Hundreds of industry guests gathered in the ballroom of the Grosvenor Hotel, Park Lane this week (2nd June) to recognise and celebrate excellence, innovation and achievement in the information security industry.
SC Magazine UK Editor in Chief Tony Morbin welcomed guests, with a reminder about how a year of major high profile breaches and subsequent industry growth has now put information security firmly on the boardroom agenda. He then introduced Ian Glover, president of Crest who emphasised the professionalisation of the industry, and the further steps needed to ensure it is a viable and attractive career option for today's school students. Then after dinner, compere Ed Byrne entertained guests and presented the Award winners with their trophies.
The evening culminated with the Editor's Choice Award, presented to Richard Bach, assistant director, Cyber Security Digital Economy Unit, BIS, Department for Culture, Media and Sport, on behalf of the Cyber Essentials programme, a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks – praised as possibly the most significant initiative to reduce cyber crime.
All other awards were chosen by a team of independent experts, categories such as Best Cloud Computing Security Solution, Best Email Security Solution and Best Emerging Technology as well as CISO of the Year, and security company of the year.
The full list of winners is as follows:
Best Advanced Persistent Threat (APT) Protection -
The FireEye platform combats today's advanced cyber-attacks and is designed from the ground up to stop advanced persistent threats used by cyber-criminals and sophisticated attackers. With the FireEye Threat Prevention Platform, Dynamic Threat Intelligence, and Services, enterprises get multi-faceted, coordinated defence capabilities to guard against sophisticated attacks including zero-day attacks, unknown malware and APT attacks.
The core of the FireEye platform is the patented Multi-Vector Virtual Execution (MVX) engine, which provides dynamic, signature-less, and virtualised analysis of today's advanced cyber-attacks. The core of MVX begins with the FireEye hardened hypervisor, a purpose-built hypervisor designed for threat analysis with built-in countermeasures against malware.
The MVX engine detonates suspicious files, Web pages, and email attachments within instrumented virtual machine environments to confirm a cyber-attack. This threat intelligence is in a standards-based format, which enables the intelligence to be correlated and shared among the entire FireEye deployment to stop today's cyber-attacks.
FireEye offers breadth and depth of signature-less protection across the range of zero-day APT attacks and attack methods. Its Multi-Vector Virtual Execution engine technology is extensible to multiple threat vectors to address Web, email, mobile, and content-based attacks enabling correlation across attack vectors.
The only vendor providing security at multi-gigabit speeds to protect at such scale, FireEye enables consolidation of IT resources, lowering the total cost of threat prevention. FireEye is built with a custom hypervisor with built-in countermeasures and malware detection that extends to endpoints.
To be effective, malware detection must cover as many software versions as possible; FireEye has the highest number of covered permutations, including covering Apple. FireEye prioritises the most suspicious web traffic for virtual replay through proprietary multi-flow technology algorithms at a rate of 1.2M virtual machine analyses per hour.
The judges considered FireEye as the only vendor providing security at multi-gigabit speeds to protect at scale, enabling consolidation of IT resources, lowering the total cost of threat prevention.
Best Cloud Computing Security Solution -
Attackers and hactivists are mainly targeting financial institutions, online retailers, government and e-Gaming online services with the purpose of disrupting the availability of those services, hence preventing users from accessing the online services. This results in revenue loss, reputation damage and other consequences to victims.
An on-premise attack mitigation solution is the most effective approach to fight today's threats including application layer attacks, low and slow stealthy attacks, network layer attacks and SSL based attacks. However, once the attacks turns into a volumetric flood attack that threatens to saturate the Internet pipe of the organisation, the mitigation needs to move to the cloud. According to Radware's Emergency Response Team (ERT), only 15 percent of DDoS attacks were based on volumetric attacks that actually blocked the Internet pipe.
DefensePipe is a cloud based, DDoS attack scrubbing service that protects against Internet pipe saturation caused by cyber-attacks. DefensePipe is activated only when the attack threatens to saturate the organisation's Internet pipe. Based on the built-in synchronisation between the datacentre DefensePro and DefensePipe, the in the cloud mitigation can start immediately.
The combined offering of DefensePro and DefensePipe in a single Attack Mitigation System (AMS), enables Radware to offer organisations one of the most integrated and comprehensive solutions to fight today's cyber-security threats. DefensePipe is an integral part of Radware's AMS, a single vendor hybrid on- premise and cloud attack mitigation solution.
It enables organisations to fight on all fronts and achieve an end-to-end security protection with a single point of contact without the need to worry about a complicated transition of responsibilities between multiple vendors during an attack. This results in a shorter time to protection and assurance for customers that they will receive a complete security protection from a single vendor.
The judges thought this was a well-rounded entry for a Hybrid Cloud DDoS mitigation solution and a very useful service for those sites that require complete up-time.
Best Computer Forensics Solution -
Guidance Software's EnCase software solution is a powerful, judicially accepted, platform that provides the foundation for corporations, government agencies and law enforcement to conduct thorough and effective digital investigations of virtually any kind, including intellectual property theft, incident response, compliance auditing and responding to e-discovery requests—all while maintaining the forensic integrity of the data.
It includes the EnCase Enterprise software platform which can support the EnCase Cybersecurity and EnCase eDiscovery applications. The product line also includes EnCase Forensic and EnCase Portable. EnCase allows customers to conduct more complete investigations than its competitors with additional integration with a cloud-based eDiscovery platform, as well as security information and event managers (SIEM) for automated incident response.
