The Trust Awards recognize the info security products and services that earned high marks for market penetration, functionality, manageability, ease of use, scalability, and customer service/support.
Here’s a look at which solutions took home the top honors and why, and what some of the winning companies have experienced in the the months since the award presentation in February.
Best Authentication Technology
ForgeRock Identity Platform
All journeys have a beginning, middle and an end, and it’s the job of the ForgeRock Identity Platform to ensure that every authentication journey, from start to finish, remains safe for the client and easy for the user.
The platform’s Intelligent Authentication feature delivers the unique ability to visually map user authentication journeys with a drag-and-drop interface and, post-implementation, use analytics to measure the user experience.
This makes it possible to offer a more personalized and frictionless authentication experience across channels and digital touchpoints in a manner that caters to customer or employee needs. Meanwhile, the organizations implementing these journeys are able to consolidate multiple logins into a single, consistent and secure experience; audit all login events; and minimize the risk of DDoS attacks and breaches.
One of the keys to Intelligent Authentication’s effectiveness is the use of “authentication trees” that allow for multiple paths and decision points throughout a journey. These trees are composed of various nodes that define actions taken during authentication and can be combined to create unique user experiences.
A recent ForgeRock case study demonstrated how the state of Utah benefited from the Identity Platform by saving up to $15 million over five-to-six years, due to efficiencies from modernizing its identity and access management infrastructure. And in September of this year, ForgeRock announced that the American Geophysical Union (AGU) selected the ForgeRock Identity Cloud to modernize its digital identity strategy. The company will start by aiding in the transition of the AGUs annual five-day in-person conference to a virtual experience.
In December 2018, ForgeRock enabled its platform to be deployed on any cloud environment, with preconfigured installation packages for 1 million, 10 million and 100 million identities. Customers reported reducing their implementation costs by 25 percent while doubling ROI. The platform is built for limitless scaling, and it supports DevOps practices using Docker and Kubernetes.
|Cisco Systems||Duo Security|
|ForgeRock||ForgeRock Identity Platform|
|RSA||RSA SecurID Access|
|SecureAuth||SecureAuth Identity Platform|
Best Business Continuity/Disaster Recovery Solution
Semperis AD Forest Recovery
It reportedly took 10 days for the global shipping company Maersk to rebuild its network following a devastating NotPetya disk wiper attack in 2017. It was an impressive comeback, but the company spent a large chunk of those 10 days recovering Microsoft Active Directory, a collection of services that are foundational to saving the rest of the network. Altogether, the attack cost Maersk up to $300 million.
Semperis research published this past summer found that 97 percent of organizations consider AD mission-critical. AD Forest Recovery exists to prevent Maersk-style disasters from befalling another organization by automating and expediting the restoration effort with a “cyber-first,” three-click approach that can save millions that would be otherwise lost to business interruptions caused by such threats as ransomware and wipers.
According to Semperis, traditional AD back-up tools only address recovery from IT operational issues, where the AD is impacted but host servers aren’t. And legacy approaches such as bare-metal recovery can cause issues because backups contain boot files, executables and other artifacts where malware can linger and lie in wait to cause secondary infections.
AD Forest Recovery’s cyber-first approach, on the other hand, separates AD from the underlying Windows operating system and only restores what’s needed for the server’s role (e.g. a domain controller, DNS server, DHCP server, etc.), virtually eliminating the risk of re-infection, Semperis asserts.
Additionally, the tool’s automation helps organizations avoid human errors while accelerating the restoration process, including rebuilding the global catalog, cleaning up metadata and the DNS namespace, and restructuring the site topology. Such capabilities can help organizations reduce downtime to minutes rather than days or weeks, while restoring AD to the same or different hardware, on-premises or in the cloud.
|Arcserve||Arcserve Unified Data Protection (UDP)|
|Deloitte & Touche & Dell Technologies||Data Destruction Recovery Services and Cyber Recovery Solution|
|Onspring||Onspring’s Business Continuity & Disaster Recovery Solution|
|Quest Software||QoreStor 6.0|
|Semperis||Semperis AD Forest Recovery|
Best Cloud Computing Security Solution
It’s easy to see the business benefits of cloud-based applications. But figuring out what cloud security solution is best to secure them all in a consistent manner? That’s when things can get a little, well, cloudy.
Bitglass’ CASB (Cloud Access Security Broker) solution clears up the fog, enabling enterprises to secure any SaaS apps, IaaS instances, data lakes, on-premises apps and private cloud apps built on any platform. The company’s total data protection suite provides end-to-end security and comprehensive visibility over corporate data, while limiting sharing and preventing data leakage.
