Best Authentication Technology
ForgeRock Identity Platform
All journeys have a beginning, middle and an end, and it’s the job
of the ForgeRock Identity Platform to ensure that every authentication journey, from start to finish, remains
safe for the client and easy for the user.
The platform’s Intelligent Authentication feature
delivers the unique ability to visually map user authentication journeys with a drag-and-drop
interface and, post-implementation, use analytics to measure the user
This makes it possible to offer a more personalized and frictionless authentication experience across channels and digital touchpoints in a manner that caters to customer or employee needs. Meanwhile, the organizations implementing these journeys are able to consolidate multiple logins into a single, consistent and secure experience; audit all login events; and minimize the risk of DDoS attacks and breaches.
One of the keys to Intelligent Authentication’s effectiveness is the use of “authentication trees”
that allow for multiple paths and decision points throughout a journey. These
trees are composed of various nodes that define actions taken during authentication and can be combined to create unique
A recent ForgeRock case study demonstrated how the state of Utah
benefited from the Identity Platform by saving up to $15 million over
five-to-six years, due to efficiencies from modernizing its identity and access
In December 2018, ForgeRock enabled its platform to be deployed on
any cloud environment, with preconfigured installation packages for 1 million,
10 million and 100 million identities. Customers reported reducing their
implementation costs by 25 percent while doubling ROI. The platform is built
for limitless scaling, and it supports DevOps practices using Docker and
|Cisco Systems||Duo Security|
|ForgeRock||ForgeRock Identity Platform|
|RSA||RSA SecurID Access|
|SecureAuth||SecureAuth Identity Platform|
Best Business Continuity/Disaster Recovery Solution
Semperis AD Forest Recovery
It reportedly took 10 days for the global shipping company Maersk
to rebuild its network following a devastating NotPetya disk wiper attack in
2017. It was an impressive comeback, but the company spent a large chunk of
those 10 days recovering Microsoft Active Directory, a collection of services
that are foundational to saving the rest of the network. Altogether, the attack
cost Maersk up to $300 million.
Semperis AD Forest Recovery exists to prevent similar disasters
from befalling another organization by automating and expediting the
restoration effort with a “cyber-first,” three-click approach that can save
millions that would be otherwise lost to business interruptions
caused by such threats as ransomware and wipers.
According to Semperis, traditional AD back-up tools only address
recovery from IT operational issues, where the AD is impacted but host servers
aren’t. And legacy approaches such as bare-metal recovery can cause issues
because backups contain boot files, executables and other artifacts where
malware can linger and lie in wait to cause secondary infections.
AD Forest Recovery’s cyber-first approach, on the other hand,
separates AD from the underlying Windows operating system and only restores
what’s needed for the server’s role (e.g. a domain controller, DNS server, DHCP
server, etc.), virtually eliminating the risk of re-infection, Semperis
Additionally, the tool’s automation helps organizations avoid
human errors while accelerating the restoration process, including rebuilding
the global catalog, cleaning up metadata and the DNS namespace, and
restructuring the site topology. Such capabilities can help organizations
reduce downtime to minutes rather than days or weeks, while restoring AD to the
same or different hardware, on-premises or in the cloud.
|Arcserve||Arcserve Unified Data Protection (UDP)|
|Deloitte & Touche & Dell Technologies||Data Destruction Recovery Services and Cyber Recovery Solution|
|Onspring||Onspring’s Business Continuity & Disaster Recovery Solution|
|Quest Software||QoreStor 6.0|
|Semperis||Semperis AD Forest Recovery|
Best Cloud Computing Security Solution
It’s easy to see the business benefits of cloud-based
applications. But figuring out what cloud security solution is best to secure them all
in a consistent manner? That’s when things can get a little, well, cloudy.
Bitglass’ CASB (Cloud Access Security Broker) solution
clears up the fog, enabling enterprises to secure any SaaS apps, IaaS instances,
data lakes, on-premises apps and private cloud apps
built on any platform. The company’s total data protection suite provides
end-to-end security and comprehensive visibility over corporate data, while
limiting sharing and preventing data leakage.
Bitglass CASB protects data on any device, at any time, and from
anywhere in the world – without the need for agent-based deployments. IT
departments can confidently adopt cloud technologies and BYOD policies, knowing they
are filling critical security and compliance gaps.
The solution doubles as a mobile device management solution, an
identity and access management solution (replete with single sign-on), and a
data loss prevention tool that works across any app or workload. This provides
a single pane of glass for enterprise IT departments trying to manage
disjointed cloud services
and security tools.
Bitglass CASB owes its success to its hybrid architecture, which
leverages a combination of proxies and API integrations – including reverse
proxy – to ensure complete coverage against all risk of data leakage on any app
The solution delivers real-time, advanced threat protection,
capable of detecting zero-day threats at upload, at download and at rest. Other
standout features include full- strength encryption, as well as unmanaged app
control that renders apps read-only to prevent data leakage.
And because the agentless solution can be rolled out quickly and
requires no software installations, customers report large operational cost savings.
|Centrify||Centrify Zero Trust Privilege Services|
|CipherCloud||CipherCloud CASB+ Platform|
|Illumio||Illumio Adaptive Security Platform® (ASP)|
|Mimecast||Cyber Resilience for Email|
Best Computer Forensic Solution
EnCase Endpoint Investigator and EnCase Mobile Investigator
Step aside, New York Yankees and New England Patriots. Your
dynasties pale in comparison to that of the EnCase product line from OpenText,
which has now won the SC Award for Best Computer Forensic Solution for 10 years running.
Collectively, EnCase Forensic, EnCase Endpoint Investigator and EnCase
Mobile Investigator help law enforcement officers gather digital forensic evidence from endpoints such as
computers, mobile devices and IoT devices. Meanwhile, the solutions also
provide businesses with the tools to examine HR issues, compliance violations,
regulatory inquiries and IP theft.
Despite its decade-long winning streak, OpenText isn’t resting on
its laurels. The company just recently introduced its OpenTextMedia analyzer, a
new module that allows investigators to quickly analyze large volumes of images
and video collected as evidence.
Digital forensic investigators
require court-proven tools that can deliver 360-degree visibility, collect
evidence from vast datasets, and improve efficiency and effectiveness by
automating the laborious investigation processes into a few simple steps.
EnCase Endpoint Investigator provides seamless, remote access to
and servers, ensuring that all investigation-relevant data is
discreetly searched and collected in a forensically sound manner. EnCase Forensic offers broad operating system file
parsing capabilities and encryption support, allowing users to quickly complete
investigations of any operating system. And EnCase Mobile was introduced in
2017 to augment mobile forensic investigations.
