CYBER-SECURITY- A MAINSTREAM CONCERN FOR EVERYONE


Awards night - Tuesday 4 June 2019

While it’s true that the tools, techniques and tactics of cyber-attackers continue to become more sophisticated – and the scale of attacks and amounts stolen/damage caused grows as the attack surface expands with ever more devices, services and industries connect to the internet – the basics for defenders remain the same.  

  • Deter the attackers from getting in

  • Detect them if or when they do

  • Minimise damage they can cause

  • Eject them as quick as you can

  • Remediate any damage

  • Resume normal service as soon as possible

Spurred on by increased public and boardroom awareness of the threat, reinforced by regulation such as GDPR and NIS, organisations and companies of every size are allocating greater spend to implement technology, tools and procedures to shore up their cyber-defences.

But what products or services should they buy? In reality, it always depends on your specific requirements, but with that proviso, SC Awards Europe can help the process by indicating which companies and product/service offerings stand out from the crowd.

Our independent judges carefully consider each entrant against a range of criteria – but especially customer satisfaction – to determine who exemplifies best practice and will be this year’s winners. Plus we pick individuals to honour who embody those same attributes.

Awards are about winners and praising success. This includes the success of every finalist who will have demonstrated that they are at the top of their game, each adding to our ability to defeat our adversaries, and that truly is worth celebrating.

Tony Morbin, Editor-in-chief, SC Media UK

BOOK BY WEDNESDAY 10 APRIL FOR EARLY-BIRD RATES

Shortlist


Excellence Awards: Threat Solutions

Attivo Networks® ThreatDefend™ Platform

Attivo Networks

Bitdefender GravityZone Elite

Bitdefender

F-Secure Countercept

F-Secure

Flowmon

Flowmon Networks

Alien Labs Open Threat Exchange

AT&T Cybersecurity

EclecticIQ

EclecticIQ

Exabeam Advanced Analytics

Exabeam

Flashpoint

Flashpoint

Sophos Synchronized Security

Sophos

DetectID with SelfID

Cyxtera

Duo Security

Duo Security

SafeNet Trusted Access

Gemalto

IDnow Online Identity Verification Platform

IDnow

Mobile Security Suite with Authentication Server

OneSpan

WatchGuard AuthPoint

WatchGuard Technologies

IntroSpect UEBA

Aruba, a Hewlett Packard Enterprise company

Fidelis Elevate™

Fidelis Cybersecurity

Gurucul Risk Analytics

Gurucul

Targeted Attack Protection (TAP)

Proofpoint

Vectra Cognito

Vectra

CloudGen Firewall Family (for AWS, Azure & Google CP)

Barracuda Networks

N2WS Backup & Recovery

N2WS, a Veeam Company

SendSafely - Secure File Transfer Microservice

SendSafely

Symantec Cloud Workload Protection Suite

Symantec

Vormetric Transparent Encryption from Thales

Thales eSecurity

Netwrix Auditor

Netwrix

OneTrust Privacy Management Software Platform

OneTrust

Panaseer Continuous Controls Monitoring cybersecurity platform

Panaseer

Radiflow

Radiflow

Tripwire Enterprise

Tripwire

Clearswift Adaptive Data Loss Prevention (A-DLP)

Clearswift

Endpoint Protector

CoSoSys

Digital Guardian Data Protection Platform

Digital Guardian

Proofpoint Information Protection

Proofpoint

Symantec Data Loss Protection

Symantec

The Attivo Networks® ThreatDefend™ Platform

Attivo Networks

CounterCraft Cyber Deception Platform

CounterCraft

Fidelis Deception

Fidelis Cybersecurity

Illusive Networks Product Suite

Illusive Networks

Egress Email Encryption

Egress

FireEye Email Security

FireEye

Libraesva Email Security Gateway

Libraesva

Cyber Resilience for Email

Mimecast

Proofpoint Email Protection

Proofpoint

Trustwave Secure Email Gateway 8.2

Trustwave

CrowdStrike Falcon

CrowdStrike

Cybereason Defense Platform

Cybereason

FireEye Endpoint Security

FireEye

Garrison ultra secure browsing

Garrison Technology

Symantec Complete Endpoint Defence

Symantec

Best Endpoint Solution

Webroot

Auth0 Universal Identity Platform

Auth0

IBM Identity Governance and Intelligence (IGI)