The EnCase platform and applications address the requirements of an extremely broad range of users, including security specialists, investigators, computer incident-response teams and litigation specialists. It delivers everything needed to immediately and thoroughly search, collect, preserve, and analyse data from servers, workstations, mobile devices and cloud-based data sources.
With EnCase, users can complete a comprehensive analysis of whatever evidence they may encounter, for virtually any business purpose. Moreover, users of the EnCase solution have the ability to customise how the solution functions, adding capabilities to the product to meet specific needs, something other solutions in the market don't offer. For example, EnCase App Central offers over 126 EnScripts or Apps that allow users to add functionality and increase productivity.
With EnCase, organisations can exponentially improve efficiency and effectiveness of their staff, as it allows for the automation of repeatable processes and procedures associated with the acquisition, analysis, and reporting of a forensic investigation, eliminating redundant manual work.
Judges felt this was a market-leading solution with EnCase App Central offering over 126 EnScripts or Apps that allow users to add functionality and increase productivity.
Best Customer Service –
Mimecast has identified 13 key touch points along the Customer journey which are constantly monitored and surveyed. “Giving Feedback” and “Getting Help” are two key touch points.
In addition, Mimecast conducts service reviews with customers bi-annually and Customer Advocates ask specific questions around resources, documentation and “Getting Help”.
Finally, Mimecast conducts Customer Development interviews that focus on soliciting feedback specifically around effectiveness and usefulness of knowledge base, documents, video assets and website content.
Mimecast monitors support case trend data to continually monitor and improve support documentation.
As well as the Mimecast Product and Education Teams continuously reviewing documentation Mimecast's Customer Experience and Account Managers, Technical Consultants, Pre-Sales, Professional Services, along with Mimecast Channel Partners' feedback is always fed through to review and refine where relevant.
Mimecast customers automatically benefit from unlimited access to the Mimecast Knowledge Base, user community and free email support.
If customers have greater support needs, they can purchase enhanced support options. Mimecast's flexible support allows customers to only pay for what support services they need, rather than bundling all customers and support needs together.
Its range of cloud services are designed for rapid deployment.
The Mimecast Professional Services team has a wealth of experience and expertise to assist customers at every stage as required, from planning, migration and activation to ongoing support and training. Their expertise combined with proven processes, methods and supporting technology helps ensure project success.
Mimecast adopts the Forrester Customer Experience Index (CXi) for customer journey mapping, identifying key touch points and applying intentional design to improve every aspect.
Judges welcomed an entry from a company with a good reputation and flexible and solid support.
Best Data Leakage Prevention (DLP) Solution –
Regulatory compliance and securing intellectual property are DLP market drivers. Trade secrets, customer lists, source codes, formulas, and compliance data like PII, for example, are the targets of cyber-criminals. This forces a DLP solution to adapt and protect. Websense's Data Security Suite satisfies this need by discovering, monitoring and protecting data-in-motion, data-at-rest and data-in-use preventing unauthorised transmission and copying of sensitive data through email, web and mobile channels.
The suite provides more than 1,700 policies and templates quickly enabling users to meet regional compliance demands and secure their IP. The suite endpoint support for Windows, Mac and Linux provides DLP regardless of whether users are on-or-off network. Websense's DLP solution adapts to advanced attacks with leading technologies such as Machine Learning, Drip DLP, and Optical Character Recognition identifying hidden text within an images as well as Fingerprinting and Endpoint Fingerprinting, even when offline. High Risk User Profiling helps combat insider threats.
Websense's suite offers several deployment options that are designed to be cost effective. It can be deployed in a matter of hours, which helps IT teams save costly hours and resources. The suite can also be rolled out only to protect the most important information—network DLP, endpoint DLP, mobile DLP, data discovery, or any combination.
This enables organisations to easily deploy data loss and theft prevention with the highest, most immediate return on their investment. And if customers want to increase capacity or features, they simply need a licence upgrade (without additional hardware in most cases). The suite also accurately identifies sensitive data as it is stored, used, or traverses the network.
Reduced false positives from natural language processing ensure that administrators focus on "real" incidents and save time. Info-Tech Research Group recently named Websense's suite a leading product champion for its low-cost and high-accuracy.
The judges deemed this a very comprehensive DLP solution and one of the market leaders in this category.
Best Email Security Solution -
Today's businesses have a tough time managing data, whether it's internal mail exchange, outbound mail or items that are incoming. Each of these could contain vital information that is integral to an organisation and could cause significant damage – financial or reputation – if shared with those for whom it is not intended.
The SECURE Email Gateway (SEG) from Clearswift has one of the highest levels of filters to protect organisations of all sizes from inbound spam, phishing and junk email; plus it's capable of blocking viruses, malware and inappropriate content such as pornography, and profanity from entering a network. But data issues don't just come from outside, Clearswift's SEG can also enable users to ensure that all email exchanges are compliant and sensitive data remains not just within their network, but also within the right parts of it and in the right hands.
Clearswift's SEG performs the traditional hygiene functionality and DLP policy management, but also offers native redaction facility. Built within its content inspection engine, it provides customers the ability to modify messages removing sensitive or dangerous content (APT's) using the Data Redaction, Document Sanitisation and Structural Sanitisation features. These advanced features minimise the ‘False Positive' and ‘Blocking' architecture of traditional DLP
Data Redaction allows textual content to be removed from messages and attachments this could be sensitive or PCI/PII data leaving or offensive material entering the business.
