems often require complicated solutions, but while we don't wish to minimize the accomplishments of this fine company, the other name of the game – besides an effective technology – is a usable technology. That is one of the themes of this year's access control innovator.

On with our first category.

UAM: PacketMotion PacketSentry

There are a lot of products that can capture user transactions at some level of detail. That level of detail varies with the type of technology that the product employs. It takes an innovator to capture that data at the deepest level, do it without a performance hit and make the data available for analysis in a meaningful way. That is exactly what PacketMotion, our innovator in this group, does – and they do it well.

Getting to this point, though, is not a trivial undertaking. It takes some creativity and a commitment to innovation organization-wide. When I asked the visionary at PacketMotion what makes them an innovator, he was specific – specific in the way that lets you know that this question is top of mind for the company. He told me that their customers need to shine a spotlight on activities in the enterprise at a granular level. They need fraud detection and data protection. That means that the solution to the problem requires very deep packet inspection. The way he said it was matter-of-fact. Sort of like this is the everyday mission of PacketMotion. Turns out, it is.

Deep packet inspection is a buzzword that, if you look carefully at its various instantiations, means different things to different people. To PacketMotion, it means seeing everything in the packet at all seven layers. It means that it has to work at server farm speeds. Our visionary told me that anyone can inspect packets at internet-line speeds. It is far tougher to do it at gigabit speeds. Then you need to add user association to make the data meaningful and you're almost there.

But, like most of our innovators, the major innovation is not just the technology. It is getting the technology to the users and getting the users the technology they need and want. Finally, it is making that technology both useful and usable, a theme echoed by many of this year's innovators.

The next big challenge? PacketMotion is looking at how to fit its technology into the cloud and the world of virtualization. We're betting they'll do that too. After all, it is in their culture to embrace the hard problems as long as that's what their customers tell them they want.


Flagship product: PacketSentry

Vendor: PacketMotion

Cost: $50,000.

Innovation: User activity management, an approach to capturing user transactions across the enterprise in deep detail.

Greatest strength: Intersection of capability, architecture and company culture.



This always is one of our favorite categories. For some of us, this is where the security action really is. Of course, it may be that we spend our days in a lab testing things, but for whatever reason, analysis and testing always gives us the comfortable feeling that things either are or are not right with our security world. This year's products are no exception.

There is nothing, on the surface anyway, particularly radical about this year's selections. The innovations are sometimes subtle, but always important and, if you know what you're looking for, impressive. These companies are true innovators and sometimes that means pushing the envelope quietly and effectively. We think that all five of this year's choices deserve to have their horns tooted a bit, so we have dug into vulnerability analysis, penetration testing, threat analysis, SIEM and forensic tools to do just that.

All of our entries in these categories are new to the innovators issue, but they are no strangers to SC Magazine's pages. They all have had their products reviewed and some have been First Looks. In whatever mode they appeared in these pages, they always have done well. So, we explored the companies that developed these products and found the true mixture of innovative characteristics that we look for each year.

One of the more controversial differentiations we made this year was between vulnerability analysis and penetration testing. Some conventional wisdom claims that these two disciplines really need to be together in the same product and, to be sure, they often are. However, when you peruse our two entries you'll find that each one brings something special to the mix of security testing.

It was gratifying to see one of the venerable forensic tool companies show up this year. As you will read, they have remade themselves and developed some interesting approaches to digital forensics. And, it is not unusual to see a company that focuses on mid-market customers here, but we have one of the best this year. Their story is fascinating and we really would need more space to do it justice. Finally, we look at a new entry – new to our innovators, anyway – in the SIEM category, but their right to be here should be, as you will see, undisputed.

So, on with the show!

Vulnerability assessment: netVigilance

The vulnerability assessment space is pretty packed with players ranging from commercial products to open source tools. What does it take to be a key player in such a crowded market? The visionary we spoke with at netVigilance didn't miss a beat when we asked that question. Quite simply, the answer is to do something different: Go beyond compliance, focus on customer needs and use a creative mix of selling models.

Focus on the customer is a pervasive theme among virtually all of the companies we selected this year, as it was the last two years. While many companies talk about customer service, these innovators really practice it and netVigilance is no exception.

As an innovator, the company sits at the intersection of understanding and products. Understanding comes from that close interaction with the customer, and that spawns the correct mix of products. Such techniques as closed loop remediation and automated vulnerability assessment have placed netVigilance square in the center of customer activity. But this innovator also is close to NIST and has provided the government-standards organization with over 400 vulnerability updates.

An important part of the netVigilance formula is diversity in the way it sells its products. Because the company sells its products in multiple forms – appliance, software, cloud edition, SMB and enterprise – there is a form factor for just about any type of customer. Additionally, if a netVigilance value-added reseller (VAR) wants to offer cloud-based services, there is an approach for that as well. Fundamentally, this innovator is in the position never to have to say “no” to a customer based solely on delivery method.

Scalability, our visionary told us, addresses more than just the number of devices that can be scanned or the number of vulnerabilities that can be detected. There has to be a convergence of vulnerability detection, remediation and compliance reporting. You could buy a couple of tools to do this, but it is a lot less expensive and easier to manage if you only need to buy one. And that simple premise, along with addressing customer needs in unique and creative ways, is what makes netVigilance our vulnerability assessment innovator this year.


Flagship product: Service Provider Edition v1.9

Vendor: netVigilance

Cost: starts at $29,995.

Innovation: Creative approach to applying vulnerability assessment – both to compliance requirements and true vulnerability management.

Greatest strength: Involvement with customer needs and such organizations as NIST, bringing real value to their marketplace.

Penetration Testing: SAINT

It certainly was good to see this venerable pen testing company on our list this year. SAINT was born out of the old open source tool SATAN and it never looked so good. There are some giants in the penetration testing marketplace, and some – fewer now with the acquisition of Metasploit – are open source. For those, the price certainly is right. But SAINT is not far off with its creative pricing schemes.

When you want to take on giants and no-cost spoilers, you need some pretty innovative business and marketing practices. Having been around – and growing – since 1998, it is pretty clear that SAINT has this part down to a science. Marketing, according to the visionary to whom we spoke, comes down to creative pricing, finding areas of real need that can comprise market niches, and then making the connection between vulnerabilities and exploits.

That certainly sounds simple enough, but there actually is a lot more to it than meets the eye. First, one must find what the marketers call the “pain points.” It turns out that there are two important pockets: government agencies with their specialized regulatory requirements, and PCI testing. In fact, for SAINT, PCI has provided the biggest growth area followed closely by government sales.

The idea of bringing vulnerabilities and exploits together signals the convergence of vulnerability and penetration testing. And that, from a technical perspective, is exactly what SAINT has done. Additionally, this innovator focuses on heterogeneous targets and agentless technology. And the exploit is not all there is, as most experienced security professionals know. There are activities that take place pre- and post-exploitation. SAINT handles those as well.