IBM

My1Login Enterprise IAM

My1Login

OneLogin Unified Access Management

OneLogin

Ping Intelligent Identity Platform

Ping Identity

SailPoint’s Open Identity Platform

SailPoint

Barracuda Sentinel

Barracuda Networks

CrowdStrike Falcon

CrowdStrike

Sensory AI

Senseon

Symantec Targeted Attack Analytics

Symantec

Vectra Cognito

Vectra

Webroot BrightCloud Threat Intelligence (BCTI)

Webroot

BT’s Managed Security Services portfolio

BT Security

Managed Security Services

CNS

Datto SIRIS

Datto

Digital Guardian Managed Security Program

Digital Guardian

IBM Managed Security Service

IBM

NETSCOUT's Arbor Cloud

NETSCOUT

Apricorn Aegis Fortress L3

Apricorn

Armour Mobile

Armour Comms

Mobile Fraud Protection

Cyxtera

Mobile Security Suite (MSS)

OneSpan

Secure Mobile Gateway

Wandera

Exabeam Security Management Platform

Exabeam

IBM QRadar

IBM

LogRhythm’s NextGen SIEM Platform

LogRhythm

InsightIDR

Rapid7

SNYPR Security Analytics version 6.2

Securonix

Outpost24 Vulnerability Management

Outpost24

InsightVM

Rapid7

RiskSense

RiskSense

Skybox® Vulnerability Control

Skybox Security

Tenable.io

Tenable

Excellence Awards: Industry Leadership

CyberArk

Digital Shadows

F-Secure

Kaspersky Lab

Palo Alto Networks

Sophos

Barac: using AI to tackle the threat of encrypted malware

Barac

CybSafe

CybSafe

AlienVault USM Anywhere

AT&T Cybersecurity

CensorNet Unified Security Service (USS)

CensorNet

Malwarebytes

Malwarebytes

ThreatDetect

Redscan

WatchGuard Firebox M270

WatchGuard Technologies

Best Enterprise Security Solution

CyberArk

Forescout device visibility and control platform

Forescout

Palo Alto Networks Security Operating Platform

Palo Alto Networks

Proofpoint Advanced Email Security

Proofpoint

Tenable.io

Tenable

Vectra Cognito

Vectra

AlgoSec Security Management Solution

AlgoSec

SYNERGi GRC Cyber Platform

Information Risk Management (IRM)

Proofpoint Information Protection, Archive, and Compliance

Proofpoint

Tripwire Enterprise

Tripwire

Tufin Orchestration Suite

Tufin

Barracuda Networks

Barracuda Networks

Clearswift Customer Service

Clearswift

Forescout device visibility and control platform

Forescout

Legendary Customer Success

Mimecast

Proofpoint Customer Service

Proofpoint

Best Customer Service

SysGroup

Arxan for Android

Arxan Technologies

Barac Encrypted Traffic Visibility Platform

Barac

i-SIEM

empow

IDECSI Personal Security Guardian

IDECSI

Senseon

Senseon

Professional Awards

David Boda

Camelot / The National Lottery

Dr. Stefan Lüders

CERN

Jared Carstensen

CRH

Dominic Daulton

FedEx Express

David King

Legal & General

Dee Deu

The British Land Company

Anglo American

Bank of England

Burberry

DVLA

ICON Clinical Research

Lloyds Banking Group

CISSP

(ISC)2

Bob's Business - Cyber Security Awareness Training

Bob's Business

CREST Certifications

CREST

Certified in Risk and Information Systems Control (CRISC)

ISACA

Social Engineering Awareness Course

Red Goat Cyber Security

Secure Code Warrior

Secure Code Warrior

Elliott Simmonds

Patryk Michal Zajdel

Dr Kevin Jones

Airbus

Ian Glover

CREST

Rodney Joffe

Neustar

Stu Hirst

Photobox

Martin Smith

The Security Company (International)