Document Sanitisation allows the business to remove sensitive information from document properties such as change history, author names and comments. Structural Sanitisation looks at attachments and removes any active content from the file and delivers a safe but identically formatted version of the file. This approach will render Office and PDF files free from malware.
The judges felt that the addition of Redaction and Document Sanitisation features made the product an attractive proposition.
Best Emerging Technology -
Hacker methodologies and techniques have drastically evolved and matured, and today even the most secure networks are hacked, as seen in the recent Sony, JPMC, HomeDepot and Target breaches. Even though organisations deploy an array of security solutions, modern cyber-attacks - commonly referred to as APTs - are purpose-built to evade existing defences, and often remain undetected for months (210 days on average according to the Ponemon institute) and the financial impact of a breach has increased to a £22.6 million as of 2014.
Cybereason developed a real-time endpoint detection and response solution that enables NGOs and government organisations to protect themselves against this new breed of attack. Cybereason detects breaches in real time and automatically reveals all hacker activities within the network and on individual machines to significantly reduce the detection and response time and dramatically drive down the cost of a breach.
Cybereason's platform continuously collects information including: processes, users, network, servers, files, hashes, privileges, etc, and uses real time behavioural analytics to build a complete picture of a malicious operation.
Unlike other solutions that detect local, sporadic events with no context, Cybereason provides an overall picture of the malicious operation MalOp), automatically revealing the attack's timeline, root cause, adversarial activity, the malware involved, and all related communications by and between endpoints and users. By doing so, Cybereason significantly reduces the detection time, automates incident investigation, and cuts the time spent on eliminating false positives.
The attack's timeline, activities and events are presented in Cybereason's Incident Response Console which facilitates collaboration and decision making.
The judges thought the company took a deep dive into hacktivism and cyber-crime methodologies and motives to help organisations identify emerging cyber-threats as well as incident responses services when the inevitable happens.
Best Enterprise Security Solution -
Kaspersky Lab's engineers and experts offer excellent 24/7 technical support to corporate account members, and more widely through its online portal, to keep customers fully operational and secure.
Extended technical support is available through a Maintenance Service Agreement (MSA). This includes a dedicated technical account manager to fast-track issues to the relevant experts, with a commitment to respond to a high level incident within two hours.
This agile and responsive approach results in less downtime, faster recovery and a reduced drain on internal resources for clients – the last particularly valued as many enterprises struggle with a lack of in-house cyber-security skills (53 percent) and budget constraints (63 percent). Kaspersky Lab also offers access to a range of cyber-security education services to overcome this, as well as intelligence services for updates on emerging threats and expert analysis and reporting on relevant malware incidents.
The cost of ownership is relatively low, which the company says is achieved through innovation and efficiency, not at the expense of performance.
Many enterprises (51 percent) worry that cyber-security measures will divert funds and impede productivity; Kaspersky Lab's enterprise security solutions seek to address this by making minimal demands on IT performance, management resources and budgets.
The software has a small memory footprint, requires little power to operate, and updates are frequent and automated - minimising cost and disruption for users.
Advanced solutions are easy to install and all integrate with the same central management console: The Kaspersky Security Center. This provides a single interface for multiple solutions, including endpoints and virtual machines, software applications, corporate networks and infrastructure.
Furthermore, all Kaspersky Lab solutions are built organically using the same software foundations and integrate together; providing deep yet agile, responsive and scalable, cost-effective protection across the enterprise.
The offering was thought by judges to flexible and competent, helping organisations plan and operate their business safely and securely, removing the fear of cyber-threats by providing excellent expertise and support 24/7.
Best Fraud Prevention Solution -
The European Central Bank issued recommendations for securing Internet payments to help prevent advanced malware and phishing attacks resulting in payment fraud.
IBM Security Trusteer delivers a holistic cyber-crime prevention platform that helps protect organisations against financial fraud. Over 450 leading global organisations rely on IBM Security Trusteer solutions to protect their web applications, computers and mobile devices from online threats, such as advanced malware and phishing attacks. IBM Security Trusteer advanced fraud protection solution gathers intelligence from more than 270 million endpoints around the world to help prevent malware and phishing-driven fraud, detect account takeover attacks and fraudulent transactions, and control mobile fraud risk.
Trusteer stops threats as early as possible and detects what can't be prevented, so customers can take action against actual threats, before they are impacted.
It helps reduce unnecessary authentication challenges, transaction verification, and other interruptions that impact the customer experience, while delivering proactive remediation for compromised accounts. The result is more secure transactions.
Trusteer provides a fully-integrated platform for fraud detection and prevention. Threat data can be leveraged across channels and throughout the attack life cycle.
Firstly, Trusteer protects the customer's PC/Mac against financial malware and phishing so customers can bank online more safely. It also detects client-side risk factors for mobile account takeover and transaction risk detection through: evidence-based detection of account takeover attempts, real-time malware detection and detecting mobile-fraud risks from compromised end-user and criminal-owned devices.
The judges said the product helped in reducing reduce unnecessary authentication challenges, transaction verification, and other interruptions that impact the customer experience, while delivering proactive remediation for compromised accounts. The result is more secure transactions.