User organizations can make confident decisions related to
sensitive internal matters due to EnCase’s thoroughness and Endpoint
Investigator’s unique ability to prove the chain of custody of data if a case
faces legal challenges. According to EnCase, it is not unusual for users to
exceed a 100 percent ROI after their first few investigations.
|AccessData||Forensic Toolkit (FTK)|
|Endace||EndaceProbe Analytics Platform Product Family|
|OpenText||EnCase® Forensic, EnCase Endpoint Investigator & EnCase Mobile Investigator|
Best Customer Service
Nobody scored better in customer service this
past year than SecurityScorecard.
The security ratings company assesses various companies’ cyber
postures and assigns a score that security professionals can review, helping
them assess the risk of current or future business partners.
The company’s customer service superiority
starts with the Customer Success
Manager (CSM) that each client is assigned as a strategic advisor. The CSM
through a customized on-boarding process, which includes a live demo of the
platform that’s specific to each client’s use case, and helps ensure that
project milestones are met.
Supplementing the CMS is the Customer Support
team, which reviews, validates and remediates disputed claims or ratings within
have a dedicated solutions engineer for technical support, while a customer reliability
engineer ensures all remediation requests delivered through the platform are
resolved in an appropriate and timely manner.
From a sales perspective, SecurityScorecard operates via a pod
structure, with each pod focused on a territory supported by a field sales
representative or inside sales representative, who acts as an additional line
Customers also have access to unlimited web-based help, as well as on-site support (via its Professional Services offering) and reading materials, including platform video tutorials, knowledge base articles, supplemental best practice documentation, eBooks, white papers and FAQs.
The company responds to customer feedback
via reviews and social media, and its product management team also holds
regular user feedback sessions. Additionally, SecurityScorecard has a Customer Advisory Board for knowledge sharing
and strategic feedback.
|Cybereason||Cybereason’s Customer Success Team|
|KnowBe4||Customer Success and Support|
|ThreatConnect||ThreatConnect Customer Success|
Best Cybersecurity Higher Education Program
Capitol Technology University
Capitol Technology University offers its students a bold
guarantee: You will receive a job offer within 90 days of commencement, or the
school will provide up to 36 additional undergraduate credits, tuition-free,
while the search for employment continues.
There’s a reason the private South Laurel, Maryland school is so
confident: By the time they finish sophomore year, most undergraduate students
at Capitol are already employable. Also, the university maintains close
relationships with private-sector companies and the nearby Department of
Defense, regularly tailoring its curriculum to suit these organizations’ needs.
Capitol offers BS, MS and DSc programs. Undergrads gain technical
knowledge and basic skills in their first semester, and in their ensuing years
earn certifications such as Security +, CEH, and Access Data Forensics. MS
students are trained to lead teams of security professionals for cyber defense
operations, research and analysis, and can develop specializations (e.g.
cyberlaw, forensics and cryptography). And its doctoral program is designed to
produce senior cybersecurity leaders who take on challenging careers in
cybersecurity and academia.
Capitol offers an extensive variety of cyber lab projects,
competitions and clubs. Lab areas include cyber, digital and mobile forensics,
identity management, IoT vulnerability assessments, quantum computing and SOC
A designated a CAE-CDE institution, Capitol was chosen in 2014 to
provide Master’s-level courses to newly hired NSA security engineers as part of
their development program prior to permanent assignment. Capitol has also been
selected by over 20 Cyber Scholarship Program scholars over the past 10 years
to earn their degrees in cybersecurity and then return to government service in
critical cybersecurity positions.
|Capitol Technology University|
|New York University|
|NYU Cyber Fellows (NYU Cybersecruity MS) – New York University Tandon School of Engineering|
|Red Rocks Community College|
|Master of Science in Cybersecurity Technology – University of Maryland Global Campus|
Data Loss Prevention (DLP) Solution
Digital Guardian Data Protection Platform
Combine DLP with EDR and UEBA and what do you get? Well, if you’re
into anagrams, you might get BEAR PUDDLE, but if you’re into cybersecurity,
then you get the Digital Guardian Data Protection Platform.
The solution unifies data loss protection
capabilities with endpoint detection and response, as well as User Entity
Behavior Analytics, enabling organizations to detect and gain insights into
anomalous activity, while stopping insider threats and external attackers from
A key component is the Digital Guardian Analytics & Reporting Cloud, which incorporates an innovative function that leverages the same endpoint agent, network sensor and management console to prevent data loss. This approach simplifies management, streamlines information sharing, eases the burden on resources and reduces cost.
Users derive a rich set of analytics from monitoring system, user
and data events. Alarms are only triggered for
high-fidelity events, and when they do occur, security professionals can
respond with drag-and-drop incident management and real-time remediation,
blacklisting processes as needed.
The solution also comes with analyst-approved workspaces, which
point security professionals to events relevant to identifying suspicious
activity. Analysts can drill down to follow an investigation and determine next
steps, or to create custom dashboards, reports and workspaces.
DG’s Data Protection
Platform can be deployed as a software-as-a-service or on-premises solution, or
as a managed service.
Digital Guardian made significant improvements to its DLP
technology this past year. Fully integrated UEBA capabilities were optimized to
supplement data classification
and rule-based policies with even more granular insights. And the Security Risk
Dashboard now allows users to view everything in a single user interface, while
prioritizing the most important security alerts corresponding highly to
|Digital Guardian||Digital Guardian Data Protection Platform|
|Fidelis Cybersecurity||Fidelis Network|
|Proofpoint||Proofpoint Information Protection|
Best Database Security Solution
Imperva Data Security
After winning Best Database Security Solution in 2019, Imperva
retains the honor this year for its Imperva Data Security product offering.
Imperva Data Security is equipped with machine learning and
analytics to quickly detect, classify and quarantine suspicious data activity
and protect sensitive information on premises, in the cloud and across hybrid
IT environments. It also provides security teams with deep context to quickly
investigate and remediate security incidents.
Imperva automates a litany of processes, helping users conserve
resources. The solution discovers, identifies and classifies sensitive data;
assesses database vulnerabilities; monitors data access and usage; analyzes
user behavior and flags
actions that contradict normal activity; and detects policy violations in real
time, sending alerts or even terminating sessions in critical cases. Imperva
can monitor and evaluate billions of database events in near real time.
Additionally, Imperva features built-in standardized auditing
enterprise databases and also allows customers to take monitoring
and reporting workloads off their database server so that the server can be
optimized for database performance and availability.
A Total Economic Impact Study commissioned by Imperva found that
organizations can save more than $3 million over three years by switching from
a legacy database security solution to Imperva Data Security, due to reduced
risk and lowered cost of compliance audits. The study further determined that
users can achieve a return on investment in fewer than 16 months.
