Tuesday, 2nd June 2015 The Ballroom, Grosvenor House on Park Lane, London W1K 7TN.

Size: px
Start display at page:

Download "Tuesday, 2nd June 2015 The Ballroom, Grosvenor House on Park Lane, London W1K 7TN."

Transcription

1 Tuesday, 2nd June 2015 The Ballroom, Grosvenor House on Park Lane, London W1K 7TN.

2 2015 SC Awards Europe Recognising achievement Enterprises of all sizes already know about crisis management and risk mitigation having a plan B in place in case the worst happens. What s new is that these days the worst is most likely to happen electronically. You are more at risk from hackers stealing your money and other assets than bandits with guns. Hackers, not protesters, can more effectively trash your reputation. And it s hackers, not terrorists with bombs, James Bond, nor armed forces with missiles more likely to sabotage your plant, steal your secrets and undermine your economy. What that really means is that all your old adversaries have become hackers. When your assets look like zeros and ones and they do then the Internet is the get-away car. So company boards are now waking up to the realisation that this is where their defences need to be raised, before they become the next Anthem, JPMorgan Chase, Sony, Target, or Home Depot. The talent with the skills to cope remains scarce, and increasingly valuable and the tools, techniques and services which help you do your job have become more important too allowing you to do even more with your scarce resources. SC Awards Europe recognises excellence, innovation and achievement by acknowledging the incredible efforts of you, the IT security professionals, as well the IT security products and services industry, which enables us to our jobs. It s a small contribution we ve been making to the industry for nearly 20 years that allows us to draw attention to IT secu rity and its leading players. This week s SC Awards gala event in Park Lane will give the often unsung heros of the cyber-war, IT security pros like you, some recognition for your tremendous work. With all the focus on breaches over the past year, a celebration of successes is already over-due. Meantime, I welcome your suggestions on other categories we can consider adding to our SC Awards for next year. Tony Morbin, Editor-in-chief, SC Magazine Contents Judges... 2 Sponsors... 3 Awards Best Advanced Persistent Threat (APT) Protection... 4 Best Cloud Computing Security Solution... 4 Best Computer Forensic Solution... 5 Best Customer Service... 5 Best Data Leakage Prevention (DLP) Solution... 6 Best Security Solution... 6 Best Emerging Technology... 7 Best Enterprise Security Solution... 7 Best Fraud Prevention Solution... 8 Best Identity Management Solution... 8 Best Managed Security Service... 9 Best Mobile Security Solution... 9 Best Multifactor Solution Best NAC Solution Best Newcomer Security Company of the Year Best Professional Training or Certification Programme Best Security Company Best Security Team Best SIEM Solution Best SME Security solution Best UTM Solution Best Vulnerability Management Solution Best Web Content Management Solution CSO/ CISO of the Year Risk/Policy management and regulatory compliance solutions Editor s Choice Award Editorial VP, EDITORIAL Illena Armstrong EDITOR-IN-CHIEF Tony Morbin +44 (0) SENIOR REPORTER Doug Drinkwater +44 (0) TECHNOLOGY EDITOR Peter Stephenson Production PRODUCTION MANAGER Alison Boydall +44 (0) PRODUCTION CONTROLLER George Li +44 (0) ART DIRECTOR Michael Strong PRODUCTION EDITOR Danielle Correa Events PROGRAMME DIRECTOR, SC CONGRESS Eric S Green VIRTUAL EVENTS COORDINATOR Payal Padhiar +44 (0) Circulation and Subscriptions +44 (0) List Rental Alex Foley +44 (0) Sales VP, SALES David Steifman ACCOUNT DIRECTOR Martin Hallett +44 (0) ACCOUNT MANAGER Dennis Koster Publishing PUBLISHING MANAGER Gary Budd CHIEF EXECUTIVE Kevin Costello 2015 SC AWARDS EUROPE 1

3 2015 SC Awards Europe The Judges Peter Aitken Information Security Manager, Marks & Spencers Prof Richard Benham Lecturer National MBA in Cyber Security, Coventry University Phil Cracknell CISO & Director of Security & Privacy Services, Company 85 Martyn Croft Chief Information Officer, The Salvation Army UK Territory Neira Jones Head of Payment Security, Barclaycard Bridget Kenyon Head of Information Security, University College London Sarah Lawson Head of IT and Information Security, Oxford University Mike Loginov C CISO & CEO, Ascot Barclay Martin Pickford Head of Technology Security, EE David Prince Delivery Director - IT Security, Schillings Andrew Rose CISO, NATS Daniel Schatz Director, Info Security Threat & Vulnerability Management, Thomson Reuters Sarb Sembhi CISM Director, STORM Bob Tarzey Chief Information Security Officer, Information & Cyber Security, Quocirca Ltd Steve Wright Chief Privacy Officer,Unilever SC AWARDS EUROPE

