Best Authentication Technology
Products here provide enhanced security to end-users or devices by offering credentials for access to an authenticator or authentication server. Software and hardware that specialises in the biometric authentication of users is also included here. These solutions may use a tangible device (something you have) for authentication and knowledge (something you know) for authentication. For biometrics, the solution provides identification and authentication using any of the following methods: finger/ thumb print/retinal scan/voice recognition/ hand/palm geometry/ facial recognition, or other unique user identifier.
Please download the entry kit to view the category criteria and qualifying questions.
Best Behaviour Analytics/ Enterprise Threat Detection
A still somewhat-emerging category, these products focus on detecting insider threats, targeted attacks and other fraudulent activities by examining human behaviours, identifying patterns that are then analysed through the application of algorithms and statistical analysis to detect anomalies that may indicate threats of loss or compromise to organisations’ critical data. Offerings in this space are also referred to as “user-behaviour analytics” products by analyst company Gartner.
Please download the entry kit to view the category criteria and qualifying questions.
Best Cloud Computing Security Solution
These technologies are deployed to protect data and/or applications in a cloud environment. They may also protect the cloud computing infrastructure itself. Cloud computing security concerns are numerous for both providers and their customers – and include security and privacy worries, compliance issues and legal/contractual problems. Solutions or services in this category can provide for the protection of data or applications in the cloud, protection for traffic flowing between companies and their cloud service providers, policy management and encryption capabilities, privileged user access and controls or more.
Please download the entry kit to view the category criteria and qualifying questions.
Best Data Leakage Prevention (DLP) Solution
Products in this category include those that help organisations safeguard their intellectual property and customers’ critical data persistently – inside and outside the company. Network based and endpoint data leakage prevention products will be considered. Products should prevent data from unauthorised exit from the network, or protect data on the endpoint – whether the endpoint is connected to a network or not. Products typically are policy-driven and should include scanning of all data, regardless of protocol or application leaving the network, and/or keep track of peripherals, such as removable storage and attached to the endpoint – reporting that inventory to a central location or administrator. All entrants should have the capability of being managed by a centralised administrator. Those products considered part of this category include: network DLP products, which are typically gateways; those products protecting only endpoints; and hybrid products that operate at both the gateway to the network and at the endpoint. Specifically for endpoint DLP, traffic should be monitored and encryption should be available.
Please download the entry kit to view the category criteria and qualifying questions.
Best Email Security Solution
Email security addresses the ability to exchange email messages with assurance, as well as the ability to filter email messages based on content, source or other criteria. Solutions should ensure the privacy of sensitive messages, limit the repercussions of email forgery, and manage other aspects of safeguarding email within the organisation. These products are enterprise-centric and should have, but are not required to have, some form of centralised management. They may include spam filters, junk mail filters, malware filters, unauthorised content (sometimes called “extrusion protection” or “data leakage protection”), phishing and other types of undesirable content. However, these are not simply anti-spam filters. These email security products should be evaluated on their effectiveness, manageability, non-intrusiveness, ease of use and other factors that impact the implementation of this type of product in the enterprise environment. They typically provide features such as email encryption, digital signatures, automatic shredding of messages and attachments, and more.
Please download the entry kit to view the category criteria and qualifying questions.
Best Endpoint Security
While the emphasis has moved from protect to detect, its not time to take down the barriers, and strength in depth requires a multi-layered approach which still needs endpoint protection including Anti-virus and firewalls.
Please download the entry kit to view the category criteria and qualifying questions.
Best Identity Management Solution
Products in this category address the identity management lifecycle in an enterprise environment, including password management, user provisioning and enterprise-access management.
Please download the entry kit to view the category criteria and qualifying questions.
Best Incident Response Solution
The faster and more effectively you respond to an incident, the shorter time you give attackers to steal from or do damage on your systems. But care also has to be taken to preserve digital forensic evidence in the event of criminal action. While IR is led by policies, procedures and training, there are tools and organisations that can help, from specialist services in the event of a crime, to complete outsourced teams. We are looking for those services and tools that stand out as a must have.
Please download the entry kit to view the category criteria and qualifying questions.
