Analysis and testing
This is – or can be – a very broad category. This year we looked the landscape over pretty closely and we saw a lot of the same things we've seen in previous years. Most vulnerability assessment (VA) and penetration testing tools look pretty much like they did for the past few years. And, while they certainly are effective, they showed no particular innovation.
Then we moved on to forensic tools, a perennial favourite of ours. Same story there. Nothing jumped out at us until we dug a bit deeper and came up with our Innovator for this year. Going back to the vulnerability assessment, we looked at some point solutions to single problems. How about web VA?
Vulnerability assessment and penetration of websites is not particularly unheard of so we didn't expect much until we remembered that we had tested a unique combination of cloud-based vulnerability assessment and human pen testing. We were quite pleased with the outcome of that test so we brought them in this year – innovative because of the way they approach the problem more than what they do (although that's pretty cool as well).
Analysis and testing can, as you see, take a lot of different forms. There are a lot of tools that do the routine tests and some do those tests on steroids – Metasploit and Core Security come to mind in the area of pen testing for example – but we look for original thinking not just mass appeal. That brought us to the two products we review this year.
Another issue we came up with was the notion of innovation, not just in the products, but in the company and the go-to-market strategy. If you are a new and/or small company, you are fighting the big dogs and you need to be crafty. In the case of the products we selected, that part of the innovation picture was a real deal-maker for us. These two companies certainly are crafty in getting their products in front of potential customers. So, with all of that in mind, let's dive into testing and analysis.