Bitglass CASB, which in October made the Gartner Magic Quadrant for CASBs for the third year in a row, protects data on any device, at any time, and from anywhere in the world – without the need for agent-based deployments. IT departments can confidently adopt cloud technologies and BYOD policies, knowing they are filling critical security and compliance gaps.
The solution doubles as a mobile device management solution, an identity and access management solution (replete with single sign-on), and a data loss prevention tool that works across any app or workload. This provides a single pane of glass for enterprise IT departments trying to manage disjointed cloud services and security tools.
Bitglass CASB owes its success to its hybrid architecture, which leverages a combination of proxies and API integrations – including reverse proxy – to ensure complete coverage against all risk of data leakage on any app or device.
The solution delivers real-time, advanced threat protection, capable of detecting zero-day threats at upload, at download and at rest. Other standout features include full- strength encryption, as well as unmanaged app control that renders apps read-only to prevent data leakage.
And because the agentless solution can be rolled out quickly and requires no software installations, customers report large operational cost savings.
|Centrify||Centrify Zero Trust Privilege Services|
|CipherCloud||CipherCloud CASB+ Platform|
|Illumio||Illumio Adaptive Security Platform® (ASP)|
|Mimecast||Cyber Resilience for Email|
Best Computer Forensic Solution
EnCase Endpoint Investigator and EnCase Mobile Investigator
Step aside, New York Yankees and New England Patriots. Your dynasties pale in comparison to that of the EnCase product line from OpenText, which has now won the SC Award for Best Computer Forensic Solution for 10 years running.
Collectively, EnCase Forensic, EnCase Endpoint Investigator and EnCase Mobile Investigator help law enforcement officers gather digital forensic evidence from endpoints such as computers, mobile devices and IoT devices. Meanwhile, the solutions also provide businesses with the tools to examine HR issues, compliance violations, regulatory inquiries and IP theft.
Despite its decade-long winning streak, OpenText isn’t resting on its laurels. The company now has its OpenTextMedia analyzer, a new module that allows investigators to quickly analyze large volumes of images and video collected as evidence.
Digital forensic investigators require court-proven tools that can deliver 360-degree visibility, collect evidence from vast datasets, and improve efficiency and effectiveness by automating the laborious investigation processes into a few simple steps.
EnCase Endpoint Investigator provides seamless, remote access to laptops, desktops, and servers, ensuring that all investigation-relevant data is discreetly searched and collected in a forensically sound manner. EnCase Forensic offers broad operating system file parsing capabilities and encryption support, allowing users to quickly complete investigations of any operating system. And EnCase Mobile was introduced in 2017 to augment mobile forensic investigations.
In a more recent move, starting in early November, OpenText Encase Forensic and OpenText EnCase Investigator are now certified on Microsoft Azure. With OpenText Encase solutions in the cloud, law enforcement and corporate investigators can more easily collaborate, enhance evidence processing, investigate in cloud environments, and adjust more quickly to the needs of a remote workforce.
User organizations can make confident decisions related to sensitive internal matters due to EnCase’s thoroughness and Endpoint Investigator’s unique ability to prove the chain of custody of data if a case faces legal challenges. According to EnCase, it is not unusual for users to exceed a 100 percent ROI after their first few investigations.
|AccessData||Forensic Toolkit (FTK)|
|Endace||EndaceProbe Analytics Platform Product Family|
|OpenText||EnCase® Forensic, EnCase Endpoint Investigator & EnCase Mobile Investigator|
Data Loss Prevention (DLP) Solution
Digital Guardian Data Protection Platform
Combine DLP with EDR and UEBA and what do you get? Well, if you’re into anagrams, you might get BEAR PUDDLE, but if you’re into cybersecurity, then you get the Digital Guardian Data Protection Platform.
The solution unifies data loss protection capabilities with endpoint detection and response, as well as User Entity Behavior Analytics, enabling organizations to detect and gain insights into anomalous activity, while stopping insider threats and external attackers from exfiltrating data.
A key component is the Digital Guardian Analytics & Reporting Cloud, which incorporates an innovative function that leverages the same endpoint agent, network sensor and management console to prevent data loss. This approach simplifies management, streamlines information sharing, eases the burden on resources and reduces cost.
Users derive a rich set of analytics from monitoring system, user and data events. Alarms are only triggered for high-fidelity events, and when they do occur, security professionals can respond with drag-and-drop incident management and real-time remediation, blacklisting processes as needed.
The solution also comes with analyst-approved workspaces, which point security professionals to events relevant to identifying suspicious activity. Analysts can drill down to follow an investigation and determine next steps, or to create custom dashboards, reports and workspaces.
The platform can also be deployed as a software-as-a-service or on-premises solution, or as a managed service.