Today, SAINT runs on Linux, but it turns out, the Apple Mac is becoming a favorite of security pros. Does that signal a Mac version in SAINT's future? This is not a pre-announcement, of course, but that certainly would be a logical assumption. That's just part of the creative way the SAINT folks view the market: Provide a product that is simple to use for the novice and powerful enough for the seasoned pen tester. Price that product right, hit the right market niches and help the user make real decisions, not just list vulnerable machines. That's the SAINT secret. Sure seems simple to us.


Flagship product: SAINTexploit (this is just a module on a very complete suite of tools)

Vendor: SAINT Corp.

Cost: Starts at $8,500 per year for 256 IPs.

Innovation: Effective integration of vulnerability assessment and penetration testing

Greatest strength: Durability. SAINT has been delivering products that meet customer needs longer than any still-existing, active company in the same market space.

Threat Analysis: TriGeo

This scrappy, brassy company breaks a lot of rules and conventional wisdom and it is working for them wonderfully. And this is no flash-in-the-pan either. Going on its 10th year in the threat analysis market, TriGeo is like that bunny – it just keeps on going and going and its customers love it, rule breaker or not.

The first rule this innovator broke was going after the mid-market. At a time when most of its competitors were duking it out for those big Fortune 500 companies, TriGeo went after the little guy. That's a dangerous approach because you have to price accordingly and that does not leave a lot of margin for direct sales.

So TriGeo broke its next rule: it sells using telesales. Does it work? Yep. Coupled with regular – weekly – webinars that are not just sales pitches, this approach has built the company's market, while intense customer loyalty has built its following to a level where TriGeo's future is all but assured.

The next rule violation was in the customer support group. The company does not hire support engineers as a rule. It hires system administrators and teaches them tech support. That generates an affinity between the support engineer and the frustrated caller, usually also a system admin. Add a full suite of included support services, fixed prices, fast implementation and plug-and-play simplicity of implementation and you have a product philosophy made to order for smaller customers without a lot of resources.

Where did the technology for all of this innovation come from? The visionary with whom we spoke said that she had reinvented the product over the past 18 months. But she didn't do it alone. Along with her team she showed us yet another instance of close customer relationships. TriGeo formed customer advisory groups – there are more than one since there were way too many applicants – and then did the amazing: They listened and then acted on customer recommendations. They have been listening and acting ever since.

Provide products at the cutting – but not bleeding – edge, price it right, give great customer service, listen to the customer, and keep costs under control. Works every time.


Flagship product: Security Information Manager

Vendor: TriGeo Network Security

Cost: $19,860.

Innovation: A very successful product usually thought of as a big company tool designed from the ground up for the mid-market.

Greatest strength: Business focus on the mid-market.

SIEM: Q1 Labs

It is hard to use. We'll never have the time to deploy it. We don't have the infrastructure for it. All arguments for not buying a SIEM. But this innovator does not agree. The Q1 Labs QRadar system goes for the jugular in those excuses. By combining several important security technologies, Q1 has come up with a product suite that is straightforward to deploy and use. So much so that it is optimized and pre-configured for 90 percent of all deployments out of the box. That is a very good start if you want to carve out a spot for yourself in a crowded market.

The Q1 Labs products are really focused on security intelligence. SIEM is just one way that they achieve that goal. Managing logs and managing information security risk are tough problems that the QRadar system has tackled successfully. When you are fighting for a space in a market full of heavyweights, it is good to have a special niche. Gartner Group has recognized that this innovator is on the right track by putting them in the Leaders Quadrant for 2010.

Check the Q1 website and you'll find its mission: “…to provide complete network and security knowledge, delivered simply, for any customer.” That's a pretty big order, but it is, as we found out when talking to a Q1 Labs visionary, the driving passion behind the company. One way to achieve that goal is to innovate the technology. Following the simplicity – without being simplistic – theme, the QRadar products are scalable in that they don't just observe and record events in a vacuum. Events, according to Q1, are pretty useless without a context. This system can autodetect much of what it needs to provide for that context.

The next challenge is getting to market. For that the company optimized its channel sales force so half of its customers are outside of North America. To do that they had to double their sales force.

This is a fast-moving market chasing fast-moving problems. Plus, there are new releases on the boards that significantly enhance application recognition – giving even more context. Content-awareness gives solid forensic capabilities as well. We put it in the SIEM category, but it is for certain that the offerings from Q1 Labs are a lot more than just a SEIM.


Flagship product: QRadar product suite

Vendor: Q1 Labs

Cost: $50,000.

Innovation: Developing a creative approach to gathering and presenting actionable security intelligence in a platform that is easy to deploy and use.

Greatest strength: View of security intelligence from the perspective of the user, addressing the difficulties usually associated with this type of product.

Forensic Tools: AccessData

AccessData has been a mainstay in the computer forensic field for more than 20 years, longer than just about anyone else in the space. One might think that a company of that venerable age would become stodgy and set in its ways. After all, 20 years is an eternity in this business and companies that have relaxed on their laurels are not unheard of. Well, in this case, there is not a chance that we'll see any such behavior from this innovator. In order to ensure that the company stayed fresh and innovative, the new executive team did what our visionary called a “reboot” when it took over a few years back.

How do you avoid the perils of complacency? You run the company as if it is a hungry startup. You adopt the attitude that you must innovate or die. And that is what has made AccessData a key layer in the forensic tools space for many long years. From a technology-meets-market perspective, this innovator believes that people need to analyze information wherever it lies. That has led to the addition of products through acquisition, as well as through internal development. AccessData now has products that analyze computers– in place or over the network, as well as mobile devices. The company trains more than 4,000 users each year.

Because the market is constantly evolving – law enforcement, consulting, government and e-discovery to name a few sectors – AccessData built a platform that can provide views of just about any application. When it is necessary to expand a capability to gain access to core capabilities, this innovator does exactly that. As an example, many years ago the problem of password recovery during the forensic process became an issue, so AccessData added the Password Recovery Toolkit. This now is a staple of its overall forensic offering.

Attitude, however, probably is the key differentiator for AccessData. They consider themselves to be an investigative company as opposed to a forensic tool developer. That connection with the user makes a big difference. But that is typical of this innovator. The customer-first attitude just adds to the focus that makes this our choice in the forensics category this year.


Flagship product: Forensic Tool Kit

Vendor: AccessData Group LLC

Cost: $2,995.

Innovation: A point of view and attitude that give them an edge in a hotly contested market.

Greatest strength: “Customer first” attitude.



This is a category that has spent the past several years defining and redefining itself. If there was a poster child for convergence, perimeter defense would be it. This year we may have boiled it down to its least common denominators with only one likely convergence yet to come. For the current year, we have kept network-based UTM and endpoint UTM products separate. However, we predict that this is likely to be the last year that we can do that.

The notion of the endpoint as separate and distinct from the perimeter is the traditional way of considering UTM functionality. However, as the endpoint becomes less and less separate from the perimeter, this distinction will continue to blur. One of our innovators this year already is heading in that direction and we are betting that we will be following their lead in the not too distant future.