4 2015 SC Awards Europe The Sponsors SC Magazine thanks all sponsors for their generous support of the 2015 SC Awards U.S. Their involvement has made possible this event, which helps raise professional standards in the information security industry worldwide. With deep experience and more than 600 customers managing over 10 million identities, Courion is the market leader in Identity and Access Management (IAM), from provisioning to governance to Identity and Access Intelligence (IAI). Courion provides insight from analyzing the big data generated from an organization s identity and access relationships so users can efficiently and accurately provision, identify and minimize risks, and maintain continuous compliance. As a result, IT costs are reduced and audits expedited. With Courion, you can confidently provide open and compliant access to all while also protecting critical company data and assets from unauthorized access. IBM Security assists organisations to holistically protect their people, data, critical applications and cloud and mobile infrastructures. Our Security solutions help prevent, detect and respond to even the most sophisticated attacks and fraudulent activity in order to limit business disruption, loss of private data, and reputational damage to the brand. Powered by deep analytics and trusted IBM Security expertise, our robust portfolio of comprehensive, scalable industry-leading tools delivers unparalleled security intelligence with reduced complexity and lower maintenance costs. IBMSecurity on Twitter or visit the IBM Security Intelligence blog. Nettitude delivers high quality Security Testing and Compliance services across the UK and the USA. As well as being a PCI DSS ASV and QSA company, Nettitude s consulting division is involved in the full Information Security lifecycle, delivering policy, procedure and technology based solutions. Security Testing is a core component of all of our engagements and we have one of the strongest lists of testimonials within this sector. Nettitude is ISO9001, ISO27001, Investors in People as well as a CREST and CLAS consultancy. As an independent, worldwide provider of penetration testing services, Nettitude carries out Cyber Security Testing, Security Auditing and PCI services in some of the most high profile organisations across the world. Our depth and breadth of experience enable us to deliver focused engagements that address the vulnerabilities in infrastructure, application, mobile code and interaction with social media. Qualys, Inc. (NASDAQ: QLYS) is the pioneer and leading provider of cloud security and compliance solutions with over 7,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) and the Council on CyberSecurity. More than 100 million users in 150 countries rely on Sophos as the best protection against complex IT security threats and data loss. Our mission is to be the best in the world at delivering complete IT security to protect small and mid-market enterprises, leaving them to focus on their businesses instead of dealing with IT security-related threats. We are committed to providing complete security solutions that are simple to deploy, manage, and use, and that deliver the industry s lowest total cost of ownership. Headquartered in Oxford, Sophos offers award winning encryption, endpoint security, web, , mobile and network security backed by SophosLabs - a global network of threat intelligence centres SC AWARDS EUROPE 3

5 BEST ADVANCED PERSISTENT THREAT (APT) PROTECTION BEST CLOUD COMPUTING SECURITY SOLUTION SPONSORED BY QUALYS FireEye Threat Prevention Platform and Services, FireEye The FireEye platform combats today s advanced cyber-attacks. It s designed from the ground up to stop advanced threats used by cyber-criminals and sophisticated attackers. With the FireEye Threat Prevention Platform, Dynamic Threat Intelligence, and Services, enterprises get multi-faceted, coordinated defence capabilities to guard against sophisticated attacks including zero-day attacks, unknown malware and APT attacks. The core of the FireEye platform is the patented Multi-Vector Virtual Execution (MVX) engine that provides dynamic, signature-less, and virtualised analysis of today s advanced cyber-attacks. The MVX core begins with the FireEye hardened hypervisor, designed for threat analysis. The MVX engine detonates suspicious files, web pages, and attachments within instrumented virtual machine environments to confirm a cyberattack. This threat intelligence is in a standards-based format, enabling the intelligence to be correlated and shared among the entire FireEye deployment to stop today s cyber-attacks. FireEye offers breadth and depth of protection across the range of zero-day APT attacks and attack methods. Its Multi-Vector Virtual Execution engine technology is extensible to multiple threat vectors to address web, , mobile, and content-based attacks enabling parallel across attack vectors. FireEye enables merger of IT resources, built with a custom hypervisor with built-in countermeasures and malware detection, extending to endpoints. To be effective, malware detection must cover as many software versions as possible; FireEye has the highest number of covered permutations. FireEye prioritises the most suspicious web traffic for virtual replay through proprietary multi-flow technology algorithms at a rate of 1.2M virtual machine analyses per hour. The judges considered FireEye as the only vendor providing security at multigigabit speeds to protect at scale, enabling consolidation of IT resources, lowering the total cost of threat prevention. Lastline - Highly Commended Bromium vsentry, Bromium Damballa Failsafe, Damballa HawkEye G, Hexis Cyber Solutions Trend Micro Deep Discovery, Trend Micro WatchGuard APT Blocker, WatchGuard DefensePipe, Radware Attackers and hactivists are mainly targeting financial institutions, online retailers, government and e-gaming online services with the purpose of disrupting the availability of those services, hence preventing users from accessing the online services. This results in revenue loss, reputation damage and other consequences to victims. An on-premise attack mitigation solution is the most effective approach to fight today s threats including application layer attacks, low and slow stealthy attacks, network layer attacks and SSL based attacks. However, once the attacks turn into a volumetric flood attack that threatens to saturate the Internet pipe of the organisation, the mitigation needs to move to the cloud. According to Radware s Emergency Response Team (ERT), only 15 percent of DDoS attacks were based on volumetric attacks that actually blocked the Internet pipe. DefensePipe is a cloud based, DDoS attack scrubbing service that protects against Internet pipe saturation caused by cyber-attacks. DefensePipe is activated only when the attack threatens to saturate the organisation s Internet pipe. Based on the built-in synchronisation between the datacentre DefensePro and DefensePipe, the in the cloud mitigation can start immediately. The combined offering of DefensePro and DefensePipe in a single Attack Mitigation System (AMS), enables Radware to offer organisations one of the most integrated and comprehensive solutions to fight today s cyber-security threats. DefensePipe is an integral part of Radware s AMS, a single vendor hybrid on- premise and cloud attack mitigation solution. It enables organisations to fight on all fronts and achieve an end-to-end security protection with a single point of contact without the need to worry about a complicated transition of responsibilities between vendors during an attack. The judges thought this was a well-rounded entry for a Hybrid Cloud DDoS mitigation solution and a very useful service for those sites that require complete up-time. CipherCloud Platform, CipherCloud - Highly Commended Barracuda Web Application Firewall (Public Cloud), Barracuda Networks CrashPlan Enterprise Endpoint Backup, Code42 Sophos Unified Threat Management (UTM) for Amazon Web Services, Sophos CryptoAuditor, SSH Communications Security SC AWARDS EUROPE