Best Identity Management Solution -
HP delivers its innovative Identity and Access Management (IDAM) solution to public and private sectors needing to control access from disparate user groups. As an example, one client, Norfolk County Council (NCC), wanted to be a federated ‘Identity Provider' and ‘Service Provider' delivering connected public services through wider adoption of public-sector federation. The HP service design includes automated provisioning, identity governance, and self-service functionality; however, NCC has over four times as many external users as internal users to manage, meaning that federated access management was a high priority. NCC needed to authenticate three separate federation partners through secure SSO access to their line of business applications. The NCC required SailPoint, Ping Federate, as well as a functional design that prioritised the business and its transformation to such advanced Identity and Access capabilities.
The HP service design enables public-sector organisations to have shared access to citizen information. This service will provide massive benefits to healthcare, child services, law enforcement, and fire departments, among others, as it will enable public services to share previously isolated data. The link between services will improve the efficiency of public services and their reach. Citizen data will become accessible between locality and organisation. For instance, as citizens move, their records will be available elsewhere as they are centrally managed and collected.
Federation and solid Identity Governance pave the way for this next generation of public services to be a secure reality. The solution at NCC offers both internal Identity Governance to protect access to the sensitive data it holds, as well as easy and secure access to those that are authorised and need to use it.
According to the judges, the service will eliminate geographical boundaries, ensure appropriate level of access and governance controls, and also eradicate isolated data stores within public-sector organisations, providing a rich quantity of data on demand to many public-sector organisations.
Best Managed Security Service -
With the rapid evolution and complexity of today's threat landscape, the Managed Security Service (MSS) market is gasping for fast, flexible security solutions. But when an MSS provider installs hardware on client premises, it's the industry's equivalent to fitting handcuffs – it's extremely hard to change providers, scalability is limited and updates are complicated.
So, in 2014, CSC made changed its end-to-end managed security service: it became the first MSS provider to successfully develop and deliver a security solution 100 percent through the cloud. The handcuffs were off.
It offers a very high level of service flexibility and breadth and can be on- and off-boarded rapidly as customers require and it's entirely replicable. The company delivers across the whole market, right up to high-end secure, accredited organisations.
This new strategy, highly rated by IDC, is realised by several key differentiators. It isn't tied to selling its own products, using multiple ‘best-of-breed' technologies instead; e.g. Tripwire IP360TM and Trend Micro Deep Security.
It provides a bespoke wrap around its turnkey services, eg developing client-specific HP ArcSight correlation rules. With its US government heritage and deep three letter agency engagements, it has privileged access to threat intelligence.
It tests and responds faster to threats using its SOC-based Advanced Threat Labs. Within 24- hours of ‘Heartbleed', it had deployed UDS signatures whereas some product vendors were almost three days later.
It has ISO27001, ISO22301, FSAE16 and List-X accreditation, and is also approved to handle ‘secret' (not just ‘sensitive') data – believed to be the only MSS provider with this level.
Its service has already proven to reduce clients' costs by as much as 30 percent compared to an in-house solution, helping clients gain buy-in and justify budgets. By using the cloud, it delivers considerable cost savings once the service is in place (thus reducing budgets).
The judges felt the solution was comprehensive and insightful.
Best Mobile Security Solution -
Built with a mobile first perspective, kiteworks by Accellion enables secure viewing, editing, sharing and syncing of enterprise content on every mobile device. Among the many benefits is the ability to create custom enterprise mobile applications with out-of-the-box security.
Two key components differentiate kiteworks from competitors. The first is its secure integration with other enterprise solutions, such as SharePoint, Documentum and other Enterprise Content Management (ECM) systems, as well as security protocols like DLP, SSO and LDAP. With this, end users can securely view and collaborate on existing files from tablets, smartphones or desktops, without having to create duplicate files in a new content system or expose sensitive documents to a public cloud service.
Employees within an organisation using kiteworks can easily and securely send files stored in ECMs, like SharePoint to internal and external stakeholders, via either mobile devices or the kiteworks web interface, without the need for VPN.
The second differentiator is the ability to deploy the solution via a private cloud. Many organisations are subject to government and industry regulations, that require strict data access roles, geographical segregation of information and transparent auditing capabilities.
From a monetary savings perspective, one client, the London Borough of Camden, was able reduce the in-office desk count for roles like social workers. It did this by enabling them to access content and upload reports from the field, rather than having to return to an office to connect to the network. Similarly, one NHS Foundation has replaced manual printing, compiling and distribution of board notes, by moving to Accellion's private cloud-based collaboration solution.
The product is useful in scenarios where mobile workers routinely need to access sensitive information, according to the judges. The integrated MDM solution is able to be integrated with existing CMS, DLP, etc. Also with two-factor authentication and multi-deployment options.
Best Multifactor Solution -
Encap Security's Smarter Authentication ditches OTPs and extra hardware, and uses a person's smartphone, tablet or wearable device to verify their identity and provide access to services via the organisation's app. The most common use of Encap is where the smartphone becomes the ‘something you have', PIN ‘something you know', and TouchID ‘someone you are'.
Encap offers software and device-defined authentication whilst defending the app itself against malware and tampering. Encap uses device capabilities (GPS, Touch ID, etc) to enable ‘context-aware' authentication factors. These extra layers include location (ie, is that where the person usually is?), behaviour (ie does the person usually log on at this time?) and biometrics (ie is this the right person?).