Intrusion prevention systems have been working hard at stealing the thunder from intrusion detection systems for some time. That convergence likely has come. No longer is there the specter of an IDS that, for whatever reason of its own contriving, shuts down network access from a false positive. Developers have just about worked through that problem and the IPS has really started to come into its own.

Our selection in the IPS category has a long history in the market space and is a clear innovator as you will see. Even though the perimeter defense category is small – as is the access control category – it is small because of convergence, not because of lack of need or products in the space. Over the years, we find some categories shrinking for this reason and, of course, that poses challenges for us editorially. We'll see where these two convergences take us over the coming year.

For now, though, we still have both of these categories, and the perimeter defense category is not without its interesting features. Chief among these is how vendors in this space carve out their respective niches in a tough market that is growing rapidly, both technically and through its ever-morphing requirements.

So, all of that said, let's have a look at perimeter defense innovators.

UTM, network: Cyberoam

All of our innovators share one thing in common: They all have deep customer commitment and they all have mechanisms for ensuring that customer relationships remain the basis for their business plan execution. However, few have formalized that commitment to the extent of Cyberoam, our network UTM innovator. For Cyberoam, customer commitment means measuring, analyzing and responding to customer attitudes, needs and how customers view Cyberoam products.

This innovator remains in almost constant contact with customers that have purchased its products. After the first month after product delivery, Cyberoam conducts a survey. This is not just a “how did we do?” survey – although there certainly is some of that. It is much more. The survey aims to pinpoint areas of difficulty that the new user is experiencing, as well as features that the customer needs, but is not finding – and that, perhaps, Cyberoam should add in future releases. They also seek to know what, if any, additional follow-up is necessary.

This deep customer interaction leads directly to how the company develops its technology. Based on reported customer needs – from those that bought and those that did not – this innovator lays out its development plans going forward so that features that are reported as necessary by enough customers and users are prioritized for future releases.

One innovative solution to growth and extensibility requirements has been adding an abstraction layer – a sort of layer 8 on the OSI model – that allows the connection of names. These names could be users, domains, and more This allows greatly improved granularity of system administration. It also follows, albeit in a uniquely creative way, a trend that we have seen in many products lately – tracing down to the user level. The important pieces in the Cyberoam approach, though, are the integration with the network model at a fundamental level and the direct connection to system administration.

Getting these innovations into the product is an innovative process in itself. The company rolls out upgrades and updates quarterly. This keeps them in step with reported needs. This is part of the overall strategy that allows this relatively small company to generate more than 20,000 deployments across more than 90 countries worldwide. With a goal of developing the capability of best-in-breed firewalls with a UTM, Cyberoam has exploited multicore processor technology, content awareness and certification training to drive its stake in the UTM market.


Flagship product: CR1500i

Vendor: Elitecore Technologies Pvt. Ltd.

Cost: $9,740.

Innovation: Go-to-market strategy in a global market that is quite crowded in its product space.

Greatest strength: Product and support through most media 24/7.

UTM, Endpoint: Sophos

Simplicity is the hallmark of 20-year-old Sophos. In fact, this innovator has a term for it: “brilliant simplicity.” Sophos addresses a market where the large majority of organizations don't have large resources so the company strives to make its products straightforward and easy to use and deploy, and affordable for the enterprise.

Along with brilliant simplicity, though, there is a very broad product line that addresses malware, application control, spam, network access control and encryption. The Sophos endpoint security platform really is a full-featured UTM that has cross-platform compatibility and centralized management – as is appropriate for the enterprise.

As a vendor that came from the anti-virus world, many dark ages past, Sophos knows that today anti-malware is not enough. So the company addresses email security, network access control, web security and other aspects of data protection as well. All of this technology is wrapped in positioning as a vendor that the customer can trust, because trust is far more important than technology alone. Supporting that philosophy, the company strives to be accessible to the largest group of customers possible. One way to do that is to consolidate solutions as much as possible to typical security challenges.

Sophos always is looking forward. The acquisition of Utimaco gave Sophos some new technology to build into its product line. Everything, however, is “laser focused” on maintaining the company's positioning as a security company that customers can work with and trust. Technical innovations – such as live lookups, data leakage protection and intrusion prevention – all are part of the Sophos roadmap. And, that roadmap is pointed directly at the goal of protecting data wherever it is or in whatever form it takes.

The Sophos commitment is backed by a global network of labs, which provide the research in areas, such as anti-malware, that are the core capabilities of the Sophos products. Where appropriate to the Sophos mission, the company is ready to partner as necessary to support its large customer base. To support the focus of this innovator's go-to-market strategy, the company concentrates vertically, providing those capabilities needed uniquely by the various vertical markets it serves.

Strong, focused market strategy, innovative implementation of data protection technology, and a deep commitment to the customer all make Sophos our endpoint UTM innovator.


Flagship product: Endpoint Security & Data Protection

Vendor: Sophos

Cost: $51.50 per user or $5,150 per year.

Innovation: View of the security market.

Greatest strength: Maintaining a very strong market presence in a competitive marketplace based on the combination of superior, easy-to-use and deploy products and customer trust.

IPS: Juniper

It has been said that every leader should be listening for footsteps behind them. Juniper, a solid provider in the intrusion prevention space, needs pretty sharp ears if that is true. But, Juniper is not listening for the steps of a competitor as much as it is listening for its customers. It is the customers, according to the visionary with whom we spoke, that push Juniper to greater and greater technical innovation. And make no mistake, Juniper is listening. As a result, the company has consistently proven that it can bring new innovations to the marketplace.

The secret to Juniper's success, in part at least, is staying top of mind with its customers That translates internally to keeping process planning top of mind at the company. Process planning includes such things as generating general thought-leadership. This program consistently focuses on exploring how the company can be better, whether in its business practices or its technology innovation. In fact, according to the visionary with whom we spoke, the company is driven by innovation. One of its core principles is “think boldly.” To do that, the company needs to listen closely to those customer footsteps coming up behind.

When you're in a competitive marketplace – as all of our innovators are – how do you survive in a serious economic downturn? Here, as was the case with many of our innovators, the secret is forge ahead…don't shut down. Juniper didn't pull in its horns, look for a suitor to buy it or pack in its chips. Instead, it focused on those markets – and there were some – that were still strong. They dug for opportunities, such as large data centers, when these depositories were beginning, perhaps due to economic pressures, to consolidate resources. That provided just the opening Juniper needed because it fit well with its own philosophy of consolidating systems, security and hardware through such things as virtualization.

In fact, the whole issue of cloud computing and virtualization plays well to the company's approach of viewing the new traffic patterns no longer as client-server but, with the advent of virtual systems, as server-server. The functions of the hypervisor and such things a VMware's vMotion are data flow game changers and Juniper was ready for that. Securing the new environments presented challenges that were right in Juniper's sweet spot at a time when many other company's simply were trying to survive the depredations of a nasty recession.