Lisa Ventura

UK Cyber Security Association

Tickets and Venue


Event Date - Tuesday 4 June 2019

The Evening

Venue
London Marriott Hotel Grosvenor Square
Grosvenor Square
London, W1K 6JP United Kingdom

Accommodation
For preferential rates please click here and enter the code sca19

Dress code
Black tie

Programme
18:45 - Drinks reception
19:30 - Dinner
21:30 - Awards presentation
Midnight - Carriages

Ticket Prices

Standard ticket price includes:
  • Sparkling drinks reception/ Networking 
  • 3 course seated dinner
  • Announcement of the awards
  • Entertainment until 1am

Premium package tickets include:
  • Two bottles of champagne 
  • Guaranteed prime location in the room 
  • Branded meeting point in reception 
  • Professional picture at your table  

Ticket prices - Early-bird prices will be valid until Wednesday 10th April 2019
  • Early Bird Individual - £365.00+VAT
  • Early Bird Table of 10 -  £3,250.00+VAT
  • Early Bird Table of 12 - £3,900.00+VAT
  • Premium table (only available for 10 people) - £4,500.00+VAT

  • Standard Individual - £400.00+VAT
  • Standard Table of 10 - £3480.00+VAT
  • Standard Table of 12 - £4380.00+VAT

Venue


LONDON MARRIOTT HOTEL GROSVENOR SQUARE

How to get there

London Marriott Hotel Grosvenor Square
Grosvenor Square
London, W1K 6JP United Kingdom

By Train:
Victoria Station (2km away)

By Subway:
Bond Street Station (0.3km away)

Tuesday 4 June 2019

Discover the best of Mayfair at London Marriott Hotel Grosvenor Square with it's unparalleled central location minutes away from world-class shopping, Hyde Park and iconic landmarks.

Judges


Categories


Best Advanced Persistent Threat (APT) Protection
An advanced persistent threat (APT) product and/or service provides real-time detection of and protection against intruders gaining access to an enterprise environment to stealthily extract high-value information assets from targeted organisations in manufacturing, financial, national defence and other industries. Tactics used by cyber thieves launching these attacks often allow their activities to go undetected for indefinite periods of time.

This is because an APT intruder must continuously rewrite code and employ sophisticated evasion techniques to accomplish their primary goals. One technique that is commonly used by an APT intruder is spear phishing, a type of social engineering, to gain access to the network through legitimate means. Then, these tricky intruders are ready to harvest valid user credentials (especially administrative ones) and move laterally across the network, installing backdoors at will. These backdoors provide the APT attacker unlimited opportunity to install bogus utilities to create a “ghost infrastructure” for distributing malware that remains hidden in plain sight. While these types of attacks are difficult to identify, the theft of data can never be completely invisible. To find and stop these intruders, an APT product or service must have a set of features and functions specifically for addressing APT mitigation. Contenders entering this category should provide real- time network traffic analysis of new and unknown malware; block data exfiltration attempts in real-time (including but not limited to web, email, file, FTP, DNS, or other critical systems and related applications); provide content and/or behavioural analysis; offer an integrated cloud-based dynamic threat intelligence distribution infrastructure; and offer advanced evasion technique (AET) detection and/or prevention functionality. Central administration and management and secure remote management capabilities are also essential.

 

Best Threat Intelligence Technology
Contenders in this category should help cyber-security teams research and analyse cyber-crime and other threat trends and any technical developments being made by those engaging in cyber-criminal activity against both private and public entities. These technologies facilitate the understanding and contextual relevance of various types of data, often an overwhelming amount, collected from internal network devices, as well as from external sources (such as open source tools, social media platforms, the dark web and more). Armed with these more digestible analysis on risks and cyber-threats, cyber-security teams should be able to enhance their tactical plans preparing for and reacting to an infrastructure intrusion prior to, during and after an attack, ultimately improving their overall security posture so their long-term security strategy is more predictive rather than simply reactive.