Digital Guardian made significant improvements to its DLP technology this past year. Fully integrated UEBA capabilities were optimized to supplement data classification and rule-based policies with even more granular insights. In fact, DG’s Data Protection Platform 7.6 was named an SC Labs Best Buy for its Data Loss Prevention Group Product Test in March. The reviewers said the product’s strengths include visibility provided by comprehensive data discovery and thorough content-based classification. And the Security Risk Dashboard now allows users to view everything in a single user interface, while prioritizing the most important security alerts corresponding highly to sensitive data.
|Digital Guardian||Digital Guardian Data Protection Platform|
|Fidelis Cybersecurity||Fidelis Network|
|Proofpoint||Proofpoint Information Protection|
Best Database Security Solution
Imperva Data Security
After winning Best Database Security Solution in 2019, Imperva retains the honor this year for its Imperva Data Security product offering.
Imperva Data Security is equipped with machine learning and analytics to quickly detect, classify and quarantine suspicious data activity and protect sensitive information on premises, in the cloud and across hybrid IT environments. It also provides security teams with deep context to quickly investigate and remediate security incidents.
Imperva automates a litany of processes, helping users conserve resources. The solution discovers, identifies and classifies sensitive data; assesses database vulnerabilities; monitors data access and usage; analyzes user behavior and flags actions that contradict normal activity; and detects policy violations in real time, sending alerts or even terminating sessions in critical cases. Imperva can monitor and evaluate billions of database events in near real-time.
Additionally, Imperva features built-in standardized auditing across heterogeneous enterprise databases and also allows customers to take monitoring and reporting workloads off their database server so that the server can be optimized for database performance and availability.
A Total Economic Impact Study commissioned by Imperva found that organizations can save more than $3 million over three years by switching from a legacy database security solution to Imperva Data Security, due to reduced risk and lowered cost of compliance audits. The study further determined that users can achieve a return on investment in fewer than 16 months.
Imperva Data Security offers flexible and predictable licensing to fit the needs of customers regardless of the number, location or type of devices or services used, no matter where the data lives. The company also announced its growth plans for the future this past October when it acquired jSonar. According to Imperva, the jSonar acquisition will pioneer an innovative new approach to securing data through all paths, including on-premises, cloud, multi-cloud and Database-as-a-Service (DBaaS).
|Baffle||Baffle Advanced Data Protection Service|
|Imperva||Imperva Data Security|
|MarkLogic||MarkLogic 10, also offered as a data hub service|
|Penta Security Systems||MyDiamo|
Best Deception Technology
Your eyes are not deceiving you. The ThreatDefend Platform from Attivo Networks stands out among deception solutions due to its authentic-looking decoy environment and high-fidelity alert system that reduces false positives.
For user organizations, this results in a sharp reduction in attacker dwell time across all environments, including the network, endpoints, applications, databases, user networks, data centers, the cloud and even specialty attack surfaces like IoT devices, industrial controls systems and point-of-sale solutions – all with a focus on high-value assets.
According to Attivo, the challenge with many detection solutions is the time it takes for them to learn the nuances of an organization’s digital environment. But ThreatDefend provides immediate detection value with its ability to identify and flag attack engagement as well as spot activities such as reconnaissance, credential harvesting and lateral movement.
Moreover, the platform enables enterprises to accurately mimic their real-life production environments inside the decoy environment, further enhancing its realism via Active Directory integrations. This tricks attackers into interacting with fake assets, revealing themselves in the process.
ThreatDefend’s machine learning-based preparation, deployment and management keep deception fresh and authentic. Its BOTsink attack analysis engine generates accurate alerts, which are substantiated with full TTPs and IOCs, simplifying and accelerating incident response while reducing fatigue caused by false alarms.
When an intruder is detected, the solution recommends potential attack paths for mitigation before a major attack occurs. And its 30-plus native integrations and ThreatOps repeatable playbooks automate and expedite incident response such as blocking, isolation and hunting.
Attivo customers have even started to generate additional value by further leveraging ThreatDefend for digital risk management operations, endpoint detection and response, managed services, incident response and continuous assessment/resiliency testing of IT environments. In its October Emerging Products reviews on Deception Networks Tools, SC Labs said the ThreatDefend Platform v5.0 supports a variety of deployment options, including the ability to operate within specialized environments, making ThreatDefend suitable for any organization.
|Attivo Networks||ThreatDefend Deception Platform|
|Fidelis Cybersecurity||Fidelis Deception|
|Morphisec||Unified Threat Prevention|
Best Email Security Solution
Proofpoint Email Security
E-mail-based attacks come in many forms: malware, credential phishing and fraud schemes among them. But not every threat carries the same weight, and not every target in an organization is equally desirable to cybercriminals.