6 BEST COMPUTER FORENSICS SOLUTION BEST CUSTOMER SERVICE EnCase Forensic, Guidance Software Guidance Software s En- Case software solution is a powerful platform that provides the foundation for corporations, government agencies and law enforcement to conduct effective digital investigations of virtually any kind, including intellectual property theft, incident response, compliance auditing and responding to e-discovery requests all while maintaining the forensic integrity of the data. It includes the EnCase Enterprise software platform which can support the EnCase Cybersecurity and EnCase ediscovery applications. The product line also includes EnCase Forensic and EnCase Portable. EnCase allows customers to conduct more complete investigations than its competitors with additional integration with a cloud-based ediscovery platform, as well as security information and event managers (SIEM) for automated incident response. The EnCase platform and applications address the needs of a broad range of users. It delivers everything required to search, collect, preserve, and analyse data from servers, workstations, mobile devices and cloud-based data sources. With EnCase, users can complete a comprehensive analysis of whatever evidence they may encounter. Moreover, users of the EnCase solution have the ability to customise how the solution functions, adding capabilities to the product to meet specific needs, something other solutions in the market don t offer. For example, EnCase App Central offers over 126 EnScripts or Apps that allow users to add functionality and increase productivity. With EnCase, organisations can improve efficiency and effectiveness of their staff, as it allows for the automation of repeatable processes and procedures associated with the acquisition, analysis, and reporting of a forensic investigation, eliminating redundant manual work. Judges felt this was a marketleading solution with EnCase App Central offering over 126 EnScripts or Apps. Rapid7 UserInsight, Rapid7 - Highly Commended The FireEye Network Forensics Platform and the Investigation Analysis System, FireEye Lancope StealthWatch System, Lancope LogRhythm s Network Monitor, LogRhythm Spector CNE Investigator, SpectorSoft Mimecast Mimecast has identified 13 key touch points along the Customer journey which are constantly monitored and surveyed. Giving Feedback and Getting Help are two key touch points. In addition, Mimecast conducts service reviews with customers bi-annually and Customer Advocates ask specific questions around resources, documentation and Getting Help. Finally, Mimecast conducts Customer Development interviews that focus on soliciting feedback specifically around effectiveness and usefulness of knowledge base, documents, video assets and website content. Mimecast monitors support case trend data to continually monitor and improve support documentation. As well as the Mimecast Product and Education Teams continuously reviewing documentation Mimecast s Customer Experience and Account Managers, Technical Consultants, Pre-Sales, Professional Services, along with Mimecast Channel Partners feedback is always fed through to review and refine where relevant. Mimecast customers automatically benefit from unlimited access to the Mimecast Knowledge Base, user community and free support. If customers have greater support needs, they can purchase enhanced support options. Mimecast s flexible support allows customers to only pay for what support services they need, rather than bundling all customers and support needs together. Its range of cloud services are designed for rapid deployment. The Mimecast Professional Services team has a wealth of experience and expertise to assist customers at every stage as required, from planning, migration and activation to ongoing support and training. Their expertise combined with proven processes, methods and supporting technology helps ensure project success. Mimecast adopts the Forrester Customer Experience Index (CXi) for customer journey mapping, identifying key touch points and applying intentional design to improve every aspect. Judges welcomed an entry from a company with a good reputation and flexible and solid support. Webroot - Highly Commended Clearswift Protegrity Thycotic Qualys 2015 SC AWARDS EUROPE. 5