By using device capabilities in combination to optimise authentication, organisations can take a proportional approach, where the security requirements are proportional to the risk involved. This ensures the highest level of usability, security and scale.
Smarter Authentication makes authentication simple for users, and enables innovation, reduces risk and drives service adoption for organisations.
It can be provisioned to any device without the costs, complications and limitations of shipping hardware or relying on networks.
Whether a branded white-label standalone app, or integrated into the organisation's application via SDK, the experience is slick and consistent across all channels. Authentication requirements are proportional to activity, to minimise user effort whilst ensuring security standards.
Multi-factor means that a stolen device, PIN or fingerprint doesn't compromise security on its own. Smarter Authentication protects the app environment as well as the authentication process, and can be instantly updated to defend against the latest threats. It automatically defends itself against malware attacks/tampering, allowing the application provider to deliver high value services in a secure way, even to jail-broken devices.
The judges said the solution was smart and flexible, enabling mobile authentication.
Best NAC Solution -
ForeScout CounterACT lets you see devices, users and applications on networks in real-time. CounterACT assess each device to determine whether it contains any vulnerabilities (OS, antivirus, application, etc) or configuration problems.
Based on policies that users configure, CounterACT will block, allow, or limit network access. Unlike basic NAC products which can be too restrictive and disruptive, CounterACT provides flexibility to configure network access policies appropriate to the business, accommodate BYOD, etc.
CounterACT automatically finds and fixes endpoint security problems, saving time and improving the user experience. CounterACT can automatically update anti-virus, install agents, trigger an operating system patch, or kill a process or application.
ForeScout CounterACT differs in four ways: It is fast and easy to implement. CounterACT works with existing network infrastructures, is non-disruptive, and does not require 802.1X configurations. CounterACT works with most leading vendors' switches, wireless controllers, VPN equipment, and other infrastructure.
It works without an agent. CounterACT can authenticate, classify, and provide network controls for Windows, Mac and Linux systems without the need to deploy another agent on the endpoints.
The product interoperates with a wide variety of existing security systems such as Vulnerability Assessment, APT Detection, SIEM, MDM, VPN, Next Generation Firewalls, etc. By sharing security information and automating security controls, CounterACT saves time, reduces risk exposure, and improves ROI from existing purchases.
It provides more information about what is on the network, including information about vulnerable applications and processes (e.g. the BASH vulnerability).
According to Frost and Sullivan, ForeScout has 21 percent of the global NAC market. Gartner placed ForeScout in the Leader's quadrant for 2011, 2012, 2013 and 2014 NAC Magic Quadrant.
The judges said the product was a strong solution that showed real innovation.
Best Newcomer Security Company of the Year -
Skyhigh says its commitment to the market and ability to provide complete cloud lifecycle insight and protection to enterprises is demonstrated by being the only vendor to have household name customers in every vertical, including Cisco, Equinix and Zurich Insurance.
According to industry analysts, Skyhigh's customer base is more than ten times the size of the next-largest competitor, and the company expects this customer base to grow at an increasingly rapid pace moving forward given rapid expansion of sales and marketing teams in the US, Europe, Asia, and Australia.
Skyhigh is a Cloud Access Security Broker with a shipping, production-deployed product across the entire cloud adoption lifecycle of Discover, Analyse and Secure.
Skyhigh has a dedicated Customer Success team (CS) that holds regular calls with Skyhigh customers seeking to ensure they receive the best value for their investment. They proactively notify customers of CSP security vulnerabilities and remediation actions, provide product training and are available for timely issue resolution. The team holds webinars, authors' educational whitepapers and facilitates the exchange of best practices amongst users – and has tripled in size in the past two months.
Customers also have access to Skyhigh's Cryptography Advisory Board for consultation on peer- and academia-reviewed cloud encryption schemes.
Skyhigh has a Customer Advisory Board that is invested in Skyhigh's success and provides critical input into Skyhigh's product roadmap. Skyhigh has a high Net Promoter Score with customers offering positive feedback on Skyhigh's value proposition, transparency and responsiveness.
Finally, Skyhigh's cloud service directory is constantly updated with changes in provider attributes, including notifications and educational reports around data breaches.
Skyhigh's initial product created a new market, and the team constantly adds new capabilities. Skyhigh has filed 12 patents across all critical areas of its offering: discovery and log analysis, traffic monitoring and redirecting, machine learning and analytics and encryption and tokenisation. Over 55 percent of the company's employees are in Research and Development.
The judges liked its approach and said the fast growth speaks for itself.
Best Professional Training or Certification Programme –
Now in its 26th year, (ISC)² offers information security and IT professionals access to vast opportunities to develop a breadth of knowledge across required skill sets, along with valuable peer networking and mentoring.
The CISSP is a measure of excellence held by nearly 100,000 professionals across 139 countries, more than 16,000 of which reside in Europe. At the core of the CISSP and all (ISC)2 certifications is the Common Body of Knowledge (CBK) that remains current through an ongoing consultative process, known as job task analysis.
Credential holders commit to mandatory continuing professional education, essential to this dynamic field, supplemented by a comprehensive online and event-based educational programme delivered by (ISC)². Finally, being certified means being a member of a community, supported by much needed opportunities to come together, whether online or in person to share experience and very current knowledge.