 

Best Authentication Technology
Products here provide enhanced security to end-users or devices by offering credentials for access to an authenticator or authentication server. Software and hardware that specialises in the biometric authentication of users is also included here. These solutions may use a tangible device (something you have) for authentication and knowledge (something you know) for authentication. For biometrics, the solution provides identification and authentication using any of the following methods: finger/thumb print/retinal scan/voice recognition/hand/palm geometry/facial recognition.

 

Best Behaviour Analytics/Enterprise Threat Detection
A still somewhat-emerging category, these products focus on detecting insider threats, targeted attacks and other fraudulent activities by examining human behaviours, identifying patterns that are then analysed through the application of algorithms and statistical analysis to detect anomalies that may indicate threats of loss or compromise to organisations’ critical data. Offerings in this space are also referred to as “user-behaviour analytics” products by analyst company Gartner.

 

Best Cloud Computing Security Solution
These technologies are deployed to protect data and/or applications in a cloud environment. They may also protect the cloud computing infrastructure itself. Cloud computing security concerns are numerous for both providers and their customers – and include security and privacy worries, compliance issues and legal/contractual problems. Solutions or services in this category can provide for the protection of data or applications in the cloud, protection for traffic flowing between companies and their cloud service providers, policy management and encryption capabilities, privileged user access and controls or more.

 

NEW! Regulatory Compliance Tools and Solutions
There have long been regulatory compliance tools, but they have been thrust to the fore in the cyber-security sphere in the wake of GDPR, though this category encompasses other regulations and compliance requirements relevant to cyber-security and GRC teams. Solutions can be software, algorithms, or other innovative approaches that aid companies so that they know their compliance requirements, or prevent, identify, or remediate non-compliance.

 

Best Data Leakage Prevention (DLP) Solution
Products in this category include those that help organisations safeguard their intellectual property and customers’ critical data persistently – inside and outside the company. Network- based and endpoint data leakage prevention products will be considered. Products should prevent data from unauthorised exit from the network, or protect data on the endpoint – whether the endpoint is connected to a network or not.

Products typically are policy-driven and should include scanning of all data, regardless of protocol or application leaving the network, and/or keep track of peripherals, such as removable storage and attached to the endpoint – reporting that inventory to a central location or administrator. All entrants should have the capability of being managed by a centralised administrator. Those products considered part of this category include: network DLP products, which are typically gateways; those products protecting only endpoints; and hybrid products that operate at both the gateway to the network and at the endpoint. Specifically for endpoint DLP, traffic should be monitored and encryption should be available.

 

Best Deception Technology
Deception technologies automate the creation, deployment and management of digital traps (decoys), lures and deceits, which are blended among existing IT resources. Hidden in plain sight, these tools are intended to engage and prompt the attacker into revealing their trade craft, tools and techniques, in real-time, which provides the enterprise security teams with the facts to pre-emptively launch effective counter measures

 

Best Email Security Solution
Email security addresses the ability to exchange email messages with assurance, as well as the ability to filter email messages based on content, source or other criteria. Solutions should ensure the privacy of sensitive messages, limit the repercussions of email forgery, and manage other aspects of safeguarding email within the organisation.

These products are enterprise-centric and should have, but are not required to have, some form of centralised management. They may include spam filters, junk mail filters, malware filters, unauthorised content (sometimes called “extrusion protection” or “data leakage protection”), phishing and other types of undesirable content. However, these are not simply anti-spam filters. These email security products should be evaluated on their effectiveness, manageability, non-intrusiveness, ease of use and other factors that impact the implementation of this type of product in the enterprise environment. They typically provide features such as email encryption, digital signatures, automatic shredding of messages and attachments, and more.

 

Best Endpoint Security
While the emphasis has moved from protect to detect, its not time to take down the barriers, and strength in depth requires a multi-layered approach which still needs endpoint protection including Anti-virus and firewalls.

 

Best Identity Management Solution
Products in this category address the identity management lifecycle in an enterprise environment, including password management, user provisioning and enterprise-access management.