Best IOT/IIOT Security Solution
One of the biggest concerns for the security sector is the truly exponential growth of the Internet of Things, and the Industrial Internet of Things, increasing the attack surface to include everything from previously isolated industrial processes to everyday consumer appliances. Anything that connects to the internet is potentially hackable, so what solutions are there that organisations and their key employees can deploy to minimise and mitigate the threat posed by myriad connected devices?
Please download the entry kit to view the category criteria and qualifying questions.
Best Managed Security Service
These offerings provide a turnkey approach to an organisation’s primary technical security needs. These offerings can either be a co-located device at the client organisation facility, or can be a completely outsourced solution where the application to be protected would reside at the vendor’s data centre.
Please download the entry kit to view the category criteria and qualifying questions.
Best Mobile Security Solution
More and more employees are using smaller and smaller devices with loads of applications to access corporate data. Some examples include iPhones, iPads, Android devices, BlackBerries and more. Products in this category deal with not only a collapsing perimeter, but also consumer-owned and controlled devices being used to get at corporate resources. At a minimum, these devices likely will require strong endpoint security, point-to-point encryption and more. This is a broad category - if your product is used to secure this type of small device/handheld, it may fit. Security can be for data at rest in the device itself, secure access to data in the enterprise, and encryption for data in motion between the enterprise and the device. It also includes anything from hard disk encryption solutions and tools that track lost mobile devices to USB/ thumb drive security solutions.
Please download the entry kit to view the category criteria and qualifying questions.
Best Privileged Access Management
Privileged users can have the keys to the kingdom. So impersonating them and taking control of their access is a key target for attack groups, from criminals to nation states. Hence ramped up versions of identity and access control, network segmentation tools, and approaches to outsourcing and third parties are appropriate here, where they may have been considered too cumbersome for the average user. Yet these, often senior, users are just as resistant to friction as any other, so how do you reduce reliance on trust while still letting people do their job?
Please download the entry kit to view the category criteria and qualifying questions.
Best Regulatory Compliance Tools and Solutions
There have long been regulatory compliance tools, but they have been thrust to the fore in the cyber-security sphere in the wake of GDPR, though this category encompasses other regulations and compliance requirements relevant to cyber-security and GRC teams. Solutions can be software, algorithms, or other innovative approaches that aid companies so that they know their compliance requirements, or prevent, identify, or remediate non-compliance.
Please download the entry kit to view the category criteria and qualifying questions.
Best SIEM Solution
Security information and event management (SIEM) tools are used to collect, aggregate and correlate log data for unified analysis and reporting. Typically, these tools can take logs from a large number of sources, normalise them and build a database that allows detailed reporting and analysis. While forensic analysis of network events may be a feature of a SIEM, it is not the only feature, nor is it the primary focus of the tool.
Please download the entry kit to view the category criteria and qualifying questions.
Best Threat Intelligence Technology
Contenders in this category should help cyber-security teams research and analyse cyber-crime and other threat trends and any technical developments being made by those engaging in cyber-criminal activity against both private and public entities. These technologies facilitate the understanding and contextual relevance of various types of data, often an overwhelming amount, collected from internal network devices, as well as from external sources (such as open source tools, social media platforms, the dark web and more). Armed with these more digestible analysis on risks and cyber-threats, cyber-security teams should be able to enhance their tactical plans preparing for and reacting to an infrastructure intrusion prior to, during and after an attack, ultimately improving their overall security posture so their long-term security strategy is more predictive rather than simply reactive.
Please download the entry kit to view the category criteria and qualifying questions.
Best Use of Machine Learning/AI
From big data analysis, dealing with millions of logs, to cutting edge analytics, cyber security is moving closer to Artificial Intelligence and driving potential use-cases for deployment. Machine learning should be more than automating manual tasks, but should apply logic to infer conditions and courses of action; AI is currently referring to machine learning from unstructured data, and while other definitions will be considered, judges will be alert to hype exceeding reality in this cutting edge area.
Please download the entry kit to view the category criteria and qualifying questions.
Best Vulnerability Management Solution
These products perform network/device vulnerability assessment and/or penetration testing. They may use active or passive testing, and are either hardware or software-based solutions that report vulnerabilities using some standard format/reference.
Please download the entry kit to view the category criteria and qualifying questions.