Imperva Data Security offers flexible and predictable licensing to
fit the needs of customers regardless of the number, location or type of devices
or services used, no
matter where the data lives.
|Baffle||Baffle Advanced Data Protection Service|
|Imperva||Imperva Data Security|
|MarkLogic||MarkLogic 10, also offered as a data hub service|
|Penta Security Systems||MyDiamo|
Best Deception Technology
Your eyes are not deceiving you. The ThreatDefend Platform from
Attivo Networks stands out among deception solutions due to its
authentic-looking decoy environment and high-fidelity alert system that reduces
For user organizations, this results in a sharp reduction in
attacker dwell time across all environments, including the network, endpoints,
applications, databases, user networks, data centers, the cloud and even
specialty attack surfaces like IoT devices, industrial controls systems and
point-of-sale solutions – all with a focus on high-value assets.
According to Attivo, the challenge with many detection solutions is the time it takes for them to learn the nuances of an organization’s digital environment. But ThreatDefend provides immediate detection value with its ability to identify and flag attack engagement as well as spot activities such as reconnaissance, credential harvesting and lateral movement.
Moreover, the platform enables enterprises to accurately mimic
their real-life production environments inside the decoy environment, further
enhancing its realism via Active Directory integrations. This tricks attackers
into interacting with fake assets, revealing themselves in the process.
ThreatDefend’s machine learning-based preparation, deployment and
management keep deception fresh and authentic. Its BOTsink attack analysis
engine generates accurate alerts, which are substantiated with full TTPs and
IOCs, simplifying and accelerating incident response while reducing fatigue
caused by false alarms.
When an intruder is detected, the solution recommends potential
attack paths for mitigation before a major attack occurs. And its 30-plus
native integrations and ThreatOps repeatable playbooks automate and expedite
incident response such as blocking, isolation and hunting.
Attivo customers have even started to generate additional value by further leveraging ThreatDefend for digital risk management operations, endpoint detection and response, managed services, incident response and continuous assessment/resiliency testing of IT environments.
|Attivo Networks||ThreatDefend Deception Platform|
|Fidelis Cybersecurity||Fidelis Deception|
|Morphisec||Unified Threat Prevention|
Best Email Security Solution
Proofpoint Email Security
E-mail-based attacks come in many forms: malware, credential
phishing and fraud schemes among them. But not every threat carries the same
weight, and not every target in an organization is equally desirable to
Proofpoint Email Security is designed to catch and kill
all of these species of threats, while also prioritizing them. The solution
identifies an organization’s most frequently attacked people and surfaces
interesting threats from the noise of everyday malicious activity. Security
teams can set adaptive controls based on each user’s risk profile, enabling an
Delivered as a cloud-based solution available across all platforms
and devices, Proofpoint Email Security combines inbound email analysis and filtering with outbound
data protection, encryption and secure file sharing.
To combat polymorphic malware, weaponized documents and malicious
URLs, Proofpoint Email Security
uses sandboxing with static and dynamic analysis. The solution also
provides email isolation to isolate URL clicks and prevent malicious content
from impacting corporate devices.
To thwart attempts at credentials phishing and fraud schemes like business
email compromise (BEC), Proofpoint incorporates
detailed email analysis
and classification with full kill-chain analysis, including dynamic sandboxing.
It also signatures the output of the kits that attackers use to generate
phishing pages and proactively detects lookalike domains.
The solution’s automated response capabilities include removing emails
from an end user inbox if they are determined to be malicious after delivery,
such as when a URL is weaponized after the email is sent. Meanwhile, the solution’s data loss
prevention capabilities protect outbound emails by automatically detecting a wide variety of
private information and blocking, quarantining or encrypting this info as
|Agari||Agari Secure Email Cloud|
|FireEye||FireEye Email Security|
|GreatHorn||GreatHorn Email Security|
|Mimecast||Cyber Resilience for Email|
|Proofpoint||Proofpoint Email Security|
Best Emerging Technology
A 2018 survey of 1,000 companies found that businesses, on average, share sensitive information with about 583 third-party partners.
Unfortunately, it takes only one to cause a damaging data breach
incident that harms customers and violates regulations that can lead to massive
It’s imperative that modern security programs extend their
security, privacy and compliance expectations to their vendors. Founded in
2016, OneTrust seeks to cut down on third-party risk with its Vendorpedia
product, which security pros can use to assess vendors, access research and
reference thousands of pre-completed vendor assessments, as well as monitor
vendors in accordance with global laws and frameworks.
Vendorpedia lets users automate the entire vendor lifecycle from
onboarding to offboarding. Offerings include dynamic assessments with automated
risk identification; risk mitigation workflows and tracking; free vendor
chasing services to offload assessment-related work; a global risk exchange
with pre-populated research and assessments on roughly 8,000 vendors; contract
management and service-level agreement performance monitoring; data flow
visualizations and custom dashboards; and a breach and enforcement tracker for
The platform is updated with the latest privacy laws and security
updates thanks to OneTrust’s 40-plus in-house, full-time privacy researchers
and a globally available network of 500 lawyers representing 300 jurisdictions.
“Vendorpedia has allowed us to be more agile and scale rapidly to
optimize our business processes and simplify our assessment, mitigation and
monitoring of third-party risks,” said Jonathan Slaughter, director of
compliance, security and privacy at cloud solutions provider ClearDATA.
OneTrust plans to further to advance its platform with future
updates that will include expansion of its Global Risk Exchange plus
enhancements to its depth of research; breach and enforcement automation
workflows to enhance incident response; and an autocomplete assessment tool so
vendors can respond to questionnaires faster.
|Blue Hexagon||Blue Hexagon Malware Protection|
|CyCognito||The CyCognito Platform|
|Cymulate||Breach and Attack Simulation|
|DUST Identity||DUST: Diamond Unclonable Security Tag|
Best Enterprise Security Solution
CyberArk Privileged Access Security Solution
Winning back-to-back titles in any endeavor is not an easy
accomplishment, but the CyberArk team achieved this level of success by taking
home the Best Enterprise Security Solution award in 2019 and once again in
What CyberArk delivers with the CyberArk Privileged Access
Security Solution is the ability to protect its customers as they necessarily
invest in digital transformational technologies, move to the cloud, bring on a
DevOps team, and invest in IoT and robotic process automation. While these
additions certainly make a company more viable, they also greatly increase its
In order to continue delivering the highest level of protection against this ever-increasing attack surface, the company in July 2019 unveiled a suite of privileged access security solution products. This includes CyberArk Alero, a dynamic solution for mitigating risks associated with remote vendors accessing critical systems through CyberArk, and CyberArk Endpoint Privilege Manager, a SaaS-based solution that reduces the risk of unmanaged administrative access on Windows and Mac endpoints.
In addition, the company upgraded CyberArk Privilege Cloud. This
is the company’s privileged access SaaS offering, which enables mid-sized
organizations to improve their ability to continuously discover and manage
privileged credentials across the enterprise.