7 BEST DATA LEAKAGE PREVENTION (DLP) SOLUTION BEST SECURITY SOLUTION TRITON AP-DATA Discover; TRITON AP-DATA Gateway; TRITON AP-ENDPOINT DLP (Websense Data Security Suite), Websense Regulatory compliance and securing intellectual property are DLP market drivers. Trade secrets, customer lists, source codes, formulas, and compliance data like PII, for example, are the targets of cyber-criminals. This forces a DLP solution to adapt and protect. Websense s Data Security Suite satisfies this need by discovering, monitoring and protecting data-in-motion, data-at-rest and data-in-use preventing unauthorised transmission and copying of sensitive data through , web and mobile channels. The suite provides more than 1,700 policies and templates quickly enabling users to meet regional compliance demands and secure their IP. The suite endpoint support for Windows, Mac and Linux provides DLP regardless of whether users are on-or-off network. Websense s DLP solution adapts to advanced attacks with leading technologies such as Machine Learning, Drip DLP, and Optical Character Recognition identifying hidden text within an images as well as Fingerprinting and Endpoint Fingerprinting, even when offline. High Risk User Profiling helps combat insider threats. Websense s suite offers several deployment options that are designed to be cost effective. It can be deployed in a matter of hours, which helps IT teams save costly hours and resources. The suite can also be rolled out only to protect the most important information network DLP, endpoint DLP, mobile DLP, data discovery, or any combination. This enables organisations to easily deploy data loss and theft prevention with the highest, most immediate return on their investment. And if customers want to increase capacity or features, they simply need a licence upgrade (without additional hardware in most cases). The suite also accurately identifies sensitive data as it is stored, used, or traverses the network. Reduced false positives from natural language processing ensure that administrators focus on real incidents and save time. Info-Tech Research Group recently named Websense s suite a leading product champion for its low-cost and high-accuracy. The judges deemed this a very comprehensive DLP solution and one of the market leaders in this category. Fidelis XPS, Fidelis - Highly Commended The second coming of DLP, Clearswift CloudLock Security Fabric, CloudLock Endpoint Protector 4, CoSoSys Whitebox Security WhiteOPS Crowd-Powered Solution for DLP, Whitebox Security Mitigating the Impact of Mail Mistakes, Clearswift Today s businesses have a tough time managing data, whether it s internal mail exchange, outbound mail or items that are incoming. Each of these could contain vital information that is integral to an organisation and could cause significant damage financial or reputation if shared with those for whom it is not intended. The SECURE Gateway (SEG) from Clearswift has one of the highest levels of filters to protect organisations of all sizes from inbound spam, phishing and junk ; plus it s capable of blocking viruses, malware and inappropriate content such as pornography, and profanity from entering a network. But data issues don t just come from outside, Clearswift s SEG can also enable users to ensure that all exchanges are compliant and sensitive data remains not just within their network, but also within the right parts of it and in the right hands. Clearswift s SEG performs the traditional hygiene functionality and DLP policy management, but also offers native redaction facility. Built within its content inspection engine, it provides customers the ability to modify messages removing sensitive or dangerous content (APT s) using the Data Redaction, Document Sanitisation and Structural Sanitisation features. These advanced features minimise the False Positive and Blocking architecture of traditional DLP Data Redaction allows textual content to be removed from messages and attachments this could be sensitive or PCI/PII data leaving or offensive material entering the business. Document Sanitisation allows the business to remove sensitive information from document properties such as change history, author names and comments. Structural Sanitisation looks at attachments and removes any active content from the file and delivers a safe but identically formatted version of the file. This approach will render Office and PDF files free from malware. The judges felt that the addition of Redaction and Document Sanitisation features made the product an attractive proposition. Proofpoint - Highly Commended Egress Switch, Egress Software Technologies FireEye Threat Prevention, FireEye Mimecast Security, Mimecast TRITON AP , Websense SC AWARDS EUROPE