 

Best use of Machine Learning/AI
From big data analysis, dealing with millions of logs, to cutting edge analytics, cyber security is moving closer to Artificial Intelligence and driving potential use-cases for deployment. Machine learning should be more than automating manual tasks, but should apply logic to infer conditions and courses of action; AI is currently referring to machine learning from unstructured data, and while other definitions will be considered, judges will be alert to hype exceeding reality in this cutting edge area.

 

Best Managed Security Service
These offerings provide a turnkey approach to an organisation’s primary technical security needs. These offerings can either be a co-located device at the client organisation facility, or can be a completely outsourced solution where the application to be protected would reside at the vendor’s data centre.

 

Best Mobile Security Solution
More and more employees are using smaller and smaller devices with loads of applications to access corporate data. Some examples include iPhones, iPads, Android devices, BlackBerries and more. Products in this category deal with not only a collapsing perimeter, but also consumer-owned and controlled devices being used to get at corporate resources.

At a minimum, these devices likely will require strong endpoint security, point-to-point encryption and more. This is a broad category - if your product is used to secure this type of small device/handheld, it may ft. Security can be for data at rest in the device itself, secure access to data in the enterprise, and encryption for data in motion between the enterprise and the device. It also includes anything from hard disk encryption solutions and tools that track lost mobile devices to USB/ thumb drive security solutions.

 

Best SIEM Solution
Security information and event management (SIEM) tools are used to collect, aggregate and correlate log data for unified analysis and reporting. Typically, these tools can take logs from a large number of sources, normalise them and build a database that allows detailed reporting and analysis. While forensic analysis of network events may be a feature of a SIEM, it is not the only feature, nor is it the primary focus of the tool.

 

Best Vulnerability Management Solution
These products perform network/device vulnerability assessment and/or penetration testing. They may use active or passive testing, and are either hardware- or software-based solutions that report vulnerabilities using some standard format/reference.

 

Best Security Company
Nominees should be the tried-and-true, longer-standing companies which have been offering products and services to customers for at least three years. Nominations can come from all sectors. Areas that will be accounted for in the judging process include: product line strength, customer base, customer service/support, research and development, company growth and solvency, innovation and more.

 

Newcomer Security Company of the Year
Nominated companies should be new to the IT security field – offering an initial, strong, flagship product that is within two years of its initial release. Nominees can come from any IT security product/service sector and will be continuing efforts in further product development, customer growth and overall fiscal and employee growth. Please note in your submission the launch date of your initial flagship offering. If this initial offering or any of your other products have been on the market for longer than two years, please do not submit a nomination in this category.

 

Best SME Security Solution
This includes tools and services from all product sectors specifically designed to meet the requirements of small- to mid-sized businesses. The winning solution will have been a leading solution during the last two years, having helped to strengthen the IT security industry’s continued evolution.

 

Best Enterprise Security Solution
This includes tools and services from all product sectors specifically designed to meet the requirements of large enterprises. The winning solution will have been a leading solution during the last two years, having helped to strengthen the IT security industry’s continued evolution.

 

Best Risk Management/Regulatory Compliance Solution
These products measure, analyse and report risk, as well as enforce and update configuration policies within the enterprise, including but not limited to network, encryption, software and hardware devices. They also help organisations comply with specific regulatory requirements demanded of companies in the healthcare, retail, educational, financial services and government markets.

Contenders’ products should offer a reporting format that covers the frameworks of multiple regulatory requirements and help customers meet mandates noted in such legislation as the EU GDPR, the DPA, Sarbanes– Oxley, or in guidelines noted by the likes of the ICO or the PCI Security Standards Council. As well, this feature should be network-centric, providing reporting to a central administrator and allowing for companies to centrally manage the product. Entrants’ products should be enterprise-centric; collect data across the network; report associated risk, endpoint configuration, enforcement, auditing and reporting; provide remediation options (but are not exclusively patch management systems); and, finally, offer centralised reports based on regulatory requirements and local policies.

