The Excellence Awards recognized the top cybersecurity companies of 2020, delivering innovative and effective solutions and services to enterprises and small and medium businesses.
Here’s a look at who took home the top honors and why, and what some of the winners have experienced in the months since the award presentation in February.
Best Customer Service
Nobody scored better in customer service this past year than SecurityScorecard. The vendor added more than 20 new capabilities to its platform in 2020 to empower organizations of all sizes to become more agile and cyber resilient in a quickly shifting global environment accelerated by the ongoing pandemic and work-from-home trend.
The security ratings company assesses various companies’ cyber postures and assigns a score that security professionals can review, helping them assess the risk of current or future business partners.
The company’s customer service superiority starts with the Customer Success Manager (CSM) that each client is assigned as a strategic advisor. The CSM takes customers through a customized on-boarding process, which includes a live demo of the platform that’s specific to each client’s use case, and helps ensure that project milestones are met.
Supplementing the CMS is the Customer Support team, which reviews, validates and remediates disputed claims or ratings within 48 hours.
Customers also have a dedicated solutions engineer for technical support, while a customer reliability engineer ensures all remediation requests delivered through the platform are resolved in an appropriate and timely manner.
From a sales perspective, SecurityScorecard operates via a pod structure, with each pod focused on a territory supported by a field sales representative or inside sales representative, who acts as an additional line of communication.
Customers also have access to unlimited web-based help, as well as on-site support (via its Professional Services offering) and reading materials, including platform video tutorials, knowledge base articles, supplemental best practice documentation, eBooks, white papers and FAQs.
The company responds to customer feedback via reviews and social media, and its product management team also holds regular user feedback sessions. Additionally, SecurityScorecard has a Customer Advisory Board for knowledge sharing and strategic feedback.
|Cybereason||Cybereason’s Customer Success Team|
|KnowBe4||Customer Success and Support|
|ThreatConnect||ThreatConnect Customer Success|
Best Emerging Technology
A 2018 survey of 1,000 companies found that businesses, on average, share sensitive information with about 583 third-party partners.
Unfortunately, it takes only one to cause a damaging data breach incident that harms customers and violates regulations that can lead to massive fines.
It’s imperative that modern security programs extend their security, privacy and compliance expectations to their vendors. Founded in 2016, OneTrust seeks to cut down on third-party risk with its Vendorpedia product, which security pros can use to assess vendors, access research and reference thousands of pre-completed vendor assessments, as well as monitor vendors in accordance with global laws and frameworks.
Vendorpedia, which was named as a leader this past October in a Forrester Wave report on third-party risk management platforms, lets users automate the entire vendor lifecycle from onboarding to offboarding. Offerings include dynamic assessments with automated risk identification; risk mitigation workflows and tracking; free vendor chasing services to offload assessment-related work; a global risk exchange with pre-populated research and assessments on roughly 8,000 vendors; contract management and service-level agreement performance monitoring; data flow visualizations and custom dashboards; and a breach and enforcement tracker for ongoing oversight.
The platform is updated with the latest privacy laws and security updates thanks to OneTrust’s 40-plus in-house, full-time privacy researchers and a globally available network of 500 lawyers representing 300 jurisdictions.
“Vendorpedia has allowed us to be more agile and scale rapidly to optimize our business processes and simplify our assessment, mitigation and monitoring of third-party risks,” said Jonathan Slaughter, director of compliance, security and privacy at cloud solutions provider ClearDATA.
OneTrust plans to further to advance its platform with future updates that will include expansion of its Global Risk Exchange plus enhancements to its depth of research; breach and enforcement automation workflows to enhance incident response; and an autocomplete assessment tool so vendors can respond to questionnaires faster.
|Blue Hexagon||Blue Hexagon Malware Protection|
|CyCognito||The CyCognito Platform|
|Cymulate||Breach and Attack Simulation|
|DUST Identity||DUST: Diamond Unclonable Security Tag|
Best Enterprise Security Solution
CyberArk Privileged Access Security Solution
Winning back-to-back titles in any endeavor is not an easy accomplishment, but the CyberArk team achieved this level of success by taking home the Best Enterprise Security Solution award in 2019 and once again in 2020.
What CyberArk delivers with the CyberArk Privileged Access Security Solution is the ability to protect its customers as they necessarily invest in digital transformational technologies, move to the cloud, bring on a DevOps team, and invest in IoT and robotic process automation. While these additions certainly make a company more viable, they also greatly increase its attack surface.