Frequently referenced in top lists of IT-related certifications, the CISSP has become a benchmark of professionalism. Increasingly required by both security-conscious organisations and government entities, the CISSP validates that an individual possesses the breadth of knowledge and experience needed to credibly manage the security posture of their organisations.
Members report that the extent of knowledge and experience needed to pass the examination set the CISSP apart. The CISSP holders work with confidence that colleagues around the world work with the same foundation of knowledge and understanding as their own.
This credential-based programme uses an extensive foundation of front-line experience, the common body of knowledge reflects input from the practicing membership. Finally, the CISSP credential has long been recognised for adhering to stringent standards as the first in infosec to meet ANSI/ISO/IEC 17024 requirements for professional credentials.
According to the judges, this is no doubt the prime certification in the field; the recent efforts to refresh the certification are a positive step in the right direction to address areas needing strengthening.
Best Security Company -
Tenable Network Security
Tenable Network Security solutions help organisations of all sizes achieve compliance with multiple industry and government standards. Tenable is relied upon by many of the world's largest corporations, not-for-profit organisations and public sector agencies. SecurityCenter Continuous View (SC CV) provides a comprehensive and integrated view of network health while Nessus, an integral part of SC CV and the one of the world's most widely deployed vulnerability management products, provides a global standard in detecting and assessing network data. These solutions are used by customers in every major vertical to continuously monitor compliance programmes such as SOX and Payment Card Industry Data Security Standard (PCI DSS).
Demand for Tenable solutions continues to be very strong, with Tenable's business growing at over 40 percent pa, well above the security and vulnerability market's growth rate. It also reports over 98 percent renewal rates for its SecurityCenter Continuous View products.
Tenable's SC CV provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable combines active scanning, passive monitoring, and log analysis to capture security and compliance risks introduced by traditional, mobile, cloud, and virtualised components in the modern datacentre.
Nessus displays vulnerabilities based on standard CVE/CVSS formats. SecurityCenter CV supplements this with passive and log analysis. Organisations get a real time view of vulnerability, threat and compliance risk for all assets on their networks with advanced analytics, visualisation and reporting. “Outcome based” auditing allows managers to set desired security posture and receive proactive reports when assets are out of compliance.
Nessus and SecurityCenter CV are integral parts of many threat management programmes. Tenable enhances its core capabilities with several third party threat intelligence feeds incorporating, among others, over a billion malware hashes and over 250,000 malicious IPs/URLs into its security analysis.
The verdict of the judges was that the company was one we all rely upon.
Best Security Team -
Over the past two years, cyber-threat has increased in frequency and sophistication. BP's Digital Security team has brought together deep technical expertise across all aspects of information security and from diverse professional backgrounds in order to further improve how it responds and anticipates potential threats. Based primarily in in London and Houston, the team has a global role, covering information security across all aspects of BP's diverse business. It is a highly professional, diligent and energetic team that is committed to excellence.
BP's Digital Security team has made significant changes including holistic and strategic coverage aligned with the Board-approved Information/Cyber-Security strategy covering all aspects of modern information security management, including emerging areas such as intelligence, counter threat and behavioural change.
Within BP, the team has adopted a pragmatic approach to security, aimed at enabling secure business outcomes, consistent delivery to time and budget for significant change programmes. Regular engagement with stakeholders across the company allows it to understand concerns and inform staff of developments.
Bob Dudley, Group Chief Executive of BP said in a speech made to Cyber Security Innovation Summit 2014, that BP “has elevated cyber-security to a level at which the issue receives the right amount of attention and resource.”
“Cyber-security is what we describe as a group level risk, the highest level. That means it is assigned for monitoring to a committee of the board of directors – in this case the audit committee.”
Best SIEM Solution -
SolarWinds Log and Event Manager (LEM) delivers comprehensive Security Information and Event Management (SIEM) capabilities in a highly affordable, easy-to-use, and quick-to-deploy virtual appliance. It provides real-time log collection and analysis, in-memory event correlation, detailed reporting, secure storage, and an innovative approach to IT search to deliver the visibility, security, and control users need to overcome everyday IT challenges.
SolarWinds LEM captures data and provides granular details in ways that are actually useful to admins instead of making them try to find a needle in a haystack, and its log analysis solution features active response capabilities.
SolarWinds LEM makes deployment and management simple with its all-in-one virtual appliance, browser-based console, intuitive interface, and hundreds of built-in filters, rules, searches, and reports. Plus, it integrates with other SolarWinds products, including Network Performance Monitor and Server & Application Monitor to send/receive traps, as well as Alert Central for incident handling
SolarWinds LEM offers an easy-to-use, quick-to-deploy, scalable log management and SIEM solution that provides true real-time, in-memory event correlation, automated active responses for hands-free threat mitigation, File Integrity Monitoring, and USB defender technology to protect sensitive data, over 700 built-in correlation rules, more than 300 “audit proven” report templates, and a novel approach to IT search—all while maintaining a price point that makes it accessible to nearly everyone.
Competing solutions require log and security management expertise from the user or the need for third-party consultants, plus days to months to implement properly; SolarWinds LEM can be deployed in under an hour and delivers easy-to-understand, actionable intelligence right out of the box—enabling security and operational admins alike to immediately start detecting and remediating threats, as well as simplifying network and application troubleshooting, and streamlining compliance efforts.