CyberArk is backing up these products, and its customers in
general, with a wide array of customer support services. These include
security, consulting, implementation, onboarding, project management and
certification program services.
According to CyberArk, major benefits include a 10x improvement in
time spent on privileged account-related tasks, a 5x reduction in the time
spent by IT auditors reviewing session recordings, and 3x faster connections to
cloud platforms and web applications.
|Checkmarx||Software Security Platform|
|CyberArk||CyberArk Privileged Access Security Solution|
|Proofpoint||Proofpoint P1 Advanced Email Security Solution|
|Pulse Secure||Pulse Secure|
Best Identity Management Solution
Okta Identity Cloud
Identity and access management is all about
connecting the right people with the right systems at the right time. And Okta Identity Cloud is among the very best of
getting these “rights” right.
Originally built as a 100 percent cloud-based service, Okta Identity Cloud serves as a bridge to on-premises apps and services as well, acting as the connective tissue across an organization’s technology stack. The identity management solution leverages a recently expanded Okta Integration Network, which enables user organizations to choose from more than 6,000 pre-built integrations with cloud and on-premises systems used by customers or employees. Such capabilities allow businesses of all sizes to embrace technology and adopt the latest apps (e.g. Salesforce, Box, AWS, Workday, G Suite and Slack) without compromising security.
Okta introduced several key additions in 2019. Its new Identity Engine allows customers to
address unlimited identity use
cases through a set of customizable building blocks for every identity experience,
and creates workflows that require less data collection and can be tailored to
any particular use case.
Another new innovation is Okta’s Advanced Server Access, which
enables organizations to bring continuous, contextual access management to
cloud infrastructure. Enterprises can now manage access to on-premises servers
and across popular infrastructure-as-a-service vendors.
Also debuting in 2019: Okta Access Gateway, which enables seamless
single sign-on access, management and visibility into on-premises applications
through the Okta Identity Cloud;
Risk-Based Authentication, which uses real-time intelligence surrounding
individual login attempts to gain a holistic, personalized view of the context
behind each login; and Okta Hooks, which provides developers and IT teams the
power to add customer logic to Okta.
|CyberArk||CyberArk Privileged Access Security Solution|
|ForgeRock||ForgeRock Identity Platform|
|Okta||Okta Identity Cloud|
|Ping Identity||Ping Intelligent Identity Platform|
|Thycotic||Thycotic Secret Server|
Best IT Security-related Training Program
Boasting 50 skill and certification learning paths, more than 400 individual courses and over 100 hands-on labs, Infosec’s brand-new IT security training program is designed to help security professionals stay sharp and fill in their knowledge gaps.
Launched in April 2019, Infosec Skills is mapped to the NICE
Cybersecurity Workforce Framework, which includes entry, mid-level and advanced
cybersecurity roles, backed by research into the actual skills that are
requested by employers. With Infosec Skills and NICE, users have the roadmap
necessary to identify what employers want and the tools needed to follow the
career path of their choice.
More than 2,200 students have signed on since inception, taking
advantage of the program’s in-person and online courses, and its monthly and
annual plans. Skill paths include: ethical hacking, computer incident response,
mobile and computer forensics, web application pentesting and more, while
certification paths include (ISC)2 CISSP, CompTIA Security+, Certified Computer
Forensics Examiner, CISCO Certified Network Associate R&S and more.
Infosec’s 100-plus labs take place across seven cloud-based cyber
ranges, offering skills in command line basics, Linux, networking, network
traffic analysis, pentesting, SCADA systems and ISC/SCADA
Certification practice exams are also included in an education
platform designed for flexibility. Students can study at any time on any device,
where and when they learn best.
“I wear 50 different hats in my role and needed a compressed,
to-the-point training course
that would make sure I was ready for all the [certification] exam domains at a
technical level,” said Julian Tang, CIO at Tennenbaum Capital Partners.
“Infosec trains thousands of students… so I knew they’d be able to tell me what
to expect on the exam and what topics to focus on most.”
|Mimecast nominated by LogMeIn|
Best Managed Security Service
Trustwave Managed Security Services
Trustwave Managed Security Services offer a new beginning for
organizations struggling to fortify
their increasingly complex IT environments. But just because it’s a new
beginning doesn’t mean clients must start from scratch.
Trustwave defies the “rip and replace” mentality of traditional
MSSPs by following a technology-agnostic approach that supports a wide array of
vendors and cloud services. Customers save by leveraging the technology they
already have instead of investing in something new, all while taking advantage
of Trustwave’s offerings, including risk management, advanced threat detection
and response, security testing, forensic investigations and third-party product
To ensure this model works, Trustwave collaborates with its
clients to understand their unique tech environments, risk tolerance and
personnel skillsets, and then designs a corresponding security plan that’s
supported via the Trustwave SpiderLabs team of ethical hackers, threat hunters
and incident responders. Moreover, the Trustwave Global Threat Operations team
helps ensure that clients’ existing technologies are being used correctly
through frequent audits, assessment and re-training.
September 2019 saw the debut of the Trustwave Fusion platform,
which connects the digital footprints of clients to a security cloud comprised
of the Trustwave data lake, advanced analytics, threat intelligence, managed
security services and a team of elite security specialists.
Through a dashboard – accessed via computer, tablet or mobile
phone – organizations can view protected assets and device health, respond to
alerts, schedule penetration tests and vulnerability scans, manage third-party
technologies, scale resources on demand or order a threat hunting team into
Trustwave Fusion integrates with the company’s global network of
nine SOCs and the Trustwave SpiderLabs Fusion Center to give clients excellent
threat visibility and the power to take swift action against incidents.
This is the second consecutive year Trustwave took top honors in
the MSSP category.
|AT&T Cybersecurity||AT&T Managed Threat Detection and Response|
|Digital Guardian||Digital Guardian Managed Security Program|
|Trustwave||Trustwave Managed Security Services|
Best Mobile Security Solution
Aegis Fortress L3
Here’s a riddle for you: When is data both at rest and in motion
at the same time? The answer: When it’s sitting on a portable device being
transported all around by your employees.
With the rise of remote working and data on-the-go, company data has
become increasingly exposed and in danger of being compromised. But the Aegis
Fortress L3 portable storage drive from Apricorn removes the risk of sensitive
information falling into the wrong hands.
The ultra-rugged and securely encrypted drive is designed to
protect the most sensitive data of companies, especially those operating in
industries where data security is
federally regulated and compliance is mandated. And since it’s software-free
and platform agnostic, it is compatible with all operating systems and machines
with USB connectivity.
The L3 doesn’t mess around with preset default PINs – a common security vulnerability that could allow an
unauthorized party to easily access the data if they were to take possession of
the device. As an alternative, the drive comes standard with Apricorn’s “Forced
Enrollment feature,” which requires the admin to register a unique PIN. The
drive also allows for a separate user PIN to be established.