In order to continue delivering the highest level of protection against this ever-increasing attack surface, the company in July 2019 unveiled a suite of privileged access security solution products. This includes CyberArk Alero, a dynamic solution for mitigating risks associated with remote vendors accessing critical systems through CyberArk, and CyberArk Endpoint Privilege Manager, a SaaS-based solution that reduces the risk of unmanaged administrative access on Windows and Mac endpoints.
In addition, the company upgraded CyberArk Privilege Cloud. This is the company’s privileged access SaaS offering, which enables mid-sized organizations to improve their ability to continuously discover and manage privileged credentials across the enterprise. CyberArk also added another component to its growing SaaS portfolio in November, the CyberArk Cloud Entitlements Manager, a privilege-based, artificial intelligence-powered service designed to strengthen the security of cloud environments. Through continuous monitoring of cloud access, CyberArk enforces least privilege by identifying and removing excessive cloud permissions that can leave organizations vulnerable – significantly reducing risk and improving overall visibility and security.
CyberArk backs up these products, and its customers in general, with a wide array of customer support services. These include security, consulting, implementation, onboarding, project management and certification program services.
According to CyberArk, major benefits include a 10x improvement in time spent on privileged account-related tasks, a 5x reduction in the time spent by IT auditors reviewing session recordings, and 3x faster connections to cloud platforms and web applications.
|Checkmarx||Software Security Platform|
|CyberArk||CyberArk Privileged Access Security Solution|
|Proofpoint||Proofpoint P1 Advanced Email Security Solution|
|Pulse Secure||Pulse Secure|
Best Regulatory Compliance Solution
Privacy Management Software
An alphabet soup of privacy regulations proliferating across the country and the world are creating compliance headaches for enterprise security teams. But instead of adopting a steady diet of aspirin, companies in myriad industries, including 250 of the Global 2,000, have turned to OneTrust’s Privacy Management Software, a privacy, security and third-party risk technology platform designed to make compliance with the likes CCPA, GDPR, HIPAA, GLBA and ISO27001 a lot less painful.
OneTrust finds an eager audience among companies keen on showcasing their commitment to privacy and transparency to consumers and boosting their market position. To keep up with the latest privacy laws and security updates, OneTrust has created an agile process that includes issuing a new major product release every three weeks.
At TrustWeek, the company’s annual user conference in October, OneTrust introduced enhanced privacy rights data redaction automations to speed up responses to consumer privacy requests, such as GDPR data subject rights (DSAR) and CCPA consumer rights requests. The company’s 2019 acquisition of DataGuidance has enriched and deepened the OneTrust privacy and security regulatory research platform. The company has inspired what it says is the largest privacy community, with more than 10,000 active users. And it offers more than 250 free, one-day PrivacyConnect workshops globally, as well as two PrivacyTech annual global user conferences.
A 1,000-person-strong team dedicated to privacy technology, including 450 in R&D, keeps OneTrust au courant and ahead of the game. With more than 200 services and support team members providing 24/7 support, it’s clear why OneTrust has racked up a 95 percent customer satisfaction (CSAT) score.
“One of the advantages of OneTrust is the ability to streamline compliance globally where it’s not just siloed to one department or one location,” said Renate Lang, legal counsel/Head Practice Group HR & Data Protection at Schindler, a Swiss provider of elevators, escalators and moving walkways. “My colleague in Germany can use it same as I can in Switzerland.”
|Cloud Conformity||Cloud Conformity|
|Immuta||Immuta Automated Data Governance Platform|
|Mimecast||Mimecast Cloud Archive|
|OneTrust||Privacy Management Software|
Best Security Company
By any account, it was a momentous year for CrowdStrike in 2019.
The company in June made its initial public offering on the NASDAQ stock exchange, raising $612 million in what has been described as the biggest IPO ever for a cybersecurity company.
CrowdStrike also held its ground and stood firm after being subjected to a false conspiracy theory and high-profile political attack that sought to discredit the company’s role in the investigation of the 2016 Democratic National Committee hacking attack.
But first and foremost, the primary reason SC Media has named CrowdStrike Best Security Company for 2020 is the company’s latest outstanding efforts at protecting the user community.
Such efforts begin with CrowdStrike Falcon, a next-generation, cloud-native platform that unifies anti-virus, endpoint detection and response, managed hunting, IT hygiene and threat intelligence – all delivered through a lightweight, single agent. The solution defends customer workloads across on-premise, virtualized and cloud-based environments running on a variety of endpoints, on or off network.