8 BEST EMERGING TECHNOLOGY Cybereason Hacker methodologies and techniques have drastically evolved and matured, and today even the most secure networks are hacked, as seen in the recent Sony, JPMC, HomeDepot and Target breaches. Even though organisations deploy an array of security solutions, modern cyber-attacks - commonly referred to as APTs - are purpose-built to evade existing defences, and often remain undetected for months (210 days on average according to the Ponemon institute) and the financial impact of a breach has increased to a 22.6 million as of Cybereason developed a real-time endpoint detection and response solution that enables NGOs and government organisations to protect themselves against this new breed of attack. Cybereason detects breaches in real time and automatically reveals all hacker activities within the network and on individual machines to significantly reduce the detection and response time and dramatically drive down the cost of a breach. Cybereason s platform continuously collects information including: processes, users, network, servers, files, hashes, privileges, etc, and uses real time behavioural analytics to build a complete picture of a malicious operation. Unlike other solutions that detect local, sporadic events with no context, Cybereason provides an overall picture of the malicious operation MalOp), automatically revealing the attack s timeline, root cause, adversarial activity, the malware involved, and all related communications by and between endpoints and users. By doing so, Cybereason significantly reduces the detection time, automates incident investigation, and cuts the time spent on eliminating false positives. The attack s timeline, activities and events are presented in Cybereason s Incident Response Console which facilitates collaboration and decision making. The judges thought the company took a deep dive into hacktivism and cyber-crime methodologies and motives to help organisations identify emerging cyber-threats as well as incident responses services when the inevitable happens. Cylance - Highly Commended CipherCloud CloudLock Security Fabric, CloudLock Silobreaker Skyhigh Networks BEST ENTERPRISE SECURITY SOLUTION Kaspersky Lab Security for Enterprises, Kaspersky Labs Kaspersky Lab s engineers and experts offer excellent 24/7 technical support to corporate account members to keep customers fully operational and secure. Extended technical support is available through a Maintenance Service Agreement (MSA). This includes a dedicated technical account manager to fast-track issues to the relevant experts, with a commitment to respond to a high level incident within two hours. This agile and responsive approach results in less downtime, faster recovery and a reduced drain on internal resources for clients the last particularly valued as many enterprises struggle with a lack of in-house cyber-security skills (53 percent) and budget constraints (63 percent). Kaspersky Lab also offers access to a range of cybersecurity education services to overcome this, as well as intelligence services for updates on relevant malware incidents. The cost of ownership is relatively low, not at the expense of performance. Many enterprises (51 percent) worry that cyber-security measures will divert funds and impede productivity; Kaspersky Lab s enterprise security solutions seek to address this by making minimal demands on IT performance, management resources and budgets. The software has a small memory footprint, requires little power to operate and updates are frequent and automated - minimising cost and disruption for users. Advanced solutions are easy to install and all integrate with the same central management console: The Kaspersky Security Center. This provides a single interface for multiple solutions, including endpoints and virtual machines, software applications, corporate networks and infrastructure. Furthermore, all Kaspersky Lab solutions are built organically using the same software foundations and integrate together; providing deep, responsive, cost-effective protection across the enterprise. The offering was thought by judges as flexible and competent, helping organisations plan and operate their business, removing the fear of cyber-threats by providing excellent expertise and support 24/7. Qualys - Highly Commended Blue Coat SSL Visibility Appliance, Blue Coat CyberArk Privileged Account Security Solution, CyberArk Dell KACE K1000, Dell Software Best Enterprise Security Solution TRITON APX Enterprise Core, Websense 2015 SC AWARDS EUROPE. 7

9 BEST FRAUD PREVENTION SOLUTION BEST IDENTITY MANAGEMENT SOLUTION IBM Security Trusteer, IBM The European Central Bank issued recommendations for securing Internet payments to help prevent advanced malware and phishing attacks resulting in payment fraud. IBM Security Trusteer delivers a holistic cyber-crime prevention platform that helps protect organisations against financial fraud. Over 450 leading global organisations rely on IBM Security Trusteer solutions to protect their web applications, computers and mobile devices from online threats. IBM Security Trusteer advanced fraud protection solution gathers intelligence from more than 270 million endpoints around the world to help prevent malware and phishing-driven fraud, detect account takeover attacks and fraudulent transactions, and control mobile fraud risk. Trusteer stops threats as early as possible and detects what can t be prevented, so customers can take action against actual threats, before they are impacted. It helps reduce unnecessary authentication challenges, transaction verification, and other interruptions that impact the customer experience, while delivering proactive remediation for compromised accounts. The result is more secure transactions. Trusteer provides a fullyintegrated platform for fraud detection and prevention. Threat data can be leveraged across channels and throughout the attack life cycle. Firstly, Trusteer protects the customer s PC/Mac against financial malware and phishing for safer online banking. It also detects client-side risk factors for mobile account takeover and transaction risk detection through: evidence-based detection of account takeover attempts, real-time malware detection and detecting mobile-fraud risks from compromised end-user and criminal-owned devices. The judges said the product helped in reducing unnecessary authentication challenges, transaction verification, and other interruptions that impact the customer experience, while delivering proactive remediation for compromised accounts. Utimaco - Highly Commended EasySol Europe Awards - Fraud, Easy Solutions RSA Web Threat Detection, EMC Fujitsu Fraud Prevention: PalmSecure biolock (biometric sensor and software technology), Fujitsu UK Splunk Enterprise, Splunk DNA: Digital Norfolk Ambition, HP HP delivers its innovative Identity and Access Management (IDAM) solution to public and private sectors needing to control access from disparate user groups. As an example, one client, Norfolk County Council (NCC), wanted to be a federated Identity Provider and Service Provider delivering connected public services through wider adoption of public-sector federation. The HP service design includes automated provisioning, identity governance, and self-service functionality; however, NCC has over four times as many external users as internal users to manage, meaning that federated access management was a high priority. NCC needed to authenticate three separate federation partners through secure SSO access to their line of business applications. The NCC required SailPoint, Ping Federate, as well as a functional design that prioritised the business and its transformation to such advanced Identity and Access capabilities. The HP service design enables public-sector organisations to have shared access to citizen information. This service will provide massive benefits to healthcare, child services, law enforcement, and fire departments, among others, as it will enable public services to share previously isolated data. The link between services will improve the efficiency of public services and their reach. Citizen data will become accessible between locality and organisation. For instance, as citizens move, their records will be available elsewhere as they are centrally managed and collected. Federation and solid Identity Governance pave the way for this next generation of public services to be a secure reality. The solution at NCC offers both internal Identity Governance to protect access to the sensitive data it holds, as well as easy and secure access to those that are authorised and need to use it. According to the judges, the service will eliminate geographical boundaries, ensure appropriate level of access and governance controls, and also eradicate isolated data stores within public-sector organisations, providing a rich quantity of data on demand to many public-sector organisations. Centrify powers Samsung KNOX Enterprise Mobility Management Solutions, Centrify Access Insight, Courion IBM Security Identity Manager (SIM), IBM Okta Identity Management Solution, Okta Best Identity Management Solution - Thycotic Secret Server, Thycotic SC AWARDS EUROPE