Judges said they liked the emphasis on real-time data with it being a simple real time solution accessible to smaller organisations.
Best SME Security solution -
Security is a growing concern for organisations of all sizes. In the SME market, companies realise that they could be the weaker link and a more viable entry point for hackers into the larger organisations that may be their customers or partners. Like larger organisations, SMEs need to ensure that they can prove good security practices. Often, they do not have the large budgets, resources and staff to deploy disparate security solutions, so AlienVault USM offers a solution which combines five essential security controls in one easy to use platform and within reach of even the tightest budgets.
AlienVault has seen tremendous growth in the EMEA market for this kind of security offering, so much so that it opened a Sales and Technical Support Centre in Cork, Ireland to help cope with the demand. There are also offices in Spain and Reading in the UK.
While the main premise of AlienVault USM is that it is easy for users to get up and running in a day, it also offers LightSpeed support, available to customers with an active Support and Maintenance Contract for the AlienVault USM product line. It provides access to a world-class support organisation, in addition to a support portal where users can submit and track support cases online.
AlienVault also offers online and in-person training classes that help enable organisations of all sizes to quickly detect and effectively respond to the latest threats. Led by security professionals, AlienVault training classes and webcasts provide the instruction and hands-on practice needed to design, install, deploy, configure, and operate our Unified Security Management products.
The judges called the solution a good one, a good price and great service.
Best UTM Solution -
Sophos UTM provides a one-box approach to network, web, email, wireless, web server and endpoint protection, allowing customers to consolidate multiple solutions into a single security gateway. Backed by the intelligence provided by Sophos' global network of labs plus numerous other threat data sources, Sophos UTM offers advanced security features which are easy to setup and use.
Using a single management console, customers can select which security features they want to activate and add further ones at any time. As a fully-featured web security gateway, email gateway, network firewall and wireless management console, Sophos UTM has enabled its diverse customer base to reduce the number of solutions they need to manage whilst providing enhanced features, such as Advanced Persistent Threat Protection, which even the smallest company, can easily deploy.
Sophos UTM provides the same features for every size of appliance; it says that no customer has to compromise on features, take a larger more expensive appliance just to get a particular feature or buy an additional appliance to get full protection or the visibility they need – this is not the case with most competitor solutions.
Every UTM appliance comes with a built in hard disk or solid state drive to store logs, quarantine data and reports on-box, meaning customers have constant access to historical data to make intelligent decisions and adapt their solution to the current need of their business. Customers can choose to deploy the UTM solution as hardware, software, virtual or in the cloud without forfeiting functionality. It is also offered by Managed Service Providers. Up to 10 of its UTM appliances can be clustered to provide optimal performance and high-availability for the changing business needs of an organisation.
The judges said this provided a superb feature-set that can enable businesses of any size or structure to operate their business safely and securely.
Best Vulnerability Management Solution -
LanGuard 2014 R2 is a comprehensive network vulnerability scanning and patch management security solution and is a critical component to any network security practice. LanGuard provides network administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for any other update tools.
It also provides network auditing, powerful scanning and remediation capabilities, and vulnerability assessment for operating systems, third party applications and an increased number of network devices, including printers, routers, switches and mobile devices such as smartphones and tablets. GFI LanGuard integrates with more than 4,000 security applications and can check for more than 50,000 different vulnerabilities on a network.
This latest version of GFI LanGuard extends mobile device auditing to support cloud-based services – including Office 365, Google Apps and Apple Profiles Manager – and extends vulnerability assessment to a broader range of network devices.
LanGuard says it differentiates itself from its competition by being the only patch management tool necessary for an organisation, automating patching for all important operating systems: Windows, Apple OS X, Linux (Red Hat Enterprise Linux, Fedora, Ubuntu, Suse, OpenSuse, CentOS, Debian) and more than 70 of the most popular third-party software including Java, Flash Player and major web browsers.
It also includes full vulnerability assessment and network auditing functionality, even for devices such as printer, routers and devices running popular mobile operating systems, like iOS, Android and Windows Phone - providing a complete security solution.
GFI LanGuard integrates with more than 4,000 security applications and can check for more than 50,000 different vulnerabilities on a network. In addition to security patches, LanGuard also supports non-security patches for Microsoft operating systems and third-party applications.
According to the judges GFI LanGuard 2014 R2 maintains comprehensive coverage of network devices and thus ensures that all devices, irrespective, of type or purpose are appropriately assessed and updated.
Best Web Content Management Solution -
UserGate Web Filter is designed to provide effective security against web threats, such
as phishing, Trojans, keyloggers, botnets, malware, etc. It also provides excellent broad
protection against new and zero-hour threats. Moreover, the product features built-in anti-virus protection that makes web surfing much safer. UserGate Web Filter modular design gives high performance through ultra-low processing, memory, storage, and bandwidth consumption.
UserGate Web Filter can control access to websites, Web 2.0 content, downloads, or streaming media based on users, groups, and time. The product can enforce granular policies that can provide security, increase productivity, and enforce any reasonable corporate policy. An SSL inspection function allows application of these policies to all social networks and search engines that would be otherwise impossible.
Entensys (UserGate Web Filter developer) has rich experience in developing solutions related to content analysis of Internet traffic. For over ten years, Entensys technologies has protected companies and end users from Internet threats and enabled them to manage traffic, filter Internet content, and defend against spam and malware.