Proofpoint Email Security is designed to catch and kill all of these species of threats, while also prioritizing them. The solution identifies an organization’s most frequently attacked people and surfaces interesting threats from the noise of everyday malicious activity. Security teams can set adaptive controls based on each user’s risk profile, enabling an automated response.
Delivered as a cloud-based solution available across all platforms and devices, Proofpoint Email Security combines inbound email analysis and filtering with outbound data protection, encryption and secure file sharing.
To combat polymorphic malware, weaponized documents and malicious URLs, Proofpoint Email Security uses sandboxing with static and dynamic analysis. The solution also provides email isolation to isolate URL clicks and prevent malicious content from impacting corporate devices.
To thwart attempts at credentials phishing and fraud schemes like business email compromise (BEC), Proofpoint incorporates detailed email analysis and classification with full kill-chain analysis, including dynamic sandboxing. It also signatures the output of the kits that attackers use to generate phishing pages and proactively detects lookalike domains. Earlier this year, Proofpoint announced one of the industry’s first integrated, end-to-end solutions that address BECs and email account compromise (EAC) attacks by combining Proofpoint’s leading secure email gateway, advanced threat protection, threat response, email authentication, security awareness training, and cloud account protection.
The solution’s automated response capabilities include removing emails from an end user inbox if they are determined to be malicious after delivery, such as when a URL is weaponized after the email is sent. Meanwhile, the solution’s data loss prevention capabilities protect outbound emails by automatically detecting a wide variety of private information and blocking, quarantining or encrypting this info as appropriate.
|Agari||Agari Secure Email Cloud|
|FireEye||FireEye Email Security|
|GreatHorn||GreatHorn Email Security|
|Mimecast||Cyber Resilience for Email|
|Proofpoint||Proofpoint Email Security|
Best Identity Management Solution
Okta Identity Cloud
Identity and access management is all about connecting the right people with the right systems at the right time. And Okta Identity Cloud is among the very best of getting these “rights” right.
Originally built as a 100 percent cloud-based service, Okta Identity Cloud serves as a bridge to on-premises apps and services as well, acting as the connective tissue across an organization’s technology stack. The identity management solution leverages a recently expanded Okta Integration Network, which enables user organizations to choose from more than 6,000 pre-built integrations with cloud and on-premises systems used by customers or employees. Such capabilities allow businesses of all sizes to embrace technology and adopt the latest apps (e.g. Salesforce, Box, AWS, Workday, G Suite and Slack) without compromising security.
The Okta Identity Cloud was named an SC Labs Recommended product last June in our Identity & Access Management Group Product Test. The reviewers said Okta offers tremendous support and seeks to serve as a strategic partner that mitigates risks and assists organizations with developing a strategic roadmap as their business needs evolve. They also said Okta is a flexible product with an extensive integration network that covers every identity use case and provides financial benefits for businesses across any industry.
Okta introduced several key additions in 2019. Its new Identity Engine allows customers to address unlimited identity use cases through a set of customizable building blocks for every identity experience, and creates workflows that require less data collection and can be tailored to any particular use case.
Another new innovation is Okta’s Advanced Server Access, which enables organizations to bring continuous, contextual access management to cloud infrastructure. Enterprises can now manage access to on-premises servers and across popular infrastructure-as-a-service vendors.
Also debuting in 2019: Okta Access Gateway, which enables seamless single sign-on access, management and visibility into on-premises applications through the Okta Identity Cloud; Risk-Based Authentication, which uses real-time intelligence surrounding individual login attempts to gain a holistic, personalized view of the context behind each login; and Okta Hooks, which provides developers and IT teams the power to add customer logic to Okta.
|CyberArk||CyberArk Privileged Access Security Solution|
|ForgeRock||ForgeRock Identity Platform|
|Okta||Okta Identity Cloud|
|Ping Identity||Ping Intelligent Identity Platform|
|Thycotic||Thycotic Secret Server|
Best Managed Security Service
Trustwave Managed Security Services
Trustwave Managed Security Services offer a new beginning for organizations struggling to fortify their increasingly complex IT environments. But just because it’s a new beginning doesn’t mean clients must start from scratch.
Trustwave defies the “rip and replace” mentality of traditional MSSPs by following a technology-agnostic approach that supports a wide array of vendors and cloud services. Customers save by leveraging the technology they already have instead of investing in something new, all while taking advantage of Trustwave’s offerings, including risk management, advanced threat detection and response, security testing, forensic investigations and third-party product management.
To ensure this model works, Trustwave collaborates with its clients to understand their unique tech environments, risk tolerance and personnel skillsets, and then designs a corresponding security plan that’s supported via the Trustwave SpiderLabs team of ethical hackers, threat hunters and incident responders. Moreover, the Trustwave Global Threat Operations team helps ensure that clients’ existing technologies are being used correctly through frequent audits, assessment and re-training.