10 BEST MANAGED SECURITY SERVICE BEST MOBILE SECURITY SOLUTION SPONSORED BY COURION The handcuffs are off: CSC s Managed Security Service, CSC With the rapid evolution and complexity of today s threat landscape, the Managed Security Service (MSS) market is gasping for fast, flexible security solutions. But when an MSS provider installs hardware on client premises, it s the industry s equivalent to fitting handcuffs it s extremely hard to change providers, scalability is limited and updates are complicated. So, in 2014, CSC made changed its end-to-end managed security service: it became the first MSS provider to successfully develop and deliver a security solution 100 percent through the cloud. The handcuffs were off. It offers a very high level of service flexibility and breadth and can be on- and off-boarded rapidly as customers require and it s entirely replicable. The company delivers across the whole market, right up to high-end secure, accredited organisations. This new strategy, highly rated by IDC, is realised by several key differentiators. It isn t tied to selling its own products, using multiple bestof-breed technologies instead; e.g. Tripwire IP360TM and Trend Micro Deep Security. It provides a bespoke wrap around its turnkey services, eg developing client-specific HP ArcSight correlation rules. With its US government heritage and deep three letter agency engagements, it has privileged access to threat intelligence. It tests and responds faster to threats using its SOC-based Advanced Threat Labs. Within 24- hours of Heartbleed, it had deployed UDS signatures whereas some product vendors were almost three days later. It has ISO27001, ISO22301, FSAE16 and List-X accreditation, and is also approved to handle secret (not just sensitive ) data believed to be the only MSS provider with this level. Its service has already proven to reduce clients costs by as much as 30 percent compared to an in-house solution, helping clients gain buy-in and justify budgets. By using the cloud, it delivers considerable cost savings once the service is in place (thus reducing budgets). The judges felt the solution was comprehensive and insightful. esentire Managed Security Services, esentire Threat2Alert from Nettitude, Nettitude Trustwave Managed Security Services, Trustwave Webroot SecureAnywhere Global Site Manager, Webroot Wipro Managed Security Services, Wipro Technologies kiteworks by Accellion, Accellion Built with a mobile first perspective, kiteworks by Accellion enables secure viewing, editing, sharing and syncing of enterprise content on every mobile device. Among the many benefits is the ability to create custom enterprise mobile applications with out-of-the-box security. Two key components differentiate kiteworks from competitors. The first is its secure integration with other enterprise solutions, such as SharePoint, Documentum and other Enterprise Content Management (ECM) systems, as well as security protocols like DLP, SSO and LDAP. With this, end users can securely view and collaborate on existing files from tablets, smartphones or desktops, without having to create duplicate files in a new Enable BYOD Secure Your Enterprise content system or expose sensitive documents to a public cloud service. Employees within an organisation using kiteworks can easily and securely send files stored in ECMs, like SharePoint to internal and external stakeholders, via either mobile devices or the kiteworks web interface, without the need for VPN. The second differentiator is the ability to deploy the solution via a private cloud. Many organisations are subject to government and industry regulations, that require strict data access roles, geographical segregation of information and transparent auditing capabilities. From a monetary savings perspective, one client, the London Borough of Camden, was able reduce the in-office desk count for roles like social workers. It did this by enabling them to access content and upload reports from the field, rather than having to return to an office to connect to the network. Similarly, one NHS Foundation has replaced manual printing, compiling and distribution of board notes, by moving to Accellion s private cloud-based collaboration solution. The product is useful in scenarios where mobile workers routinely need to access sensitive information, according to the judges. The integrated MDM solution is able to be integrated with existing CMS, DLP, etc. Also with two-factor authentication and multi-deployment options. Arxan Technologies - Mobile Application Protection, Arxan Technologies Kaspersky Security for Mobile, Kasperskey MobileIron, MobileIron DIGIPASS for Apps, VASCO Data Security AirWatch Enterprise Mobility Management, VMware 2015 SC AWARDS EUROPE. 9