The L3’s complete FIPS (Federal Information Processing Standard)
140-2 Level-3 validation is the highest level assigned by the National
Institute of Standards and Technology (NIST) to portable encrypted devices, and
the validation boundary includes the electronics, drive, external fasteners and
even the enclosure itself.
|Apricorn||AEgis Fortress L3|
|Data Theorem||API Discover and API Inspect|
|Lookout||Lookout Mobile Endpoint Security|
|MobileIron||MobileIron’s mobile-centric, zero trust platform|
Best NAC Solution
Cisco Systems, Inc.
Cisco Identity Services Engine (ISE)
NACs go, the Cisco Identity Services Engine (ISE) plays well with others.
from Cisco’s extensive partner ecosystem for automated solution integrations
and an IETF standards-based integration platform, ISE also meshes with other
products in the company’s extensive line, including Cisco Firepower,
Stealthwatch and Advanced Malware Protection.
commitment to baked-in
security is borne out with ISE, which builds advanced security directly into
the network, enabling secure access while simultaneously turning it into a
ISE offers a bevy of rich features, including visibility to assets connected to the networks; secure wired, wireless and VPN access; device compliance; and network segmentation, which can reduce the scope of compliance. As with most Cisco solutions, ISE is highly scalable, supporting up to 2 million concurrent endpoint sessions. The company touts ISE as the only NAC solution that includes TACACS+ for role-based, administrative access control to networking equipment.
Its scalable architecture along with an intuitive interface and supported integrations translate into accelerated NAC project roll-outs, with organizations saying they spend less time configuring and troubleshooting and achieve key project milestones more quickly.
All in all, Cisco ISE users can expect a positive impact on economics and an impressive return on investment, according to an analyst who found that organizations using ISE have seen savings of about $1.9 million . ROI for some has hit 120 percent with payback of 12 months.
numbers like those – and ISE’s ability to play well with others – it’s no
wonder that Cisco has a commanding presence in the NAC field with 34.3 percent
of the marketplace and more than 29,000 customers sprawled across the Fortune 500.
|Aruba, a Hewlett Packard Enterprise Company||Aruba ClearPass|
|Cisco Systems||Cisco Identity Services Engine (ISE)|
|Forescout Technologies||Forescout Platform|
Best Professional Certification Program
Certified Information Security Manager (CISM)
ISACA celebrated its 50th anniversary in 2019, and now in 2020 it
has a new reason to rejoice: Its Certified Information Security Manager (CISM) program has won Best Professional Certification Program
at this year’s SC
The global association, which provides training and education to
140,000 members via 460,000 engaged practitioners, calls CISM the only
management-level certification for infosec professionals.
Most security certifications measure professionals’ comprehension
of the technologies and processes they use. But CISM distinguishes itself by
also assessing their understanding of how their work supports their various organizations’ specific
Such knowledge can be critical for CISOs who must communicate
ideas to leaders within the C-suite and at the board level. And the payoff is
significant: According to ZipRecruiter data, the average annual pay of a CISM
in the U.S., as of January 2020, is $134,220.
Earned by more than 42,000 professionals since its inception in
2002, a CISM certification requires five years of work experience, including a
minimum of three years of information security management in several job
practice analysis areas.
CISM is updated frequently to reflect the ever-changing job roles
and responsibilities of security managers, and the fast-evolving threat
landscape. Rigorous continuing education is necessary to maintain the certification.
Members can receive their training via ISACA’s Cybersecurity Nexus
(CSX), which offers courses and real-world lab environments. ISACA has a
presence in more than 188 countries, with over 220 chapters worldwide.
“I already had the technical skills in the cybersecurity space and
could demonstrate that, but the CISM gave me the credibility to talk to the
business about risk and policies,” said security professional Michelle Malcher,
CISM. “The CISM provided me the step I needed to move to an architecture role.”
|(ISC)2||Certified Information Systems Security Professional (CISSP)|
|Cloud Security Alliance||Certificate of Cloud Certificate Knowledge (CCSK)|
|ISACA||Certified Information Security Manager (CISM)|
|ISACA||Certified in Risk and Information Systems Control (CRISC)|
|Offensive Security||Offensive Security Certified Professional (OSCP)|
Best Regulatory Compliance Solution
Privacy Management Software
alphabet soup of privacy regulations proliferating across the country and the
world are creating compliance headaches for enterprise security teams. But
instead of adopting a steady diet of aspirin, companies in myriad industries,
including 250 of the Global 2,000, have turned to OneTrust’s Privacy Management
Software, a privacy, security and third-party risk technology platform designed to make
compliance with the likes CCPA, GDPR, HIPAA, GLBA and ISO27001 a lot less
is finding an eager audience among companies keen on showcasing their
commitment to privacy and
transparency to consumers and boosting their market position. To keep up with
the latest privacy laws and security updates, OneTrust has created an agile
process that includes issuing a new major product release every three weeks.
company’s 2019 acquisition of DataGuidance has enriched and deepened the
OneTrust privacy and security regulatory research platform. The company has
inspired what it says is the largest privacy community, with more than 10,000
active users. And it offers more than 250 free, one-day PrivacyConnect
workshops globally, as
well as two PrivacyTech annual global user conferences.
team dedicated to privacy technology, including 450 in R&D, keeps OneTrust au courant and ahead of
the game. With more than 200 services and support team members providing 24/7
support, it’s clear why OneTrust has racked up a 95 percent customer
satisfaction (CSAT) score.
“One of the advantages of OneTrust is the ability to streamline compliance globally where it’s not just siloed to one department or one location,” said Renate Lang, legal counsel/Head Practice Group HR & Data Protection at Schindler, a Swiss provider of elevators, escalators and moving walkways. “My colleague in Germany can use it same as I can in Switzerland.”
|Cloud Conformity||Cloud Conformity|
|Immuta||Immuta Automated Data Governance Platform|
|Mimecast||Mimecast Cloud Archive|
|OneTrust||Privacy Management Software|
Best Risk/Policy Management Solution
The huge volume of data leaks caused by misconfigured databases
this year is a sure indicator that many IT security teams are having a hard
time managing the complex nature and scale of a modern infrastructure.
To help IT teams get a handle on this situation, SaltStack offers
its advanced capabilities in infrastructure automation to the security and
vulnerability management markets, in the form of its SaltStack SecOps IT
security remediation solution.
SaltStack automates the work of fixing thousands of possible
configuration issues, vulnerabilities and non-compliant infrastructure settings,
instead of simply informing the organizations that there is a problem and then
leaving their work in their hands.