UserGate Web Filter can be deployed at all levels, from end-user workstations to ISP-level distributed systems. It competes with products made by major IT security companies, and while Entensys is less well known, its solutions provide high-quality Internet filtering and support unlimited scalability for large deployments.
UserGate Web Filter secures web browsing by company employees, protecting them from dangerous and malicious content, and allows blocking non-work-related websites such as social networks, dating services, employment websites, online games, and entertainment/ gaming. UserGate Web Filter can also block all web resources that are forbidden by law.
The Entensys content filtering system allows monitoring Internet use and generating full statistics for analysis.
The judges said that while Entensys is less well known, its solutions provide high-quality Internet filtering and support unlimited scalability for large deployments.
CSO/ CISO of the Year -
Daniel Barriuso, CISO, BP Plc
Daniel Barriuso is the Chief Information Security Officer (CISO) at BP. He is responsible for cyber-security across the Group, including strategy, governance, architecture, education, counter threat operations and incident response. Daniel is a frequent speaker and contributor at security forums and events.
Prior to joining BP, Daniel was CISO at Credit Suisse and was chairman of the Investment Banking Special Interest Information Security Group (IBSIG) where he helped coordinate, in partnership with Bank of England and FSA, the first UK banking industry cyber-exercise (Waking Shark). Daniel also dedicates his time as a Professor at the ‘Universidad Politecnica de Madrid', where he lectures and researches in the areas of IT governance and information security investment.
Daniel sets high standards for himself and the team. He inspires his team to be the best. Since joining in late 2012, he has made a significant impact on the capability, motivation, performance and reputation of BP's Digital Security team.
Daniel has helped establish information/cyber-security as one of the company's highest priority risks through thoughtful engagement with senior stakeholders across BP's business.
Information/cyber-security risk is articulated in business terms and a comprehensive strategy has been defined in partnership with the Business. User awareness is one of Daniel's priorities and he has made it a priority for BP. He launched a new security behavioural change programme focused on ‘making cyber-security part of everyone's job'.
Mike Gibbs, BP's Group CIO said “Under Daniel's leadership, BP has made a step change in its approach to Cyber security. He brings an enormous level of security expertise and experience. Perhaps even more importantly, Daniel has been able to engage with our executive business leadership so that cyber security is now owned by them as a priority business risk. His strategic outlook has been backed up by very strong delivery, giving him credibility at all levels. Daniel has built a fantastic team and a capability that puts us in a very strong position to continue to manage this most important of business risks in the future.”
Risk/Policy management and regulatory compliance solutions –
Tenable Network Security
Tenable believes in providing the best possible experience to its customers through a variety of different channels. In its 2012 Vulnerability Assessment MarketScope report, Gartner says “Tenable gets good marks for the quality of its technical and customer support, and for addressing customer feature requests.” It offers unlimited, toll-free support, an online portal, and a discussion forum providing a deep knowledgebase of tutorials, and over 100 sample dashboards and reports.
Tenable employs its own customer support and professional services staff through its offices around the world to enable true follow-the-sun support model. In addition Tenable fosters and maintains a thriving online community of security professionals that engage in active discussions and support through the discussions.nessus.org community.
For its large accounts and enterprise customers, Tenable employs a specialised technical team of product specialists that, in many cases, were extremely sophisticated Tenable customers and product users that decided to join the company.
Tenable is consistently identifying new ways to improve existing products. Within the past 12 months, the company has introduced more than a dozen new product updates – designed specifically to help customers stay ahead of both internal and external threats, while streamlining and automating the compliance process. Updates to Nessus, an integral part of SC CV, regularly includes additional plugins to identify newly discovered vulnerabilities, updated reports, changes to compliance checks based on audit requirement changes, and core product updates. These updates occur approximately every six weeks.
Tenable's products are the industry standard for continuous monitoring and vulnerability assessment, and the vast majority of third-party security auditors use Nessus as their primary tool to assess the risk status of enterprise networks. Customers use SC CV to gain comprehensive visibility into the effectiveness of their security and compliance programmes.
The judges remarked that the solution has a good overview for compliance teams, “what you might want in your back pocket for keeping an eye on things”.
Editor's Choice Award
Most SC Awards go to companies which have raised the bar in their sector of information security.
But many SMEs and even some medium sized companies have next to nothing in place to protect themselves from cyber-threats, and so Cyber Essentials, receives the Editor's choice Award for actually putting a bar in place for the first time, potentially having a greater impact on improving information security in the UK than any other single initiative.
Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks and came about after CESG, the information security arm of GCHQ , found that 80 percent of cyber-threats come from less skilled attackers.
In response, Cyber Essentials provides a clear statement of the basic controls all organisations of whatever size should implement to mitigate the risk from common internet based threats. And through the Assurance Framework it offers a cost-effective mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
It does this by certificating best practice - awarding Cyber Essentials and Cyber Essentials Plus certificates for organisations, giving them a choice over the level of assurance they wish to gain and the cost of doing so. It lets them achieve the right balance between providing additional assurance of an organisation's commitment to implementing cyber-security to third parties, while retaining a simple and low cost mechanism for doing so.
When properly implemented, the set of controls defined by Cyber Essentials will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online. Risk management is the fundamental starting point but the focus for Cyber Essentials is the basic cyber-hygiene that needs to become the minimum de-facto standard across the information security industry.