Award Areas Of Expertise

The SC Awards Europe 2017 are divided into three main award areas of expertise, 'Excellence Awards: Threat Solutions', 'Excellence Awards: Industry Leadership' and 'Professional Categories'.

2017 sees the introduction of  a new category; 'Best disaster recovery / business continuity offering'.

Editor's Choice Award

Best Advanced Persistent Threat (APT) Protection

An advanced persistent threat (APT) product and/or service provides real-time detection of and protection against intruders gaining access to an enterprise environment to stealthily extract high-value information assets from targeted organisations in manufacturing, financial, national defence and other industries. Tactics used by cyber thieves launching these attacks often allow their activities to go undetected for indefinite periods of time. This is because an APT intruder must continuously rewrite code and employ sophisticated evasion techniques to accomplish their primary goals.
One technique that is commonly used by an APT intruder is spear phishing, a type of social engineering, to gain access to the network through legitimate means. Then, these tricky intruders are ready to harvest valid user credentials (especially administrative ones) and move laterally across the network, installing backdoors at will. These backdoors provide the APT attacker unlimited opportunity to install bogus utilities to create a “ghost infrastructure” for distributing malware that remains hidden in plain sight. While these types of attacks are difficult to identify, the theft of data can never be completely invisible. To find and stop these intruders, an APT product or service must have a unique set of features and functions specifically for addressing APT mitigation. Contenders entering this category should provide real-time network traffic analysis of new and unknown malware; block data exfiltration attempts in real-time (including but not limited to web, email, file, FTP, DNS, or other critical systems  and related applications); provide content and/or behavioural analysis; offer an integrated cloud-based dynamic threat intelligence distribution infrastructure; and offer advanced evasion technique (AET) detection and/or prevention functionality. Central administration and management and secure remote management capabilities are also essential.


Best Cloud Computing Security Solution

These technologies are deployed to protect data and/ or applications in a cloud environment. They may also protect the cloud computing infrastructure itself. Cloud computing security concerns are numerous for both providers and their customers – and include security and privacy worries, compliance issues and legal/contractual problems. Solutions or services in this category can provide for the protection of data or applications in the cloud, protection for traffic flowing between companies and their cloud service providers, policy management and encryption capabilities, privileged user access and controls or more.



Best Computer Forensics Solution

Products in this category fall into two sub-categories: network and media. The network tools must be exclusively intended for forensic analysis of network events/data. If the product is a SIEM with forensic capabilities, it should be placed in the SIEM category. Media tools cover just about all other non-network forensic tools, including those tools that collect data from media over the network and live forensic tools. This also includes specialised forensic tools that are not intended to analyse network data.


**NEW** Best disaster recovery / business continuity offering

It is now accepted that attackers will breach even the best defences, and if they do get in, the focus switches to mitigating the impact on your core business, ensuring critical operations continue and normal business is resumed as quickly as possible. This category looks at the solutions, tools and services on offer to ensure your systems have the resilience to survive a successful attack, minimising impact and achieving the shortest resumption of normal service.


Best Email Security Solution

Email security addresses the ability to exchange email messages with assurance, as well as the ability to filter email messages based on content, source or other criteria. Solutions should ensure the privacy of sensitive messages, limit the repercussions of email forgery, and manage other aspects of safeguarding email within the organisation. These products are enterprise-centric and should have, but are not required to have, some form of centralised management. They may include spam filters, junk mail filters, malware filters, unauthorised content (sometimes called “extrusion protection” or “data leakage protection”), phishing and other types of undesirable content. However, these are not simply anti-spam filters. These email security products should be evaluated on their effectiveness, manageability, non-intrusiveness, ease of use and other factors that impact the implementation of this type of product in the enterprise environment. They typically provide features such as email encryption, digital signatures, automatic shredding of messages and attachments, and more.


Best Fraud Prevention Solution

Given the reliance on the internet by consumers from all walks of life to conduct any number of retail, banking or other transactions, fraud prevention solutions have become critical. Tools nominated in this category strive to minimise online privacy and security problems that could lead to fraud and, therefore, impact both the company and the customer. Still an evolving area of information security, there are a slew of solutions and services available that could qualify for consideration in this category – from authentication and enhanced encryption solutions to secure web communication or malwaredetection


Best Identity Management Solution

Products in this category address the identity management lifecycle in an enterprise environment, including password management, user provisioning and enterprise-access management.


Best Managed Security Service

These offerings provide a turnkey approach to an organisation’s primary technical security needs. These offerings can either be a co-located device at the client organisation facility, or can be a completely outsourced solution where the application to be protected would reside at the vendor’s data centre.