Flagship product: SRX series

Vendor: Juniper Networks

Cost: Starts at $1,000 up to $250,000.

Innovation: Innovation-focused company personality both in its technology and business practices – consolidated security to support the consolidated data center.

Greatest strength: Application of their core principle of thinking boldly to address customer needs creatively and effectively


This is what it is all about. If we didn't need to protect the data, we wouldn't need security people, processes or products. But we do need to protect the data, so we need all of those things. Here is an area where we are not likely to see a lot of convergence. In fact, the category is becoming increasingly complicated.

We looked at five different product types. Even though we look at all of the aspects of innovation, we categorize participants by product types. This year we looked at two types of data extrusion: extrusion and leakage. We recognized that data leaves the network for a variety of reasons, and noted that there were two companies that have a somewhat different slant on data leaving the safety of the enterprise. The focus of their products and market positioning reflects that.

We took a look at email security, one of the toughest product types to define. And, along with that, we looked at encryption, a tool often thought of as email security but, in reality, one with far broader applications.

Finally, this year, the problems of identity theft and fraud have hit the mainstream. Addressing online fraud and identity theft at the enterprise has become extremely difficult because today's fraudsters and identity thieves have shifted to attacking the user endpoints. Our selection in this area addresses the problem at both the enterprise and the consumer endpoint.

So, data protection has offered us a rich field of exploration this year and we have a nice mix of new entries and long term players including two that have raised a lot of eyebrows in the marketplace for their creative, unique and effective approaches. This is likely to be one of our most interesting product groups over the coming years. In our view this group is headed towards new challenges and new technologies and that offers fertile fields for innovations.

So given that we have five innovators to read about let's move on.

Email Security: Axway

Axway is an extremely broad-based company with a very complete suite of security products and services. The company brings the expertise and experience gained in deployments in over 11,000 organizations in 100 countries world-wide to each of its product lines. Email security is no exception. It has been our experience that innovation is less likely to thrive in companies such as this one than it is in smaller, leaner companies. That certainly is not the case here nor in a couple of our other, larger, innovators this year.

Axway breaks its products down into four core groups: email security, managed file transfer, business-to-business communications and integration. Each group has been grown through a combination of acquisition and internal development to be the most solidly integrated line that it can be for the individual product segment. The email security group – the product sector for which we are honoring Axway this year – acquired its flagship product, MailGate. MailGate has been a respected product for some time and fitting it into the Axway strategy just has made it stronger.

Axway's strength as an innovator comes in part from the way it approaches the market and part from the way it ferrets out and addresses the untapped needs of its customer base. Their philosophy is simple: look for problems that the customer base has not been able to solve and find a solution. That philosophy is reflected in everything that this innovator does.

What is the personality of Axway? They see themselves as a technology company but we would argue that technology in a vacuum is not the hallmark of a successful innovator. Take the core company philosophy of seeking problems to solve, add the technology and now you have Axway – and MailGate. They do this by leveraging market-leading technologies and a strong go-to-market strategy.

Axway also sees itself as competing horizontally striving for one-size-fits-all set of solutions to customer-identified issues. Interestingly, though, their product mix is very vertical. So how does the company reconcile vertical product lines and horizontal market penetration? The key is the development of a platform that allows vertical product integration to meet explicit customer requirements. They call this platform Synchrony. Good choice of names, in our view. It tells the Axway story well in a single word.


Flagship product: MailGate

Vendor: Axway

Cost: $10,000.

Innovation: Savvy integration of vertical product offerings to serve a horizontal market.

Greatest strength: Enabling businesses to conduct internet business securely, especially using email; helping email enable business processes.

Encryption: Trustwave

Trustwave is another company with a broad product offering that covers network access control, data leakage prevention, threat management, SIEM, PCI compliance and encryption. It is in the encryption arena that we selected this company as one of our innovators this year. Our reasoning was quite simple: Here is a company that is in a war with encryption giants and still manages a very credible showing. They must be doing something right and we wanted to know about it.

It turns out that Trustwave views encryption as an end-to-end process and we could not agree more. There are many companies that provide some point solution to the encryption picture, but not so many that view the problem from endpoint to endpoint. Add integration with other products in the Trustwave stable and you start to see a pretty complete picture. End-to-end encryption tools also have a very specific market niche where it is critical, and where it does not have a lot of purveyors: payment transactions.

So, by developing a relatively unique product premise and applying it to a critical – and very large – market niche, this innovator has carved out a respectable place in the encryption space. As well, Trustwave has a very simple business proposition: Pick your products and target markets then package and deliver. It is as simple as that. Well, perhaps not quite so simple.

For example, there's this niggling little problem of identifying the right problems to solve, developing the right technology to address the problem, and then you packaging and delivering. Trustwave has this down to a science. Another area where this innovator excels is remembering its roots. With a long history as a services provider, Trustwave still builds on that experience offering its customers a really complete solution to those nasty problems that the company has products to solve.

Infrastructure is critical to success as well and the company's Spider Labs track security breaches worldwide. This is important because selecting a market as large as the payment industry has netted Trustwave more than two million customers the world over. With the help of intellectual property it has acquired and packaged to solve customer problems, provision of cloud-based services, global call centers and the practice of keeping its engineering teams from acquired companies intact, this innovator has all of the ingredients for success.


Flagship product: Managed Encryption

Vendor: Trustwave

Cost: $72.00 per device per year.

Innovation: Pulling intellectual property, services and infrastructure together to provide a suite of products and services that fully support a global authentication and encryption network.

Greatest strength: The vision to see what needs to be accomplished on a grand scale and developing the resources to accomplish it.

Extrusion Prevention: Fidelis Systems

We now come to the first of two companies in similar product spaces. Fidelis is in the business of extrusion prevention. How does that differ from data loss prevention? Some would say that it doesn't. We see it differently, however, and therefore we have selected innovators in both categories. Generally, we think of data extrusion as passage of data outside of the organization's zone of control over the network. We think of data leakage as a superset that includes other ways of removing data – such as on CDs and thumb drives. Fidelis focuses on data moving on the network, rather than securing the endpoints against unauthorized use of peripherals to remove data.

Fidelis is no newcomer to the problem. In fact, they arguably are the oldest company in the business, with origins in 2002, before the term “data extrusion” even existed. While other companies focus on packet-level inspection, Fidelis extends that approach to session examination, giving the packet contents context. This approach give visibility of both in- and out-bound content, necessary to provide the context for exfiltration.

Getting to their current position required an innovative approach to the market, as well as to the technology. This innovator started by understanding the problem in the federal market and went to the trouble and expense to obtain the appropriate government certifications. This gave them an instant leg up in the private sector as well.

Armed with experience, technology and government certifications, Fidelis focuses on the high end of the market where data extrusion can cost an organization millions – if not billions – of dollars. High-end markets are made up of high-end organizations with high-end problems. That implies a high-end product to address the issues that are unique to large banks, defense contractors, governments and the pharmacology space, for example.