Additionally, CrowdStrike offers organizations access to OverWatch, an elite force of renowned threat hunters, intrusion analysts and first responders. CrowdStrike Falcon 5.x was also named an SC Labs Recommended product in our Endpoint Security Group Product Test last July. The reviewers said advanced endpoint detection, response, and threat hunting capabilities of CrowdStrike Falcon are unparalleled. And the bad actor pages are unique and add another layer of context to incidents.
In February 2019, the company launched the CrowdStrike Store, a cloud-based application platform-as-a-service for cybersecurity, through which new start-ups or technology partners can develop their own applications to integrate into the Falcon platform for user organizations to discovery, try and purchase. And to stoke further innovation, CrowdStrike announced the Falcon Fund, which will act as a co-investor and strategic partner alongside lead investors looking for innovative start-ups whose products will be added to the CrowdStrike Store.
|VMware Carbon Black|
Best SME Security Solution
Cyberattackers don’t take pity on the little guy. Underfunded, understaffed municipalities, local school districts and small businesses all fall victim to malicious attacks and, despite a victim’s diminutive size, the consequences can be enormous.
For over 40,000 small-to-medium enterprises, Untangle is the bodyguard that stands up to the big cyber bully. Its network security framework provides cloud-managed security and connectivity options that ensure protection, monitoring and control across the entire digital attack surface from headquarters to network edge. And its flagship product, NG Firewall, provides scalable unified threat management capabilities, with the ability to set policies for specific devices or people, but without the need to maintain additional hardware.
Untangle recently released NG Firewall v14.2, which introduced significant enhancements to web security and content filtering, the ability to synchronize users with Azure Active Directory, and enhancements to intrusion detection.
The solution continuously monitors emerging malware threats and zero-day exploits through Untangle’s cloud-based threat intelligence service. Known threats are blocked at the gateway, promptly short-circuiting the attack.
NG Firewall pricing starts at free. Customers can then choose the individual features they want, only paying for what they need. NG Firewall is sold as scalable software solution, and Untangle’s technology applications and cloud-based solutions provide unique deployment options for customers, many with complex deployment levels based on budget and network infrastructure. NG Firewall 16.0, announced in October, includes significant updates, including the addition of open source WireGuard VPN, which lets VPN options fit any type of networking deployment and administrative preferences, better addressing the need of many organizations to improve VPN security during the pandemic.
Untangle offers U.S.-based technical support that does not force customers to contend with time-wasting call-center menus. Such convenience likely helped contribute to an average 95.91% customer satisfaction rating over the last four years.
|Alert Logic||Alert Logic Professional|
|Arctic Wolf Networks||Arctic Wolf SOC-as-a-Service|
|Sophos||Intercept X Advanced|
Rookie Security Company of the Year
London-based cybersecurity start-up Barac says it can detect malware hidden within encrypted traffic with 99.997% accuracy. Even more impressively, it does so without resorting to decryption.
Here’s how: Every malware attack has its own SSL metadata signature between the user and the server. Capable of analyzing more than 100 million events per second, Barac’s Encrypted Traffic Visibility (ETV) platform picks up on these signatures and identifies these abnormalities with high accuracy by analyzing this metadata in real time using AI and behavioral analytics.
Conversely, more typical detection solutions inspect encrypted traffic by decrypting the data into cleartext, blocking any discovered malicious code, and then re-encrypting what remains. But according to Barac, this process can place significant computing stress on one’s network.
Barac customers, however, sidestep this problem, thus avoiding traffic slowdowns, user experience degradation and costly hardware investments. Additionally, user organizations need not worry that they are violating privacy regulations by decrypting communications.
In April, Barac published a blog explaining how ETV can detect the Emotet trojan. The ETV platform is an especially important tool for companies, given the advent of the new Transport Layer Security 1.3 protocol, which doesn’t allow decryption. The solution is also useful for data centers, where the vast majority of traffic is already encrypted; IoT, where encryption renders normal security tools useless; and encrypted traffic between APIs and back-end applications.
Barac can deploy its software on a physical or virtual server, or can make it available as a software-as-a-service solution. Deployment is made easier through integrations via API with various SIEM platforms.
Barac operates R&D teams in London and Tunisia, and recently opened a U.S. office in Boston. In late 2018, the UK GCHQ’s National Cyber Security Centre selected Barac for its prestigious Cyber Accelerator program.
|Cloud Conformity (Note – Acq’d by Trend Micro in Oct.)|