Additionally, SecOps scans infrastructure environments; determines
non-compliance with policies and standards such as CIS Benchmarks, DISA-STIGS,
or NIST; and then automates remediation of any discovered vulnerabilities or
misconfigurations. This level of automation includes a persistent connection
between a master command-and-control server and minions or proxy agents on any
managed infrastructure (e.g. public and private cloud, network infrastructure,
any OS and containerized environments).
“SaltStack forms the basis of a comprehensive audit, remote
execution, configuration management, patch, and baseline enforcement suite for
the IBM Cloud network,” said Brian Armstrong, an IBM Cloud executive. “This has
replaced several disparate legacy tools with a single command-and-control layer
that allows us to automatically roll out new security policies and quickly
react to any new security threats. Problem scoping, mitigation and audit is
done in hours rather than weeks across our network.”
The IBM Cloud team saves thousands of hours by automating SecOps,
reducing vulnerability remediation time by 75 percent.
|Brinqa||Brinqa Cyber Risk Services|
|ProcessUnity||ProcessUnity Vendor Risk Management|
|Skybox Security||Skybox Security Suite|
Best SCADA Security Solution
CyberX IoT/ICS Cybersecurity Platform
The threat level against manufacturers, utilities and critical
infrastructure operators has never been higher, meaning the need for ICS/SCADA security
products like CyberX’s IoT/ICS Cybersecurity Platform is equally in demand.
Simply put, extending legacy cybersecurity technologies that were originally
constructed for IT networks is not the best solution when it comes to
protecting ICS/SCADA environments.
Since no two of the entities requiring this type of protection are
the same, any product for use in these environments must be built from the
ground up, and tuned for the specialized devices, protocols, vulnerabilities
and machine-to-machine (M2M) behaviors found in ICS/SCADA environments. It also
must incorporate a deep understanding of the world of ICS/SCADA, particularly
when IoT devices are thrown into the mix. CyberX’s IoT/ICS Cybersecurity
Platform fits the bill in both cases.
The platform addresses three key areas – asset discovery, passive
risk and vulnerability management, and continuous threat monitoring – while
using patented, M2M-aware behavioral anomaly detection and self-learning to
immediately identify zero-day attacks and stop them.
A feature is speed, both during installation and while actively
working. Within an hour of being installed, the software will begin to deliver
insights without the need for additional configuration by the customer. It can
quickly identify and mitigate malicious activity, enabling companies to avoid
the high cost of targeted attacks and malware in industrial environments that
could potentially result in plant shutdowns, theft of intellectual property or even catastrophic
Customers benefit from ease of deployment, as well as platform
maturity and scalability that comes from deployments in 2,500-plus ICS/SCADA
networks. Founded in 2013, CyberX bills itself as the longest-standing
pure-play provider of ICS/SCADA security.
|BlackRidge Technology||BlackRidge TAC Identity Device (TAC-ID)|
|CyberX||CyberX IoT/ICS Cybersecurity Platform|
|Dragos, Inc.||Dragos Platform|
|Tenable||Tenable Industrial Cybersecurity Suite|
|Radiflow||iSID Industrial Threat Detection solution|
Best Security Company
By any account, it was a momentous year for
CrowdStrike in 2019.
The company in June made its initial public offering on the
NASDAQ stock exchange, raising $612 million in what has been described as the
biggest IPO ever for a cybersecurity company.
CrowdStrike also held its ground and stood firm after being
subjected to a false conspiracy theory and high-profile political attack that
sought to discredit the company’s role in the investigation of the 2016
Democratic National Committee hacking attack.
But first and foremost, the primary reason SC Media has named
CrowdStrike Best Security Company for 2020 is the company’s latest outstanding efforts
at protecting the user community.
Such efforts begin with CrowdStrike Falcon, a next-generation, cloud-native platform
that unifies anti-virus, endpoint detection and response, managed hunting, IT hygiene
and threat intelligence – all delivered through a lightweight, single agent.
The solution defends customer workloads across on-premise, virtualized and
cloud-based environments running on a variety of endpoints, on or off network.
Additionally, CrowdStrike offers organizations access to
OverWatch, an elite force of renowned threat hunters, intrusion analysts and
In February 2019, the company launched the CrowdStrike Store, a
cloud-based application platform-as-a-service for cybersecurity, through which
new start-ups or
technology partners can develop their own applications to integrate into the
Falcon platform for user organizations to discovery, try and purchase. And to
stoke further innovation, CrowdStrike announced the Falcon Fund, which will act
as a co-investor and strategic partner alongside lead investors looking for
whose products will be added to the CrowdStrike Store.
|VMware Carbon Black|
Best Security Team
Penn Medicine Information Security
health care industry has been under siege for the last several years as
malicious actors try to exploit the myriad, and often older, connected systems
found in a medical facility. For that reason, Penn Medicine, also known as the
University of Pennsylvania Health System, has found itself on the very front
lines when it comes to being targeted by cyberattackers.
environment protected by the
Penn Medicine Information Security team is truly daunting. The 35-person-strong
unit oversees the security of 50,000 employees spread across six hospitals and
outpatient facilities. To handle this gargantuan task, Penn Medicine has more
than tripled the number of cybersecurity personnel in the last two years, and
during this time period has evolved its internal structure from one to five
teams: Information Assurance, Security Engineering, Security Operations,
Security Architecture and Office of the CISO (OCISO).
high level of success achieved by Penn Medicine Information Security is due to
the close relationship it maintains with corporate leaders and those on the
medical side of the operation. This is accomplished by “taking security into
the field” to work first-hand with the clinical and research communities, which
helps bring them closer to the technology and policy decisions that help ensure
data remains protected. This also
helps create a culture where all staffers know that cybersecurity should be
part of their daily conversation.
any health worker knows, a body must remain strong in order to fight off an
infection, so Penn Medicine Information Security has several programs in place
to make sure its security workers are operating at their highest level. This
includes certification training, bi-weekly training and the Penn Test
Challenge, which uses gamification to improve diagnostic and mitigation skills.
|Penn Medicine SecurityTeam|
LogRhythm NextGen SIEM Platform
easier to ask forgiveness than permission – or so the saying goes. That might
be true in other walks of life, but not when it comes to cyberattacks where the
damage to assets and reputation can be devastating. Staying a step ahead of
attackers is getting harder by the day, but the kind of analytics that identify threats and the
ability to mitigate them delivered by the LogRhythm NextGen SIEM Platform
empower organizations to successfully reduce risk by rapidly detecting,
responding to and neutralizing damaging cyberthreats.