These systems are not trivial to deploy, so the company's go-to-market strategy includes using a channel of value-added resellers (VARs) who can wrap their services around the Fidelis product. Deep application and contents decoding, including the traffic, ports involved and protocols, and more, gives these VARs a platform that can be successful for them and for Fidelis. These capabilities allow the VAR customers to make policy decisions and take action before an extrusion completes, allowing a high level of prevention.


Flagship product: XPS v 6.2

Vendor: Fidelis Security Systems

Cost: $25,000.

Innovation: The vision to predict a need that had not even been identified and creating an innovative approach to solving the problem.

Greatest strength: Passion around the Fidelis technology coupled with clarity about the problem and its best solution.

Data Leakage Prevention: Code Green Networks

Code Green is, arguably, the other side of data exfiltration. This innovator looks at both the endpoint and the network, providing what it refers to as TrueDLP. The TrueDLP product covers the enterprise in its entirety. Code Green considers total data loss prevention as encompassing data extruded over the network, data leaked from the endpoints, and, at least as important, discovery. So, in a sea of DLP feature sets that are part of several other product types how does Code Green take its share of the market?

First, the company focuses on a complete DLP strategy of putting everything on a single appliance for ease of deployment. This implementation can be scaled up for larger enterprises. Then, this innovator stays focused on sticking to the entire DLP picture, not just parts of it. The problem that presents, of course, is that the company is in a crowded market where perception becomes competition, even if the competitor is not directly addressing the problem that Code Green is. So this innovator focuses on the completeness of its solution to the DLP problem, its special breed of deep content inspection, and the need to educate its customer base that accuracy is critically important.

How do they sell, then? According to the visionary with whom we spoke, it is a mix of technical competence and long experience. The company's leadership averages more than 20 years in technology. That allows the company to carve out its place in the market. This experience, plus deep commitment to listening to and understanding the customers, leads it to forge an approach that touches on areas often missed by similar products, such as managing incidents using a workflow approach.

Where are the upcoming challenges? In a word: encryption. When the bad guys exfiltrate data after encrypting it, there is a serious problem of identifying that exfiltration even has occurred. The market is continuing to grow, and with that both customers and bad guys are becoming more sophisticated. This requires a serious commitment to innovation to stay ahead of the game. Today, the customers are telling Code Green visionaries that they need a full solution that includes discovery. Discovery allows the user to locate and identify data that may be a target of leakage attempts, whether accidently or maliciously. Code Green leverages agentless discovery techniques to improve both the efficacy and efficiency of network and endpoint DLP. That's the full package, and that is what this innovator is all about.


Flagship product: TrueDLP

Vendor: Code Green Networks

Cost: $9,995.

Innovation: Viewing the entire continuum of data exfiltration and placing the solution into a single agentless appliance.

Greatest strength: View of the big DLP picture and the vision to act on that view.

eCommerce ID theft/fraud prevention: Quaresso

What's a Quaresso? Do you get one down at your local taco joint? Hardly. Quaresso is a hot, little start-up company with products designed to protect you against identity theft and internet fraud. And it is a poster child for the reason we created this innovators issue three years ago. Its products are well-thought-out, it has some good partners, and it is going after the market in an organized, horizontal manner. It is also well-funded. Quaresso's founders are no newcomers to the security space. They include veterans of CheckPoint, Symantec and Blue Coat, to name a few. This certainly is a new company to watch.

However, if you are entering the security marketplace today, you need innovation both in your technology and your business approach. Quaresso has both. The company started with a simple premise: the browser is the new security perimeter. Because the internet browser is the core tool for much of what users do and virtually all of what they do on the internet, protecting the browser makes a lot of sense. But that is a two-edged sword. Not only are browsers subject to compromise, compromised browsers can infect websites. Quaresso's server product creates a protected shield around browsers connecting to it, and preventing client-side attacks from moving from the browser to the server. The protection is dissolvable when the user leaves the protected web server – leaving nothing on the user's browser.

The other piece of the protection is at the browser end. If the user is only protected when connected to an armored server – Quaresso's term for a server protected by its product – what happens when the user wants to browse sites that are not armored? That's where the personal product enters the picture. The personal product really is a cloud-based service that armors the browser during a browsing session anywhere on the web. The user logs into the Quaresso server, then goes browsing with protection – and even if the browser already is infected, the user is protected from the consequences of the infection. At the end of the session, everything that Quaresso put on the browser dissolves.

Going to market with an educated channel completes the picture for this innovator that first started marketing in Europe as part of its go-to-market strategy. We predict that this one bears serious watching and we'll have another look at Quaresso next year.


Flagship product: MyProtect

Vendor: Quaresso Software Technologies

Cost: Starts at $29 per user/per year for 100 to 249 users.

Innovation: A unique technology in a very large potential market.

Greatest strength: Recognizing and understanding the problem space.



This is a category that is experiencing some convergence, but more than anything else it is morphing to meet the needs of ever-increasingly regulated industries. While we have been managing such things as policies and content for some time, tying all of the pieces together is just beginning to reach maturity. This maturity is driven by regulatory requirements to be sure, but an emerging need is making certain that the enterprise actually is secure.

There have been many cases where systems met all of the applicable regulatory requirements, and yet were breached. An example is the spate of credit card thefts from organizations that supposedly met all PCI standards. Organizations are learning that meeting regulatory requirements usually isn't enough. This is the first step in repudiating the “check-in-the-box” syndrome that has, for years, permeated business and industry. If you could pass the audit, all was fine. Now we know – and many have known for a long time – that this is nowhere near adequate, especially in today's era of sophisticated attacks intended to steal money and trade secrets.

The issue, as one innovator told me, is one of architecture. Architecture means infrastructure. Security architecture means security infrastructure and that means products designed specifically to address both the regulatory compliance and the true security of the enterprise.

We have selected three important product groups this year in our infrastructure section: content management, policy management and governance, risk and compliance (GRC) management. Content management has been with us for some time, and our entry this year has a solid take on that, to be sure. Policy management is a must-have in large enterprises where even knowing what devices are present often is a challenge.

GRC management is an outgrowth of risk management. Risk management was the Rodney Dangerfield of security for decades: it couldn't get no respect. Today, organizations are forced to look at their IT risk posture, but that, by itself, is not enough. Risk needs to be addressed in the context of compliance and governance, hence the GRC category. Our bet is that this product category will, in the not too distant future, converge around GRC management.

Now, on to our infrastructure group innovators.

Content management: M86 Security

What do you get when you merge four leaders in information technology into a single security company? According to the M86 website you get “…a full service, single source provider of web and email gateway security, encryption and DLP…” That pretty well describes our innovator in the content management category. M86 technology focuses on web security as a single channel of protection that uses such innovative technologies as real-time code analysis to determine the intent of the code.