11 BEST MULTIFACTOR SOLUTION BEST NAC SOLUTION Smarter Authentication, Encap Security Encap Security s Smarter Authentication ditches OTPs and extra hardware, and uses a person s smartphone, tablet or wearable device to verify their identity and provide access to services via the organisation s app. The most common use of Encap is where the smartphone becomes the something you have, PIN something you know, and TouchID someone you are. Encap offers software and device-defined authentication whilst defending the app itself against malware and tampering. Encap uses device capabilities (GPS, Touch ID, etc) to enable context-aware authentication factors. These extra layers include location (ie, is that where the person usually is?), behaviour (ie does the person usually log on at this time?) and biometrics (ie is this the right person?). By using device capabilities in combination to optimise authentication, organisations can take a proportional approach, where the security requirements are proportional to the risk involved. This ensures the highest level of usability, security and scale. Smarter Authentication makes authentication simple for users, and enables innovation, reduces risk and drives service adoption for organisations. It can be provisioned to any device without the costs, complications and limitations of shipping hardware or relying on networks. Whether a branded whitelabel standalone app, or integrated into the organisation s application via SDK, the experience is slick and consistent across all channels. Authentication requirements are proportional to activity, to minimise user effort whilst ensuring security standards. Multi-factor means that a stolen device, PIN or fingerprint doesn t compromise security on its own. Smarter Authentication protects the app environment as well as the authentication process, and can be instantly updated to defend against the latest threats. It automatically defends itself against malware attacks/tampering, allowing the application provider to deliver high value services in a secure way, even to jail-broken devices. The judges said the solution was smart and flexible, enabling mobile authentication. SMS PASSCODE Multi-factor Authentication, SMS PASSCODE - Highly Commended RSA SecurID Multifactor Authentication Solution, EMC Gemalto s SafeNet Authentication Service, Gemalto SafeNet SecureAuth IdP, SecureAuth IdP Swivel Multifactor Authentication Platform, Swivel Secure ForeScout CounterACT, ForeScout Technologies ForeScout CounterACT lets you see devices, users and applications on networks in real-time. CounterACT assess each device to determine whether it contains any vulnerabilities (OS, antivirus, application, etc) or configuration problems. Based on policies that users configure, CounterACT will block, allow, or limit network access. Unlike basic NAC products which can be too restrictive and disruptive, CounterACT provides flexibility to configure network access policies appropriate to the business, accommodate BYOD, etc. CounterACT automatically finds and fixes endpoint security problems, saving time and improving the user experience. CounterACT can automatically update antivirus, install agents, trigger an operating system patch, or kill a process or application. ForeScout CounterACT differs in four ways: It is fast and easy to implement. CounterACT works with existing network infrastructures, is non-disruptive, and does not require 802.1X configurations. CounterACT works with most leading vendors switches, wireless controllers, VPN equipment, and other infrastructure. It works without an agent. CounterACT can authenticate, classify, and provide network controls for Windows, Mac and Linux systems without the need to deploy another agent on the endpoints. The product interoperates with a wide variety of existing security systems such as Vulnerability Assessment, APT Detection, SIEM, MDM, VPN, Next Generation Firewalls, etc. By sharing security information and automating security controls, CounterACT saves time, reduces risk exposure, and improves ROI from existing purchases. It provides more information about what is on the network, including information about vulnerable applications and processes (e.g. the BASH vulnerability). According to Frost and Sullivan, ForeScout has 21 percent of the global NAC market. Gartner placed ForeScout in the Leader s quadrant for 2011, 2012, 2013 and 2014 NAC Magic Quadrant. The judges said the product was a strong solution that showed real innovation. AppGate, Cryptzone NetBeat NAC, Hexis Cyber Solutions Trustwave Network Access Control, Trustwave SC AWARDS EUROPE

12 BEST NEWCOMER SECURITY COMPANY OF THE YEAR SPONSORED BY SOPHOS Skyhigh Networks Skyhigh Networks says its commitment to the market and ability to provide complete cloud lifecycle insight and protection to enterprises is demonstrated by being the only vendor to have household name customers in every vertical, including Cisco, Equinix and Zurich Insurance. According to industry analysts, Skyhigh s customer base is more than ten times the size of the next-largest competitor, and the company expects this customer base to grow at an increasingly rapid pace moving forward given rapid expansion of sales and marketing teams in the US, Europe, Asia, and Australia. Skyhigh is a Cloud Access Security Broker with a shipping, production-deployed product across the entire cloud adoption lifecycle of Discover, Analyse and Secure. Skyhigh has a dedicated Customer Success team (CS) that holds regular calls with Skyhigh customers seeking to ensure they receive the best value for their investment. They proactively notify customers of CSP security vulnerabilities and remediation actions, provide product training and are available for timely issue resolution. The team holds webinars, authors educational whitepapers and facilitates the exchange of best practices amongst users and has tripled in size in the past two months. Customers also have access to Skyhigh s Cryptography Advisory Board for consultation on peer- and academia-reviewed cloud encryption schemes. Skyhigh has a Customer Advisory Board that is invested in Skyhigh s success and provides critical input into Skyhigh s product roadmap. Skyhigh has a high Net Promoter Score with customers offering positive feedback on Skyhigh s value proposition, transparency and responsiveness. Finally, Skyhigh s cloud service directory is constantly updated with changes in provider attributes, including notifications and educational reports around data breaches. Skyhigh s initial product created a new market, and the team constantly adds new capabilities. Skyhigh has filed 12 patents across all critical areas of its offering: discovery and log analysis, traffic monitoring and redirecting, machine learning and analytics and encryption and tokenisation. Over 55 percent of the company s employees are in Research and Development. The judges liked its approach and said the fast growth speaks for itself. Silobreaker - Highly Commended Cylance Cyphort Darktrace BEST PROFESSIONAL TRAINING OR CERTIFICATION PROGRAMME SPONSORED BY IBM (ISC) 2 Certified Information Systems Security Professional, (ISC) 2 EMEA Now in its 26th year, (ISC)² offers information security and IT professionals access to vast opportunities to develop a breadth of knowledge across required skill sets, along with valuable peer networking and mentoring. The CISSP is a measure of excellence held by nearly 100,000 professionals across 139 countries, more than 16,000 of which reside in Europe. At the core of the CISSP and all (ISC)2 certifications is the Common Body of Knowledge (CBK) that remains current through an ongoing consultative process, known as job task analysis. Credential holders commit to mandatory continuing professional education, essential to this dynamic field, supplemented by a comprehensive online and event-based educational programme delivered by (ISC)². Finally, being certified means being a member of a community, supported by much needed opportunities to come together, whether online or in person to share experience and current knowledge. Frequently referenced in top lists of IT-related certifications, the CISSP has become a benchmark of professionalism. Increasingly required by both security-conscious organisations and government entities, the CISSP validates that an individual possesses the breadth of knowledge and experience needed to manage the security posture of their organisations. Members report that the extent of knowledge and experience needed to pass the examination set the CISSP apart. The CISSP holders work with confidence that colleagues around the world work with the same foundation of knowledge as their own. This credential-based programme uses an extensive foundation of front-line experience, the common body of knowledge reflects input from the practicing membership. Finally, the CISSP credential has long been recognised for adhering to stringent standards as the first in infosec to meet ANSI/ISO/IEC requirements for professional credentials. According to the judges, this is no doubt the prime certification in the field; the recent efforts to refresh the certification are a positive step in the right direction to address areas needing strengthening. CREST Certification / Cyber Essentials, CREST - Highly Commended Think secure, Article 10 CISM Certification, ISACA KPMG Cyber Academy, KPMG Security Training Platform, Wombat Security Technologies 2015 SC AWARDS EUROPE. 11