Best Mobile Security Solution

More and more employees are using smaller and smaller devices with loads of applications to access corporate data. Some examples include iPhones, iPads, Android devices, BlackBerries and more. Products in this category deal with not only a collapsing perimeter, but also consumer-owned and controlled devices being used to get at corporate resources. At a minimum, these devices likely will require strong endpoint security, pointto-point encryption and more. This is a broad category - if your product is used to secure this type of small device/ handheld, it may fit. Security can be for data at rest in the device itself, secure access to data in the enterprise, and encryption for data in motion between the enterprise and the device. It also includes anything from hard disk encryption solutions and tools that track lost mobile devices to USB/thumb drive security solutions.


Best Multifactor Solution

Products here provide enhanced security to endusers or devices by offering credentials for access to an authenticator or authentication server. Software and hardware that specialises in the biometric authentication of users is also included here. These solutions may use a tangible device (something you have) for authentication and knowledge (something you know) for authentication. For biometrics, the solution provides identification and authentication using any of the following methods: finger/thumb print/retinal scan/voice recognition/hand/palm geometry/facial recognition.


Best NAC Solution

Protecting host-based computing platforms and network resources from threats that are brought in by employees, vendors, contractors and guests involves a numbers of solutions and policies. From anti-virus and firewalls to IDS/IPS solutions, the products in this category run the gamut. However, to control access to network resources at the endpoint, the tools companies often rely on are network access control (NAC) products. These solutions can be used to validate the existence of certain security measures and validate that they are properly configured and up to date. They also can validate the existence of current OS patches and can be used to manage the complexity associated with overseeing permissions and authorisations for various groups of users. Most will integrate with a common directory structure, some will provide local authentication capabilities, while others will match something on the endpoint – such as an agent or MAC address – to the authentication before allowing access to the protected network resources


Best Behaviour Analytics/ Enterprise Threat Detection

A still somewhat-emerging category, these products focus on detecting insider threats, targeted attacks and other fraudulent activities by examining human behaviours, identifying patterns that are then analysed through the application of algorithms and statistical analysis to detect anomalies that may indicate threats of loss or compromise to organisations’ critical data. Offerings in this space are also referred to as so-called “user-behaviour analytics” products by analyst company Gartner.


Best SIEM Solution

Security information and event management (SIEM) tools are used to collect, aggregate and correlate log data for unified analysis and reporting. Typically, these tools can take logs from a large number of sources, normalise them and build a database that allows detailed reporting and analysis. While forensic analysis of network events may be a feature of a SIEM, it is not the only feature, nor is it the primary focus of the tool. 



Best UTM Solution

Given the continuous convergence of the market, we’ve decided to retire some categories this year and integrate a number of individual categories from previous years into this unified threat management (UTM) category. The former categories – Best Enterprise Firewall, Best Intrusion Detection System/ Intrusion Prevention System Product, Best IPsec/ SSL VPN and Best Anti-Malware Gateway – are now integrated here. As formerly, contenders in the UTM security category should take an “in-depth” defence approach. Entrants should have an integrated, multifunction endpoint/UTM offering – not a singlefunction product. These products typically aggregate a wide variety of threat data into a single unified tool. Many organisations define those threat categories as anti-malware, content management, IDS/IPS and spam filtering, along with firewall/VPN. Entrants should meet this minimum functionality, although they may include anti-malware gateway, anti-spam gateway, anti-phishing gateway and more. Products function at the endpoint or
the gateway, or are hybrid gateway/endpoint solutions.


Best Data Leakage Prevention (DLP) Solution

Products in this category include those that help organisations safeguard their intellectual property and customers’ critical data persistently – inside and outside the company. Network-based and endpoint data leakage prevention products will be considered. Products should prevent data from unauthorised exit from the network, or protect data on the endpoint – whether the endpoint is connected to a network or not. Products typically are policy-driven and should include scanning of all data, regardless of protocol or application leaving the network, and/or keep track of peripherals, such as removable storage and attached to the endpoint – reporting that inventory to a central location or administrator. All entrants should have the capability of being managed by a centralised administrator. Those products considered part of this category include: network DLP products, which are typically gateways; those products protecting only endpoints; and hybrid products that operate at both the gateway to the network and at the endpoint. Specifically for endpoint DLP, traffic should be monitored and encryption should be available.


Best Vulnerability Management Solution

These products perform network/device vulnerability assessment and/or penetration testing. They may use active or passive testing, and are either hardware-or software-based solutions that report vulnerabilities using some standard format/reference.


Best Web Content Management Solution

Products in this category provide web content filtering for laptops, desktops and, optionally, servers. They may block or filter objectionable websites and content, and enlist blacklist, whitelist or both to update the vendor-provided data on which the solution is based.


Best Security Company

Nominees should be the tried-and-true, longer-standing companies which have been offering products and services to customers for at least three years. Nominations can come from all sectors. Areas that will be accounted for in the judging process include: product line strength, customer base, customer service/support, research and development, company growth and solvency, innovation and more.