LogRhythm recently made available on
the cloud the same data lake technology, AI, security analytics and security
orchestration, automation, and response (SOAR) to power and unify forensic
visibility, advanced threat detection, and incident response that have
distinguished the NextGen SIEM Platform as an scalable end-to-end on-premises
platform lets organizations manage threats throughout the entire attack
lifecycle via a single user interface and the RespondX component streamlines
investigation and mitigation through SOAR capabilities, accelerating both
threat investigation and incident response. Security teams will benefit from
centralized forensic visibility into activity across the extended IT and
operational environment that provides deep and immediate insight into threat
singular focus on security has paid off with a platform that it is easy to
adopt – as much as three times faster than with other solutions, the company
says – and
risk-based monitoring and prioritization that reduces alarm fatigue and helps
focus analysts on the most impact security events through the use of
environmental risk characteristics and threat context that assign risk-based
scores to all events and alarms.
|LogRhythm||LogRhythm NextGen SIEM Platform|
|RSA||RSA NetWitness Platform|
|Securonix||Securonix Next-Gen SIEM|
Best SME Security Solution
Cyberattackers don’t take pity on the little guy. Underfunded,
understaffed municipalities, local school districts and small businesses all
fall victim to malicious attacks and, despite a victim’s diminutive size, the
consequences can be enormous.
For over 40,000 small-to-medium enterprises, Untangle is the
bodyguard that stands up to the big cyber bully. Its network security framework
provides cloud-managed security and connectivity options that ensure
protection, monitoring and control across the entire digital attack surface
from headquarters to network edge. And its flagship product, NG Firewall,
provides scalable unified threat management capabilities, with the ability to
set policies for specific devices or people, but without the need to maintain
Untangle recently released NG Firewall v14.2, which introduced significant
enhancements to web security and content filtering, the ability to synchronize
users with Azure Active Directory, and enhancements to intrusion detection.
The solution continuously monitors emerging malware threats and
zero-day exploits through Untangle’s cloud-based threat intelligence service.
Known threats are blocked at the gateway, promptly short-circuiting the attack.
NG Firewall pricing starts at free. Customers can then choose the
individual features they want, only paying for what they need. NG Firewall is
sold as scalable software solution, and
Untangle’s technology applications and cloud-based solutions
provide unique deployment options for customers, many with complex deployment
levels based on budget and network infrastructure.
Untangle offers U.S.-based technical support that does not force
customers to contend with time-wasting call-center menus. Such convenience
likely helped contribute to an average 95.91% customer satisfaction rating over
the last four years.
|Alert Logic||Alert Logic Professional|
|Arctic Wolf Networks||Arctic Wolf SOC-as-a-Service|
|Sophos||Intercept X Advanced|
Best Threat Detection
any pilot: low visibility can lay ruin to the best laid flight plans. Same goes
with cybersecurity strategies, where visibility is crucial to detecting and
responding to threats.
Fidelity Elevate seeks to provide that visibility across the entire kill chain using multiple detection methods. The platform integrates network and cloud traffic analysis, endpoint detection and response, and deception technologies with open threat intelligence feeds, cloud-based sandboxing and advanced malware analysis as a means to automate threat detection, investigation and response.
taps content- and context-rich metadata for more than 300 attributes – it
custom tags up to 360 days for network traffic analysis and 90 days for
endpoint process and event metadata. Many of the threat detection,
investigation and response process steps are automated, reducing response times
and minimizing business impacts.
platform automatically validates across layers, consolidating similar alerts,
which offers busy analysts a streamlined workflow and focuses them on the most
important detections. The heavy integration between products in the Fidelis
platform creates force multipliers such as information sharing, and software
inventory and known vulnerabilities from endpoints shared with network and
deception solutions. An open threat intelligence feed supporting network and
endpoint solutions includes internal threat intelligence and custom indicators
and rules that are developed by users.
touts a lower TCO than other market offerings thanks to the integration of EDR,
network traffic analysis and deception.
|Armis||Armis Agentless Device Security Platform|
|Bitdefender||Bitdefender GravityZone Ultra|
|Fidelis Cybersecurity||Fidelis Elevate|
|Fortinet||FortiSandbox and FortiDeceptor|
Best Threat Intelligence Technology
Some organizations collect endpoint data to track down threats only
when some kind of anomalous behavior is detected. The problem is, the best
cyberattackers know how to conceal their malicious activity to make it look
like everything is perfectly normal.
For that reason, Carbon Black has programmed its CB Threat Hunter
solution to collect all endpoint data – completely unfiltered – and
analyze it to proactively seek out and uncover suspicious behavior, disrupt
active attacks and address gaps in defenses before bad actors can.
Unfiltered data, collected by Carbon Black’s cloud-native endpoint
protection platform, provides users with the most complete picture of an attack
at all times. Meanwhile, the solution provider’s advanced artificial
intelligence/machine-learning technology helps teams parse data more
efficiently, reducing lengthy investigations from days to minutes.
According to Carbon Black, the massive amounts of data that CB
Threat Hunter collects would be overwhelming for organizations using more
conventional solutions, because the volume of information collected would
consume too much time and money for security teams to store and analyze.
But Carbon Black created proprietary data-shaping technology that
overcomes the data pipeline challenge and delivers high-volume endpoint data to
the cloud. To realize the potential of this unfiltered data set, the company
leverages streaming analytics to evaluate behaviors over time. Its real-time analysis
is based on event stream processing, the same technology that has transformed
many other industries like credit card fraud detection.
CB ThreatHunter provides the power to respond to threats and
remediate them in real-time, stopping active attacks and repairing damage
quickly, all from a cloud-based platform using a single agent, console and
|VMware Carbon Black||CB ThreatHunter|
|LookingGlass Cyber Solutions||LookingGlass scoutPRIME®|
|IntSights||External Threat Protection Suite|
Best UTM Security Solution
than just a sentry standing between an organization’s most valuable assets and
the threats that lie beyond, the SonicWall NSa 2650 provides high-speed threat
prevention over thousands of encrypted and unencrypted connections, delivering
high security effectiveness to mid-sized networks, branch offices and
distributed enterprises. All without diminishing network performance.
two advanced security technologies – a multi-engine Capture Advanced Threat
Protection sandbox service enhanced by Real-Time Deep Memory Inspection (RTDMI)
technology and the company’s ReassemblyFree Deep Packet Inspection – the NSa
2650 proactively blocks mass-market, zero-day threats and unknown malware and
examines every byte of every packet.
It only takes a single appliance to automatically update malware and IPS signatures daily, connect to cloud-based sandboxing to spot and stop unknown attacks, decrypt and inspect TLS/SSL traffic over thousands of encrypted and unencrypted connections, eliminate attacks without slowing performance, and provide users with a unified deployment experience through seamless integration of 802.11ac Wave 2 wireless connectivity.
from real-time information from the SonicWall Capture Labs threat research team
as well as industry collaboration and threat research communities that gather
and share around 140,000 attack and vulnerability samples daily, SonicWall
automatically deploys countermeasures to the NSa 2650.
management through the SonicWall
Global Management System (GMS) on-premises solution or the cloud-based
Capture Security Center (CSC) reduces total cost of ownership and helps relieve
the burden on IT.
|Ericom Software||Ericom Shield|
|WatchGuard Technologies||Firebox M270|
Best Vulnerability Management Solution
Global IT Asset Inventory
Qualys lives by the motto “You cannot secure what you can’t see.”