According to the folks at M86, 85 percent of web-distributed malware comes from legitimate sites. These are trusted sites that the user expects to be safe. The company's flagship product provides a service the company calls “dynamic web repair.” This service examines the data coming in during a browsing session, determines if it is safe, and, if not, cleans up the page before it is delivered to the browser. The system looks at both web and email and correlates blended threats for thorough protection.

While many organizations are acquisitive, this innovator really created itself from a collection of companies that came together to address email and web threats through content management. These companies had been involved with both email and web security and had developed mature technologies and markets. The merging of these companies made a lot of sense.

This is another market where there are real and perceived competitors, so the end result is a crowded market space. Some of the players are pretty big, so an innovative market strategy was the order of the day. First, M86 has a very competitive technology and it trades heavily on that. According to the visionary with whom we spoke, they like to consider themselves the “biggest of the little guys or the smallest of the big guys.” In either case, they have carved an important niche for themselves, global in scope and stable enough to be credible.

Because both the physical product market and the cloud-based services market are important, M86 addresses both. This provides a hybrid web solution that can be delivered both at an organization's headquarters using a hardware appliance, and for its outlying branches and remote workers using the cloud with no equipment installed on premises.


Flagship product: Secure Web Gateway

Vendor: M86 Security

Cost: $11,000.

Innovation: Merging of four world-class companies to solve a persistent and difficult problem set – hybrid approach to delivering content management.

Greatest strength: Innovative technology, an organization with a culture of innovation and the M86 Security Labs, one of the best in the business.

Policy Management: Secure Passage

If you go to the Secure Passage website, the first thing you're likely to notice is the company's tagline, “Fix Your Firewall.” This, of course, begs the question, what's so wrong with my firewall that it needs fixing? Secure Passage is ready to answer that question and offer a solution to the problem. In fact, the question and its answer is what got this innovator started in the first place. An M86 visionary told us that the basis for the company's products is the premise that firewall management is more than administration. It is, in fact, an entire process on top of administration that tests configurations against policy and manages firewall rule sets.

The other question, of course, is this: In today's world of technology, are firewalls still viable? All of the innovators of whom we asked that question agreed that they are. The technology, however, is rapidly changing and that makes firewall management – configuration management, not just administration – even more critical. Even if we were not heading into an era of new generation firewalls, the genre is ubiquitous and the legacy market is huge. Current generation – and older – firewalls are even more susceptible to rule challenges. The scope of the problem is, in fact, so great that firewall administrators need help.

The company is completely customer-focused and is driven by both compliance requirements and the practicality of protecting the network. How do you build a company such as this with a mandate as important as protecting the firewalls that protect the network? Simple, this innovator says. Find a problem and go solve it. The problem, though, is not just those physical firewalls that are everywhere – the core of network security by some accounts. In a virtual environment, the problem potentially worsens.

The system developed by Secure Passage analyzes firewall rules – paying attention to policy and to ensuring that users have the access they need to do their jobs. On top of those functions, the company's product ensures compliance with regulatory requirements and can automate rules for that purpose. It does all of this through configuration and change control.

Market strategy? A big piece of it is tying the flexibility of the product to customer needs by making it extensible by users. To get the most out of that extensibility, the company has formed an online community that allows users to share their open source firewall extensions and solve problems far faster than the developer could issue updates or patches. Many other companies have used this technique to good advantage, and here it works especially well.


Flagship product: FireMon

Vendor: Secure Passage

Cost: $10,000.

Innovation: Firewall management through automated change and configuration management.

Greatest strength: Vision to find the right problem and apply the right solution.

IT GRC management: Rsam

When you're in the business of performing IT governance, risk and compliance (GRC) assessments, you need a powerful tool to make it cost-effective, especially for large organizations. That's exactly what the folks at Rsam needed, and so they created it. Because they understand the customer and the customer's needs, the result – Rsam – was exactly what was required, and it was not long before it became a product in its own right.

There are some things that make Rsam unique. We have seen these functions first-hand in various installed users. First, there needs to be a dynamic workflow automation process. This relieves the analyst of the need to track assessment steps manually, a big-time burner. Second, the tool needs to be highly configurable, because in the GRC world, one size definitely does not fit all. Both of these functions were important innovations for the company.

Of all of the innovations on the business side, the one that, perhaps, impressed us the most was that this innovator has had no need to go to the venture capital community for funding. The company has shown good growth from both the government and private sectors. Rsam has routinely focused on matching resources to real market needs with more than 50 percent of their market being a mix of health care, government and finance communities. These are market verticals that are, perhaps, most affected by regulatory requirements.

However, the current shift from the physical to the virtual world has evolved GRC requirements dramatically. At the same time, it will open new markets for Rsam. Small businesses usually cannot afford the type of GRC assessment or tools that large companies can. That does not mean that they do not have the requirement, however. So Rsam can leverage the cloud infrastructure to serve these smaller customers.

The market, then, is growing and there are fewer players, but those players are extremely competitive. Rsam trades on its extensive experience as GRC consultants, customer references and the expertise that the company is known for. GRC can be big and complicated to deploy, but Rsam is a rapid deployment tool, and that helps the customer justify the tool based on lowered overall cost of ownership.


Flagship product: Rsam GRC

Vendor: Rsam

Cost: Starts at $25,000.

Innovation: Application of powerful, well-seasoned tools of the GRC consulting trade in physical, consulting and cloud deployments.

Greatest strength: Understanding customers' pain points and addressing them with innovations and real solutions that make sense for the problems.



This is the future. And it is the future in your face. There is almost no magazine that deals with security – and many that don't – in which you won't find at least one article about either virtualization or cloud computing. Unfortunately, the technology surrounding virtualization is not universally well-understood. Today, when we speak generally about virtualization, we usually mean something from VMware or one of its competitors. That, even, is a bit misleading since all of these developers have multiple types of virtualization schemes and products available.

For this year, however, we are concerned with bare metal virtualization generally, and VMware implementations specifically. Our single entry in this category addresses the explicit security of virtual machines in a bare metal implementation. This not only is a critical need, it is a difficult thing to do well. It is difficult because the requirements of the hypervisor can be problematic.

The notion of cloud computing – a term that, as yet, is not as well-defined as we'd like to see it – still is mostly hype, but it is hype with, as they say in Hollywood, legs. Once the notion of cloud computing is solidified into a set of consistent concepts that can be used to define functionality, we expect the security market will converge around it with a dedicated tool set. Today, however, what we see is a batch of vendors with traditional products that “also support the cloud.”

Since we really have no idea what that means, and since no concrete cloud construct has yet emerged, we do not have any product groups dedicated explicitly to the cloud. We expect, of course, that this will change and change rapidly. Paradigm shifts rarely come rapidly or without some confusion and this one is no exception. But occur it will and when that happens we'll be there to bring you the innovators.

For this year, though, we will stick to the cloud's older sibling: virtualization. And we'll do that knowing full well that it has not been long since virtualization was in the same position as the cloud. The difference, of course, is that virtualization is an established technical construct.