September 2019 saw the debut of the Trustwave Fusion platform, which connects the digital footprints of clients to a security cloud comprised of the Trustwave data lake, advanced analytics, threat intelligence, managed security services and a team of elite security specialists.
Through a dashboard – accessed via computer, tablet or mobile phone – organizations can view protected assets and device health, respond to alerts, schedule penetration tests and vulnerability scans, manage third-party technologies, scale resources on demand or order a threat hunting team into action.
Trustwave Fusion integrates with the company’s global network of nine SOCs and the Trustwave SpiderLabs Fusion Center to give clients excellent threat visibility and the power to take swift action against incidents.
This is the second consecutive year Trustwave took top honors in the MSSP category. Trustwave was also acknowledged as a leader in the 2020Q3 Forrester Wave report on MSSPs. Forrester said Trustwave ranked highest among all vendors in the category of current offering, earning the highest score possible in the incident management process criterion.
|AT&T Cybersecurity||AT&T Managed Threat Detection and Response|
|Digital Guardian||Digital Guardian Managed Security Program|
|Trustwave||Trustwave Managed Security Services|
Best Mobile Security Solution
Aegis Fortress L3
Here’s a riddle for you: When is data both at rest and in motion at the same time? The answer: When it’s sitting on a portable device being transported all around by your employees.
With the rise of remote working and data on-the-go, company data has become increasingly exposed and in danger of being compromised. But the Aegis Fortress L3 portable storage drive from Apricorn removes the risk of sensitive information falling into the wrong hands.
The ultra-rugged and securely encrypted drive is designed to protect the most sensitive data of companies, especially those operating in industries where data security is federally regulated and compliance is mandated. And since it’s software-free and platform agnostic, it is compatible with all operating systems and machines with USB connectivity.
The L3 doesn’t mess around with preset default PINs – a common security vulnerability that could allow an unauthorized party to easily access the data if they were to take possession of the device. As an alternative, the drive comes standard with Apricorn’s “Forced Enrollment feature,” which requires the admin to register a unique PIN. The drive also allows for a separate user PIN to be established.
The L3’s complete FIPS (Federal Information Processing Standard) 140-2 Level-3 validation is the highest level assigned by the National Institute of Standards and Technology (NIST) to portable encrypted devices, and the validation boundary includes the electronics, drive, external fasteners and even the enclosure itself.
|Apricorn||AEgis Fortress L3|
|Data Theorem||API Discover and API Inspect|
|Lookout||Lookout Mobile Endpoint Security|
|MobileIron||MobileIron’s mobile-centric, zero trust platform|
Best NAC Solution
Cisco Systems, Inc.
Cisco Identity Services Engine (ISE)
As NACs go, the Cisco Identity Services Engine (ISE) plays well with others.
Benefiting from Cisco’s extensive partner ecosystem for automated solution integrations and an IETF standards-based integration platform, ISE also meshes with other products in the company’s extensive line, including Cisco Firepower, Stealthwatch and Advanced Malware Protection.
Cisco’s commitment to baked-in security is borne out with ISE, which builds advanced security directly into the network, enabling secure access while simultaneously turning it into a zero-trust enforcer.
ISE offers a bevy of rich features, including visibility to assets connected to the networks; secure wired, wireless and VPN access; device compliance; and network segmentation, which can reduce the scope of compliance. As with most Cisco solutions, ISE is highly scalable, supporting up to 2 million concurrent endpoint sessions. The company touts ISE as the only NAC solution that includes TACACS+ for role-based, administrative access control to networking equipment.
Its scalable architecture along with an intuitive interface and supported integrations translate into accelerated NAC project roll-outs, with organizations saying they spend less time configuring and troubleshooting and achieve key project milestones more quickly. Cisco also announced in October that security teams can use ISE to intelligently identify a variety of IoT endpoints to enforce consistent policies from the cloud to give teams the agility and flexibility they need to secure their organizations.
All in all, Cisco ISE users can expect a positive impact on economics and an impressive return on investment, according to an analyst who found that organizations using ISE have seen savings of about $1.9 million . ROI for some has hit 120 percent with payback of 12 months.
With numbers like those – and ISE’s ability to play well with others – it’s no wonder that Cisco has a commanding presence in the NAC field with 34.3 percent of the marketplace and more than 29,000 customers sprawled across the Fortune 500.
|Aruba, a Hewlett Packard Enterprise Company||Aruba ClearPass|
|Cisco Systems||Cisco Identity Services Engine (ISE)|
|Forescout Technologies||Forescout Platform|
Best Risk/Policy Management Solution
The huge volume of data leaks caused by misconfigured databases this year is a sure indicator that many IT security teams are having a hard time managing the complex nature and scale of a modern infrastructure.