With that in mind, the infosec and compliance solutions provider is offering
user organizations the gift of sight – with its free(mium) Global IT Asset
Inventory (ITAI) solution.
ITAI provides complete and continuous asset inventory in complex
hybrid environments, allowing users to instantly know what assets connect to
their network, and assess their security and compliance posture in real time.
Such visibility allows organizations to find unknown assets before an attacker
does and takes advantage.
The solution offers automated classification for clean, reliable
data; the ability to search and identify known and unknown assets in seconds;
and integrated IT, security and compliance data.
Combining all these capabilities into one solution represents a
significant improvement over having to manually clean up and correlate the
asset data of multiple disparate point products – a complicated and time-consuming
In the process of scrubbing a company’s data, ITAI makes it
uniform, eliminating variations in product and vendor names – for instance, “Microsoft,”
“Microsoft Corp.,” and “Microsoft Corporation” – that clutter asset inventories
and render them ineffective.
ITAI allows an organization’s security team to expend less manual
effort on constantly checking the networks for threats, because the app is
already doing it. And the freemium model allows companies to allocate their
resources toward other security products that are necessary to maintain the
best security posture and stay compliant with federal regulations and standards
such as PCI DSS, HIPAA, GDPR and FedRAMP.
|Checkmarx||Software Security Platform|
|Qualys||Global IT Asset Inventory|
Best Web Application
Cequence Application Security Platform
The open, highly scalable Cequence
Application Security Platform protects web, mobile and API applications from
external attacks using a powerful pair of app security modules, with the
promise of more in the works.
Easily managed through a single pane of
glass, Cequence’s ASP can be deployed on premises or in the cloud, across any
number of locations.
CQ appFirewall module combines advanced WAF security capabilities, supporting
OWASP requirements, and detecting and defending against known and unknown
vulnerability exploits by bad actors.
Meanwhile, the CQ
botDefense module protects against automated bot attacks, including those
designed for account takeover, fake account creation, API abuse, content
scraping and financial fraud.
modules work seamlessly with Cequence ASP’s CQAI AI-powered engine, which
performs a single-pass, multi-dimensional analysis to detect attacks, then
automated mitigation to stop them in their tracks, before they achieve their
large and small benefit from an open architecture that provides seamless
integration and information exchange with other security tools in the network
and gives security teams a more complete view of attack and response
information. Security teams also gain visibility into apps that need protecting
through automatic discovery of all web, mobile and API-based applications an
organization has deployed.
ability to detect and eliminate unwanted app traffic can translate into higher
staff productivity, better app performance and measurable cost savings. One
Fortune 500 customer, Cequence says, saved $1.7 million in 60 days because ASP
eliminated the need for unnecessary infrastructure oversizing and resolved
compromised accounts from bot attacks.
|Cequence Security||Cequence Application Security Platform|
|WhiteHat Security||WhiteHat Application Security Platform|
|White Ops||White Ops Bot Mitigation Platform|
CSO of the Year
CISO, Hospital for Special Surgery
As the first CISO of the Hospital for Special Surgery (HSS) in New
York, Vikrant Arora aims to attack cyber risk with surgical precision.
He maintains a strong focus on supporting digital innovation,
raising organizational confidence in security, hiring quality talent, and
laying the foundation for a multi-year security program that aligns with HHS’
Edward Marx, CIO of the Cleveland Clinic, said Arora “has been
first amongst peers to leverage machine learning and DevSecOps, while
simultaneously developing solutions that addressed gaps in otherwise lax
For instance, Arora implemented deep learning and behavioral-based
authentication for privileged access, and also incorporated
machine-learning-based malware detection on more than 6,000 endpoints. HHS
assesses that Arora’s efforts have reduced the risk of unauthorized exposure of
electronically protected health information by more than 80 percent in the
public cloud and on-premises infrastructure.
A long-time advocate of addressing the security of connected
medical devices, Arora envisions an ecosystem of security solutions fueled by
data. He has implemented
solutions that provide real-time visibility into all connected biomedical
devices, enabling HSS to promptly identify ones that may be vulnerable to key threats and
Arora has also put in place a robust risk management framework at
HSS, integrating security into business decisions, application development and the
supply chain right from inception. Under Arora’s watch, HHS also implemented
the DMARC email authentication protocol to prevent malicious actors from
spoofing HSS’ email domain as a means to trick external users.
Additionally, Arora is collaborating with law enforcement,
security vendors and other healthcare organizations on an Early Warning System
that could potentially allow the health care industry to stay ahead of the
curve in a volatile threat landscape.
|Vikrant Arora, CISO||Hospital for Special Surgery|
|Derrick A. Butts, Chief Information & Cybersecurity Officer||Truth Initiative|
|Dan Costantino, CISO||Penn Medicine|
|Janice Lim, DEO & CISO||Los Angeles County Metropolitan Transportation Authority (Metro)|
|John Masserini, CISO||Millicom|
Rookie Security Company of the Year
London-based cybersecurity start-up Barac says it can detect
malware hidden within encrypted traffic with 99.997% accuracy. Even more
impressively, it does so without resorting to decryption.
Here’s how: Every malware attack has its own SSL metadata
signature between the user and the server. Capable of analyzing more than 100
million events per second, Barac’s Encrypted Traffic Visibility (ETV) platform picks
up on these signatures and identifies
these abnormalities with high accuracy by analyzing this metadata in real time
using AI and behavioral analytics.
Conversely, more typical detection solutions inspect encrypted
traffic by decrypting the data into cleartext, blocking any discovered
malicious code, and then re-encrypting what remains. But according to Barac,
this process can place significant computing stress on one’s network.
Barac customers, however, sidestep this problem, thus avoiding
traffic slowdowns, user experience degradation and costly hardware investments.
Additionally, user organizations need not worry that they are violating privacy
regulations by decrypting communications.
The ETV platform is an especially important tool for companies,
given the advent of the new Transport Layer Security 1.3 protocol, which
doesn’t allow decryption. The solution is also useful for data centers, where
the vast majority of traffic is already encrypted; IoT, where encryption
renders normal security tools useless; and encrypted traffic between APIs and
Barac can deploy its software on a physical or virtual server, or
can make it available as a software-as-a-service solution. Deployment is made
easier through integrations via API with various SIEM platforms.
Barac operates R&D teams in London and Tunisia, and recently
opened a U.S. office in Boston. In late 2018, the UK GCHQ’s National Cyber
Security Centre selected Barac for its prestigious Cyber Accelerator program.
|Cloud Conformity (Note – Acq’d by Trend Micro in Oct.)|