So, on to our single entry in this category.

Virtual firewall: Altor Networks

Last year, we looked at this very interesting company and its product Altor VF, the first serious virtual firewall. Altor VF now is Altor 4.0 and it is more powerful – and useful – than ever. Years ago, we heard a comment that being part of the then-emerging computing business would be like having a tiger by the tail. That probably was true, but it was nothing like hooking into the current move from the physical to the virtual. Products that “can work” in the virtual are hot enough, but products designed explicitly for the virtual are scalding. Altor's product is the first serious firewall for use inside the VMware virtual environment.

Innovation is the name of Altor's game. Just identifying and delivering on solutions to the problems inherent in firewalling individual virtual machines by itself requires an innovative viewpoint. Adding intrusion detection to the mix was equally important. Between the two capabilities the company's product can isolate users and groups, as well as virtual addresses. In fact, Altor 4.0 is starting to look a lot like its physical counterparts in the “real” world.

Altor's mission is bringing security technology to bear on the hypervisor. The hypervisor – along with such capabilities as vMotion – are game changers for certain kinds of tools that work fine in the physical world, but are challenged in the virtual world. Altor's product can see and act on data at the packet level and can see the internals of the virtual machines without agents by connecting directly to the hypervisor. That makes it a nearly perfect marriage of host and network protection and detection.

Altor calls this marriage “VM Introspection” and it allows a view of the VM's operating system, patch level, and running and non-running applications. If a virtual machine joins the virtual network and is not in compliance with policies, VM Introspection quarantines it. That could mean that the VM is configured incorrectly for the policy, contains something not allowed or is missing something required, such as anti-malware software. What results, according to Altor, is a sort of “NAC on steroids.”

This technology opens up lots of possibilities for future innovation. The hypervisor can do things in the virtual world that cannot be done in the physical world. For example, rootkits can find their way into physical machines, but they cannot hide from the hypervisor in a virtual system. Is VMware the only system that Altor supports? For now, since VMware is the 800-pound gorilla in the virtual room. But the visionary at Altor with whom we spoke expects that there will be opportunities in the other popular virtual systems.


Flagship product: Altor 4.0

Vendor: Altor

Cost: $1,500 per CPU socket plus $5,000 for the management center.

Innovation: Recognizing and responding to an emerging market in time to gain a major foothold.

Greatest strength: Vision and deep understanding of the virtual environment.


This group is new this year and it is a category whose time has come. The first group of companies to be inducted into the Hall of Fame is composed of some of the most familiar names in the business. They also are perennial winners of just about every accolade SC Magazine can present.

In this group of five companies, there are three companies which have received Approved for SC Labs designation. Every one of the companies has had a five-star winner within a Group Test review multiple times, and most have had products that have won Best Buys. They all also have made multiple appearances in the yearly Innovators issue and some have been Reader's Choice winners as well. Truly, these five companies are, by any measurement, best of breed.

There are not product type qualifications for entry into the Hall of Fame. This year, in our first annual class, we have four products that have been in the analysis and testing group and one from the perimeter defense group. That may be happenstance, of course, though perhaps not entirely so.

Consider, for example, the maturity of these two product groups compared to, for example, virtualization. As product groups mature, they often converge, but that is not always the case. Sometimes, the group simply fills out as the data protection group has. When that happens, some solid performers continue to grow and improve. They show up everywhere – not just in this publication, but in others and, most important, in data centers all over the world.

We are sure that you will enjoy reading about our five charter member of the Hall of Fame. Our interview process was quite different for them than it was for the other companies whose visionaries we talked with for this year's issue. Since we know these companies very well, the conversation turned to how they saw their markets evolving, what their challenges are, how they got to where they are, and what we should expect from them in the future.

So, without further ado, we give you the five 2010 inductees into the SC Magazine Innovators Hall of Fame.

Mu Dynamics

Our first Hall of Famer is Mu Dynamics, a company that personifies innovation and has been one of our Innovators for the past three years. The company's first innovation was recognition that there was a need to provide a structured way for organizations dependent on various types of network communications for their existence to be able to test their systems at the packet level. The company developed a tool that could perform automated protocol mutation – a sort of stateful fuzzing – for testing the critical devices on which the organization depended. It was not long before the vendors of those products figured out that this was pretty important and jumped on the bandwagon.

That sounds like a pretty good place to stop. The market was established with Mu as the only serious player. But the world does not stand still and neither does Mu. Over the past year, for example, company growth has been exceptional, close customer relationships are blossoming, the work that Mu addresses is accelerating and then there's that pesky explosion of virtual and cloud technologies. It appears that Mu is going to have lots of opportunities to innovate coming down the pike. Mu's response, generally, has been to make applicable processes as simple and agile as possible so that the customer can keep pace.

To that end Mu has implemented a vibrant community that shares packet captures (pcaps) that can be used with the Mu for custom testing, and their biggest innovation to date – after their flagship product, of course – Mu Studio. This is an innovation that changes the way one approaches testing. It is layer-agnostic, application-centered and allows rapid testing before deployment. Best of all, it uses real traffic for testing. This allows the tests to be relevant to the customer's real environment instead of contrived in a lab.

Mu found out that its customers want the network to be validated in terms of the user experience, not just packets. Studio Scale is opening up new opportunities for Mu and its customers. Most important, perhaps, is that it is a straightforward way to address the increasing complexity of today's enterprises. It simplifies testing even in the face of that increasing complexity.

Mu's biggest challenge? Continuing to execute, staying focused with so many opportunities, working through tough economic times and maintaining the culture and principles on which the company was founded.


Flagship product: Mu Studio Fuzz

Vendor: Mu Dynamics

Cost: $40,000.

Innovation: Recognizing and delivering solutions to an extremely important set of network challenges.

Greatest strength: Vision, perseverance and company culture of innovation.

Core Security Technologies

It all started with a nifty penetration test tool and the folks at this Hall of Famer have never looked back. From one basic product in 2001 after four years of consulting to today's stable of products and services, Core Security Technologies has led the way in the penetration testing market. With a philosophy of giving the customer ways of making better decisions from the available data, Core has consistently innovated in the technology area, as well as in its approach to the marketplace. Penetration testing, according to this company, is growing up. The mix of physical testing, testing in virtual environments and cloud testing is where a full-service penetration test tool developer needs to address.

Core sees the penetration test market evolving into security testing and measurement. To help define that market, Core has continued to invest in innovation even during the economic slowdown. The reactions from the customers has been great, says the company. That probably is to be expected considering the close relationships that Core maintains with its customers.

The latest innovation is called Insight Enterprise. This is a sort of “vulnerability tester in a box.” It does about 70 percent of what a penetration tester would do and it does it automatically. The system can be distributed across the enterprise to aggregate multiple locations within the organization. This appliance is the step before deployment in the cloud – deployments in virtual environments already are effective in our experience. While Impact Pro is a tool for penetrating systems, Enterprise is a system for identifying risks.