 

Best Customer Service
Support as well as service of products and services sold are critical components of any contract. For many organisations that seek out help from information security vendors and service providers, the assistance they get from customer service representatives is crucial to the deployment, ongoing maintenance and successful running of the technologies they’ve bought and to which they have entrusted their businesses and sensitive data. For this category, we’re looking for vendor and service providers that offer excellent support and service – the staff that fulfilled its contracts and maybe even goes a little beyond them to ensure that organisations and their businesses are safe and sound against the many threats launched by today’s savvy cyber- criminals.

 

Best Emerging Technology
What cutting-edge technologies are bursting onto the scene to address the newest information security needs facing organisations with some innovative capabilities? This new category welcomes both new vendors and old pros looking to provide products and services that look to help shape the future by addressing fast-evolving threats through the creation of these types of offerings. The product must have been launched no more than 18 months prior to entry, and entries should have some customers available who can act as references. The company should also have an office in UK/ Europe and provide ready support and service to customers in the UK/Europe.

 

CSO/CISO of the Year
Contenders should include those who work for end-user companies only. No vendor CSOs will be considered. Nominees are the cream of the crop, having spearheaded a viable IT security programme, gained the support of their company’s executive leaders, as well as their colleagues, and helped – through their indefatigable efforts – to propel the CISO/CSO position to a footing of influence within their organisation and the corporate world as a whole. Specific projects and undertakings, as well as over-arching security programmes to propel these various goals, should be noted. Nominees should be prepared to answer further questions during the judging process, offer at least two references, and be open to holding confidential interviews with members of the SC Media UK editorial team, if warranted. Please note: Professionals who work for an IT security vendor, IT reseller or IT consultancies are not eligible for this category.

 

Best Security Team
Contenders should only include teams from end-user companies that have executed and are managing exceptional and strong security programmes, which they have built from virtually non-existent ones. The team should have successfully established and implemented an integral and/or innovative/ cutting-edge component of their security programme, and should have spearheaded various areas of support for its success, such as strong end-user awareness training, good configuration management, and more. Please note: Professionals who work for an IT security vendor, IT reseller or IT consultancies are not eligible for this category.

 

Best Professional Training or Certification Programme
This category targets companies and organisations that provide end-user awareness training and/or certification programmes for those looking to ensure that its employees are knowledgeable and supportive of IT security and risk management plans. It also considers training and certification organisations that provide programmes for end-user organisations’ IT security professionals to help them better address components of their IT security and risk management plans, such as secure coding, vulnerability management and incident response/computer forensics. Programmes usually entail training and education or examination/assessment by outside industry experts who may hold various seminars, hands-on classes, etc. and recommend additional activities that further support training sessions. Entrants should include companies and organisations that offer such training without the requirement or need to secure any particular professional certification, as well as certification programmes that may or may not provide training.

Programmes typically are defined as professional industry groups offering certifications to IT security professionals wishing to receive educational experience and credentials. Entrants can include organisations in the industry granting certifications for the training and knowledge they provide.

 

Cybersecurity Student of the Year
Cyber-security Student of the Year honouring undergraduate and current masters students pursuing degrees in cyber- security and cyber-security-related fields, this category is focused on acknowledging up-and-coming talent who will be responsible for helping to evolve and advance the information security industry.

 

NEW! Outstanding Contribution
Every year SC honours those companies that have excelled, along with individual CISOs and Student(s) of the year - but there are other individuals who have made outstanding contributions to cyber security in a wide range of potential categories. So this year we have introduced a new Award for you to nominate someone (including yourself), whatever their job title, who has made a positive impact on the industry, above and beyond the norm.

For example, you could be a regulator overseeing implementation of new regulation, or a lobbyist that caused the introduction of that regulation, a threat hunter or security analyst who discovered or identified a new threat group or malware - or came up with the way to tackle that threat. Or you might be in education, data protection, in the SOC, or indeed a vendor or supplier that has made a significant contribution beyond your commercial role, a trainer, law-maker or enforcer. We’ll consider all-comers - with the proviso that the impact of what they have done has had a positive effect wider than their own organisation.

 

SC Awards 2018 Highlights


Contact us


Nitika Sharma
General Enquiries

E: [email protected]
P: 020 8267 4172

Martin Hallett
Partnership Opportunities

E: [email protected]