To help IT teams get a handle on this situation, SaltStack offers its advanced capabilities in infrastructure automation to the security and vulnerability management markets, in the form of its SaltStack SecOps IT security remediation solution.
SaltStack, which was acquired by VMware in October, automates the work of fixing thousands of possible configuration issues, vulnerabilities and non-compliant infrastructure settings, instead of simply informing the organizations that there is a problem and then leaving their work in their hands.
Additionally, SecOps scans infrastructure environments; determines non-compliance with policies and standards such as CIS Benchmarks, DISA-STIGS, or NIST; and then automates remediation of any discovered vulnerabilities or misconfigurations. This level of automation includes a persistent connection between a master command-and-control server and minions or proxy agents on any managed infrastructure (e.g. public and private cloud, network infrastructure, any OS and containerized environments).
“SaltStack forms the basis of a comprehensive audit, remote execution, configuration management, patch, and baseline enforcement suite for the IBM Cloud network,” said Brian Armstrong, an IBM Cloud executive. “This has replaced several disparate legacy tools with a single command-and-control layer that allows us to automatically roll out new security policies and quickly react to any new security threats. Problem scoping, mitigation and audit is done in hours rather than weeks across our network.”
The IBM Cloud team saves thousands of hours by automating SecOps, reducing vulnerability remediation time by 75 percent.
|Brinqa||Brinqa Cyber Risk Services|
|ProcessUnity||ProcessUnity Vendor Risk Management|
|Skybox Security||Skybox Security Suite|
Best SCADA Security Solution
CyberX IoT/ICS Cybersecurity Platform
The threat level against manufacturers, utilities and critical infrastructure operators has never been higher, meaning the need for ICS/SCADA security products like CyberX’s IoT/ICS Cybersecurity Platform is equally in demand.
Simply put, extending legacy cybersecurity technologies that were originally constructed for IT networks is not the best solution when it comes to protecting ICS/SCADA environments.
Since no two of the entities requiring this type of protection are the same, any product for use in these environments must be built from the ground up, and tuned for the specialized devices, protocols, vulnerabilities and machine-to-machine (M2M) behaviors found in ICS/SCADA environments.
It also must incorporate a deep understanding of the world of ICS/SCADA, particularly when IoT devices are thrown into the mix. CyberX’s IoT/ICS, which was acquired by Microsoft in June, fits the bill in both cases.
The platform addresses three key areas – asset discovery, passive risk and vulnerability management, and continuous threat monitoring – while using patented, M2M-aware behavioral anomaly detection and self-learning to immediately identify zero-day attacks and stop them.
A feature is speed, both during installation and while actively working. Within an hour of being installed, the software will begin to deliver insights without the need for additional configuration by the customer. It can quickly identify and mitigate malicious activity, enabling companies to avoid the high cost of targeted attacks and malware in industrial environments that could potentially result in plant shutdowns, theft of intellectual property or even catastrophic safety incidents.
Customers benefit from ease of deployment, as well as platform maturity and scalability that comes from deployments in 2,500-plus ICS/SCADA networks. Founded in 2013, CyberX bills itself as the longest-standing pure-play provider of ICS/SCADA security.
|BlackRidge Technology||BlackRidge TAC Identity Device (TAC-ID)|
|CyberX||CyberX IoT/ICS Cybersecurity Platform|
|Dragos, Inc.||Dragos Platform|
|Tenable||Tenable Industrial Cybersecurity Suite|
|Radiflow||iSID Industrial Threat Detection solution|
LogRhythm NextGen SIEM Platform
It’s easier to ask forgiveness than permission – or so the saying goes. That might be true in other walks of life, but not when it comes to cyberattacks where the damage to assets and reputation can be devastating. Staying a step ahead of attackers is getting harder by the day, but the kind of analytics that identify threats and the ability to mitigate them delivered by the LogRhythm NextGen SIEM Platform empower organizations to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats.
LogRhythm recently made available on the cloud the same data lake technology, AI, security analytics and security orchestration, automation, and response (SOAR) to power and unify forensic visibility, advanced threat detection, and incident response that have distinguished the NextGen SIEM Platform as a scalable end-to-end on-premises solution. In July, the company released LogRhythm 7.5 and Open Collector. LogRhythm 7.5 delivers enhanced analyst workflow experiences and visibility, while Open Collector simplifies the process of onboarding cloud data sources for more holistic monitoring.
The LogRhythm platform lets organizations manage threats throughout the entire attack lifecycle via a single user interface and the RespondX component streamlines investigation and mitigation through SOAR capabilities, accelerating both threat investigation and incident response. Security teams will benefit from centralized forensic visibility into activity across the extended IT and operational environment that provides deep and immediate insight into threat activity.