The marketplace is not without its challenges, however. Of course there always are technical challenges. The bad guys are getting smarter and organizations need to stay current on testing for the latest vulnerabilities. Also, in this innovator's view, the security still is a bit unclear about what various products really can do. First, there is a lot of hype still in the market, and second, it is time to move beyond compliance. Compliance, of course, is necessary today, but usually that is not enough. The enterprise needs to be secure, not just pass a checklist. Solid test and measurement of security in the enterprise is the only way to know if controls really are effective.


Flagship product: Core Impact Pro

Vendor: Core Security Technologies

Cost: $30,000 per seat/per year.

Innovation: Bringing penetration testing into the mainstream and evolving the notion of security test and measurement.

Greatest strength: Vision to see beyond the current state and to innovate the next generation of security test and measurement tools.


In a very crowded world of giants, NitroSecurity stands out from the crowd, but you have to know what you're looking for. For some time, we thought of the NitroView tools as being the thinking analyst's tool kit. We still do. But now there's a lot more. The thinking analyst needs forensics and NitroView has always been about forensics. Now, however, it also has to be about compliance. So it is. That means that the tool needs to track activity for accountability. Things such as resource allocation, workflow and metrics bridge the gap between serious analysis and compliance reporting. Add a little log management and you're all set. Almost.

Network forensics and compliance doesn't stop with the network. There are applications to consider. And those pesky compliance reports. To meet regulatory requirements one must look for the right things. These things are a mix of threats and vulnerabilities. Then the mix has to be just what the particular regulatory requirement or standard dictates. With preconfigured dashboards and reports, NitroView fills the bill nicely.

If that is not enough, you can think of those standards and reports and dashboards as starting points because customization is a breeze. Most important, you need a different tool for different users and different requirements. An important NitroSecurity innovation is creating a platform that fills that requirement through a combination of preconfigured dashboards and reports and user configurability. The full report writer adds to the flexibility.

Getting this to the market has been a challenge as well. Nitro has built an extremely loyal user base through superb support, lots of high-touch contact and a liberal sprinkling of users who are willing – even eager – to talk about the products. These users may be Nitro's biggest supporters, willing to tell the Nitro story at the drop of a security token.

One important factor in the Nitro success story is that it always has responded to user needs. But it has responded without damaging the core concepts that underlie NitroView: the interface, very well thought-out, has been around for quite a while and all of the new features that have evolved since the company was founded in 1999.

Oh, and that big underlying innovation way back when – and still alive and kicking today – is the fastest database in the business. If you want to talk about innovation, start with an amazingly innovative approach to databases for very high-speed packet capture and analysis, add a bit of storage efficiency for that data, and you have the backend for a truly creative frontend. What more could you ask for in a SIEM?


Flagship product: NitroView ESM

Vendor: NitroSecurity

Cost: $29,995.

Innovation: Evolving the SIEM to a full-function, real-time security analysis tool, fully ready for regulatory requirements.

Greatest strength: Technical vision and close customer relationships.


Last year, we loved this company for a lot of reasons, but one of the most important was its attitude toward keeping technology in the United States. When companies are making a run for the border, outsourcing everything in sight and leaving American workers and their families stranded without jobs, LogRhythm kept its engineering right here where it belongs. We applauded that then and we applaud it now. LogRhythm has created an innovative mix of log and event management. Over the past year, according to the company visionary with whom we talked, LogRhythm has returned to its roots. Its goal is to bring to market ways to detect types of attacks and frauds that have not been detected before.

That means that the tool must gather more information and bring it to the analysis layer – it also means more data than has been captured previously. To do that, the product must look at – and interpret – all kinds of logs and build up behavioral patterns. To achieve that, the company has added endpoint analysis, geolocation and visualization and intelligent searching. All of that capability is packaged in an appliance so that setup is straightforward and the system is extensible across the enterprise.

LogRhythm addresses a full range of compliance requirements, as well as developing business intelligence, detecting insider threats and facilitating e-discovery. The company has a full suite of professional services and training to support its customers. The customer relationship connection is a pervasive theme in our discussion with the 20-plus companies in this year's stable of innovators, but the Hall of Famers, such as LogRhythm, have taken the idea of working closely with customers to a new level.

When you take all of these pieces and put them together, you have another theme that winds through everything LogRhythm does. In fact, the company refers on its website to this idea of “making log data useful” as its mantra. For years we have noted that the one thing that is likely to be watching the network all of the time is the logging mechanism. It may be a syslog on a Linux box, an IDS or a firewall log, but throughout the enterprise there are logs being generated. All it takes is a tool that can be distributed across a large enterprise to gather in that information and make sense of it. LogRhythm can do that for you.


Flagship product: LogRhythm v5.1

Vendor: LogRhythm

Cost: $25,000.

Innovation: Pulling all types of logs together across a widely distributed enterprise to discover anomalies of various types.

Greatest strength: Focus on the ways to pull more data and information from logs.


It has been done before, of course. McAfee and Associates started by giving away its anti-virus software way back in the day. But arguably the most successful example of the transition from open source to commercial products is the Snort/Sourcefire transition. McAfee is not quite the same since it never was open source and never had the strong user community that Snort does. When we talk about real innovation, we're talking about the visionaries at Sourcefire as the poster children for pulling off a very tough trick successfully and to just about everyone's satisfaction. If you mention their business model to anyone outside of our industry, you'll get eye-popping stares of disbelief.

The fact is, though, that it is exactly the unlikely connection between Snort and Sourcefire that makes the whole thing work. That connection has allowed Sourcefire to take advantage of what must be the most active, international, open source community. Snort is the globe's most widely deployed IDS, and when an organization is ready for more flexibility and power, it goes straight to Sourcefire to leverage its investment in developing scripts for snort. A library of attack signatures the size, breadth and depth of the Snort/Sourcefire offering simply does not exist anywhere else.

But it is not just the size of the library that keeps users of both tools coming back. It is the incredible speed with which this community responds to a newly discovered attack. No commercial organization can react anywhere near that fast or that effectively. It just doesn't get any better than this if you are an IDS/IPS maven.  So, what does a company such as this do for an encore? Enter Razorback, an open source framework that will follow the Sourcefire business model and that ties all of the technical pieces together to achieve deep document inspection and forensics in near real time.

Where did Razorback come from? There is a mentality – and a very effective one in our view – that assumes that the enterprise has been penetrated. That means that the enterprise is under constant attack. Bots and zero-day malware and exploits introduced by users are in the enterprise, quietly waiting to do their dirty work. This is more than a task for the average IDS/IPS, which they likely have bypassed already. Razorback provides the situational awareness that lets analysts root out the problems before they can act. This is especially useful for client-side attacks, the source of most stealth penetrations.


Flagship product: Sourcefire IPS

Vendor: Sourcefire

Cost: $8,995.

Innovation: Bringing open source and commercial products together with huge success.

Greatest strength: The deepest business vision and daring we've see in any company in our market space, bar none.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.