Best Newcomer Security Company of the Year

Nominated companies should be new to the IT security field – offering an initial, strong, flagship product that is within two years of its initial release. Nominees can come from any IT security product/service sector and will be continuing efforts in further product development, customer growth and overall fiscal and employee growth. Please note in your submission the launch date of your initial flagship offering. If this initial offering or any of your other products have been on the market for longer than two years, please do not submit a nomination in this category.


Best SME Security Solution

This includes tools and services from all product sectors specifically designed to meet the requirements of small- to midsized businesses. The winning solution will have been a leading solution during the last two years, having helped to strengthen the IT security industry’s continued evolution.


Best Enterprise Security Solution

This includes tools and services from all product sectors specifically designed to meet the requirements of large enterprises. The winning solution will have been a leading solution during the last two years, having helped to strengthen the IT security industry’s continued evolution.


Best Customer Service

Support as well as service of products and services sold are critical components of any contract. For many organisations that seek out help from information security vendors and service providers, the assistance they get from customer service representatives is crucial to the deployment, ongoing maintenance and successful running of the technologies they’ve bought and to which they have entrusted their businesses and sensitive data. For this new category, we’re looking for vendor and service providers that offer excellent support and service – the staff that fulfilled its contracts and maybe even goes a little beyond them to ensure that organisations and their businesses are safe and sound against the many threats launched by today’s savvy cyber-criminals.


Best risk management / regulatory compliance solution

These products measure, analyse and report risk, as well as enforce and update configuration policies within the enterprise, including but not limited to network, encryption, software and hardware devices. They also help organisations comply with specific regulatory requirements demanded of companies in the healthcare, retail, educational, financial services and government markets. Contenders’ products should offer a reporting format that covers the frameworks of multiple regulatory requirements and help customers meet mandates noted in such legislation as the DPA, Sarbanes–Oxley, or in guidelines noted by the likes of the ICO or the PCI Security Standards Council. As well, this feature should be network-centric, providing reporting to a central administrator and allowing for companies to centrally manage the product. Entrants’ products should be enterprise-centric; collect data across the network; report associated risk, endpoint configuration, enforcement, auditing and reporting; provide remediation options (but are not exclusively patch management systems); and, finally, offer centralised reports based on regulatory requirements and local policies.


Best Emerging Technology

What cutting-edge technologies are bursting onto the scene to address the newest information security needs facing organisations with some innovative capabilities? This new category welcomes both new vendors and old pros looking to provide products and services that look to help shape the future by addressing fast-evolving threats through the creation of these types of offerings. Solutions should have just hit the market in the last six to 12 months, and entries should have some customers available who can act as references. The company should also have an office in UK/Europe and provide ready support and service to customers in the UK/Europe.


Best Cyber Security Education Programme

This category includes ALL cyber security education programmes for any establishments throughout the UK and Europe who offer a qualification based on the quality of instruction, programmes and how well these prepare students for the marketplace



CSO/ CISO of the Year

Contenders should include those who work for end-user companies only. No vendor CSOs will be considered. Nominees are the cream of the crop, having spearheaded a viable IT security programme, gained the support of their company’s executive leaders, as well as their colleagues, and helped – through their indefatigable efforts – to propel the CISO/ CSO position to a footing of influence within their organisation and the corporate world as a whole. Specific projects and undertakings, as well as over-arching security programmes to propel these various goals, should be noted. Nominees should be prepared to answer further questions during the judging process, offer at least two references, and be open to holding confidential interviews with members of the SC Magazine UK editorial team, if warranted.
Please note: Professionals who work for an IT security vendor, IT reseller or IT consultancies are not eligible for this category.


Best Security Team

Contenders should only include teams from end-user companies that have executed and are managing exceptional and strong security programmes, which they have built from virtually non-existent ones. The team should have successfully established and implemented an integral and/or innovative/cutting-edge component of their security programme, and should have spearheaded various areas of support for its success, such as strong end-user awareness training, good configuration management, and more.
Please note: Professionals who work for an IT security vendor, IT reseller or IT consultancies are not eligible for this category.


Best Professional Training or Certification Programme

This category targets companies and organisations that provide end-user awareness training and/or certification programmes for those looking to ensure that its employees are knowledgeable and supportive of IT security and risk management plans. It also considers training and certification organisations that provide programmes for end-user organisations’ IT security professionals to help them better address components of their IT security and risk management plans, such as secure coding, vulnerability management and incident response/ computer forensics. Programmes usually entail training and education or examination/assessment by outside industry experts who may hold various seminars, hands-on classes, etc. and recommend additional activities that further support training sessions. Entrants should include companies and organisations that offer such training without the requirement or need to secure any particular professional certification, as well as certification programmes that may or may not provide training. Programmes typically are defined as professional industry groups offering certifications to IT security professionals wishing to receive educational experience and credentials. Entrants can include organisations in the industry granting certifications for the training and knowledge they provide.


2017 entry kit

Download the entry kit for entry requirements.

Judges top tips

Take a look at some tips from previous Awards judges when writing and submitting your entries.


Website Menu