LogRhythm’s singular focus on security has paid off with a platform that it is easy to adopt – as much as three times faster than with other solutions, the company says – and risk-based monitoring and prioritization that reduces alarm fatigue and helps focus analysts on the most impact security events through the use of environmental risk characteristics and threat context that assign risk-based scores to all events and alarms.
|LogRhythm||LogRhythm NextGen SIEM Platform|
|RSA||RSA NetWitness Platform|
|Securonix||Securonix Next-Gen SIEM|
Best Threat Detection
Ask any pilot: low visibility can lay ruin to the best laid flight plans. Same goes with cybersecurity strategies, where visibility is crucial to detecting and responding to threats.
Fidelis Elevate seeks to provide that visibility across the entire kill chain using multiple detection methods. The platform integrates network and cloud traffic analysis, endpoint detection and response, and deception technologies with open threat intelligence feeds, cloud-based sandboxing and advanced malware analysis as a means to automate threat detection, investigation and response.
Elevate taps content- and context-rich metadata for more than 300 attributes – it custom tags up to 360 days for network traffic analysis and 90 days for endpoint process and event metadata. Many of the threat detection, investigation and response process steps are automated, reducing response times and minimizing business impacts. In March, the vendor announced a full upgrade. The Fidelis Elevate platform now offers the ability to continuously discover, classify, and assess assets, including laptops, desktops, servers, enterprise IoT, shadow IT, and legacy systems.
The platform also automatically validates across layers, consolidating similar alerts, which offers busy analysts a streamlined workflow and focuses them on the most important detections. The heavy integration between products in the Fidelis platform creates force multipliers such as information sharing, and software inventory and known vulnerabilities from endpoints shared with network and deception solutions. An open threat intelligence feed supporting network and endpoint solutions includes internal threat intelligence and custom indicators and rules that are developed by users.
Fidelis touts a lower TCO than other market offerings thanks to the integration of EDR, network traffic analysis and deception.
|Armis||Armis Agentless Device Security Platform|
|Bitdefender||Bitdefender GravityZone Ultra|
|Fidelis Cybersecurity||Fidelis Elevate|
|Fortinet||FortiSandbox and FortiDeceptor|
Best Threat Intelligence Technology
VMware Carbon Black
Carbon Black Cloud Enterprise EDR (formerly called CB ThreatHunter)
Some organizations collect endpoint data to track down threats only when some kind of anomalous behavior is detected. The problem is, the best cyberattackers know how to conceal their malicious activity to make it look like everything is perfectly normal.
For that reason, VMware Carbon Black has programmed its Carbon Black Cloud Enterprise EDR (formerly called CB ThreatHunter) solution to collect all endpoint data – completely unfiltered – and analyze it to proactively seek out and uncover suspicious behavior, disrupt active attacks and address gaps in defenses before bad actors can.
Unfiltered data, collected by VMware Carbon Black’s cloud-native endpoint protection platform, provides users with the most complete picture of an attack at all times. Meanwhile, the solution provider’s advanced artificial intelligence/machine-learning technology helps teams parse data more efficiently, reducing lengthy investigations from days to minutes.
According to VMware Carbon Black, the massive amounts of data that the product collects would be overwhelming for organizations using more conventional solutions, because the volume of information collected would consume too much time and money for security teams to store and analyze.
But the vendor created proprietary data-shaping technology that overcomes the data pipeline challenge and delivers high-volume endpoint data to the cloud. To realize the potential of this unfiltered data set, the company leverages streaming analytics to evaluate behaviors over time. Its real-time analysis is based on event stream processing, the same technology that has transformed many other industries like credit card fraud detection.
The product provides the power to respond to threats and remediate them in real-time, stopping active attacks and repairing damage quickly, all from a cloud-based platform using a single agent, console and dataset. When the pandemic hit earlier this year, VMware Carbon Black suspended endpoint limits for 90 days so all newly provisioned systems could be protected by Carbon Black.
|VMware Carbon Black||Carbon Black Enterprise EDR (formerly called CB ThreatHunter|
|LookingGlass Cyber Solutions||LookingGlass scoutPRIME®|
|IntSights||External Threat Protection Suite|
Best UTM Security Solution
More than just a sentry standing between an organization’s most valuable assets and the threats that lie beyond, the SonicWall NSa 2650 provides high-speed threat prevention over thousands of encrypted and unencrypted connections, delivering high security effectiveness to mid-sized networks, branch offices and distributed enterprises. All without diminishing network performance.
Marrying two advanced security technologies – a multi-engine Capture Advanced Threat Protection sandbox service enhanced by Real-Time Deep Memory Inspection (RTDMI) technology and the company’s ReassemblyFree Deep Packet Inspection – the NSa 2650 proactively blocks mass-market, zero-day threats and unknown malware and examines every byte of every packet. In fact, in a recent blog, SonicWall underscored that Capture ATP is only available for the NSA/NSa 2600 and newer generation firewalls, as well as the current TZ and NSsp product lines.
It only takes a single appliance to automatically update malware and IPS signatures daily, connect to cloud-based sandboxing to spot and stop unknown attacks, decrypt and inspect TLS/SSL traffic over thousands of encrypted and unencrypted connections, eliminate attacks without slowing performance, and provide users with a unified deployment experience through seamless integration of 802.11ac Wave 2 wireless connectivity.
Drawing from real-time information from the SonicWall Capture Labs threat research team as well as industry collaboration and threat research communities that gather and share around 140,000 attack and vulnerability samples daily, SonicWall automatically deploys countermeasures to the NSa 2650.
Central management through the SonicWall Global Management System (GMS) on-premises solution or the cloud-based Capture Security Center (CSC) reduces total cost of ownership and helps relieve the burden on IT.
|Ericom Software||Ericom Shield|
|WatchGuard Technologies||Firebox M270|
Best Vulnerability Management Solution
Global IT Asset Inventory
Qualys lives by the motto “You cannot secure what you can’t see.” With that in mind, the infosec and compliance solutions provider is offering user organizations the gift of sight – with its free(mium) Global IT Asset Inventory (ITAI) solution.
ITAI provides complete and continuous asset inventory in complex hybrid environments, allowing users to instantly know what assets connect to their network, and assess their security and compliance posture in real time. Such visibility allows organizations to find unknown assets before an attacker does and takes advantage.
The solution offers automated classification for clean, reliable data; the ability to search and identify known and unknown assets in seconds; and integrated IT, security and compliance data.
Combining all these capabilities into one solution represents a significant improvement over having to manually clean up and correlate the asset data of multiple disparate point products – a complicated and time-consuming process.
In the process of scrubbing a company’s data, ITAI makes it uniform, eliminating variations in product and vendor names – for instance, “Microsoft,” “Microsoft Corp.,” and “Microsoft Corporation” – that clutter asset inventories and render them ineffective.
ITAI allows an organization’s security team to expend less manual effort on constantly checking the networks for threats, because the app is already doing it. And the freemium model allows companies to allocate their resources toward other security products that are necessary to maintain the best security posture and stay compliant with federal regulations and standards such as PCI DSS, HIPAA, GDPR and FedRAMP. Qualys also announced in September that ITAI now connects with the ServiceNow Service Graph and Configuration Management Database and is now a part of the Service Graph Connector Program.
|Checkmarx||Software Security Platform|
|Qualys||Global IT Asset Inventory|
Best Web Application
Cequence Application Security Platform
The open, highly scalable Cequence Application Security Platform protects web, mobile and API applications from external attacks using a powerful pair of app security modules, with the promise of more in the works.
Easily managed through a single pane of glass, Cequence’s ASP can be deployed on premises or in the cloud, across any number of locations.
The CQ appFirewall module combines advanced WAF security capabilities, supporting OWASP requirements, and detecting and defending against known and unknown vulnerability exploits by bad actors.
Meanwhile, the CQ botDefense module protects against automated bot attacks, including those designed for account takeover, fake account creation, API abuse, content scraping and financial fraud.
The modules work seamlessly with Cequence ASP’s CQAI AI-powered engine, which performs a single-pass, multi-dimensional analysis to detect attacks, then automated mitigation to stop them in their tracks, before they achieve their objectives.
In June, Cequence announced the general availability of Cequence API Sentinel, a runtime API security product that delivers continuous run-time API visibility, shadow API discovery, risk analysis, and conformance assessment. The addition of API Sentinel to the Cequence Application Security Platform extends the vendor’s API protection beyond automated bot attacks and API abuse to include discovery of API risks introduced by shadow publication, coding or non-conformance errors.
Enterprises large and small benefit from an open architecture that provides seamless integration and information exchange with other security tools in the network and gives security teams a more complete view of attack and response information. Security teams also gain visibility into apps that need protecting through automatic discovery of all web, mobile and API-based applications an organization has deployed.
Its ability to detect and eliminate unwanted app traffic can translate into higher staff productivity, better app performance and measurable cost savings. One Fortune 500 customer, Cequence says, saved $1.7 million in 60 days because ASP eliminated the need for unnecessary infrastructure oversizing and resolved compromised accounts from bot attacks.
|Cequence Security||Cequence Application Security Platform|
|WhiteHat Security||WhiteHat Application Security Platform|
|White Ops||White Ops Bot Mitigation Platform|