13 BEST SECURITY COMPANY BEST SECURITY TEAM Tenable Network Security Tenable Network Security solutions help organisations of all sizes achieve compliance with multiple industry and government standards. Tenable is relied upon by many of the world s largest corporations, not-for-profit organisations and public sector agencies. SecurityCenter Continuous View (SC CV) provides a comprehensive and integrated view of network health while Nessus, an integral part of SC CV and the one of the world s most widely deployed vulnerability management products, provides a global standard in detecting and assessing network data. These solutions are used by customers in every major vertical to continuously monitor compliance programmes such as SOX and Payment Card Industry Data Security Standard (PCI DSS). Demand for Tenable solutions continues to be very strong, with Tenable s business growing at over 40 percent pa, well above the security and vulnerability market s growth rate. It also reports over 98 percent renewal rates for its SecurityCenter Continuous View products. Tenable s SC CV provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable combines active scanning, passive monitoring, and log analysis to capture security and compliance risks introduced by traditional, mobile, cloud, and virtualised components in the modern datacentre. Nessus displays vulnerabilities based on standard CVE/ CVSS formats. SecurityCenter CV supplements this with passive and log analysis. Organisations get a real time view of vulnerability, threat and compliance risk for all assets on their networks with advanced analytics, visualisation and reporting. Outcome based auditing allows managers to set desired security posture and receive proactive reports when assets are out of compliance. Nessus and SecurityCenter CV are integral parts of many threat management programmes. Tenable enhances its core capabilities with several third party threat intelligence feeds incorporating, among others, over a billion malware hashes and over 250,000 malicious IPs/URLs into its security analysis. The verdict of the judges was that the company was one we all rely upon. CNS Hut3 Context Information Security NCC Group Nettitude Sophos BP Plc Over the past two years, cyber-threat has increased in frequency and sophistication. BP s Digital Security team has brought together deep technical expertise across all aspects of information security and from diverse professional backgrounds in order to further improve how it responds and anticipates potential threats. Based primarily in in London and Houston, the team has a global role, covering information security across all aspects of BP s diverse business. It is a highly professional, diligent and energetic team that is committed to excellence. BP s Digital Security team has made significant changes including holistic and strategic coverage aligned with the Board-approved Information/Cyber-Security strategy covering all aspects of modern information security management, including emerging areas such as intelligence, counter threat and behavioural change. Within BP, the team has adopted a pragmatic approach to security, aimed at enabling secure business outcomes, consistent delivery to time and budget for significant change programmes. Regular engagement with stakeholders across the company allows it to understand concerns and inform staff of developments. Bob Dudley, Group Chief Executive of BP said in a speech made to Cyber Security Innovation Summit 2014, that BP has elevated cyber-security to a level at which the issue receives the right amount of attention and resource. Cyber-security is what we describe as a group level risk, the highest level. That means it is assigned for monitoring to a committee of the board of directors in this case the audit committee. Direct Line Group WorldPay SC AWARDS EUROPE

14 BEST SIEM SOLUTION BEST SME SECURITY SOLUTION SolarWinds Log & Event Manager, SolarWinds SolarWinds Log and Event Manager (LEM) delivers comprehensive Security Information and Event Management (SIEM) capabilities in a highly affordable, easy-to-use, and quick-to-deploy virtual appliance. It provides real-time log collection and analysis, in-memory event correlation, detailed reporting, secure storage, and an innovative approach to IT search to deliver the visibility, security, and control users need to overcome everyday IT challenges. SolarWinds LEM captures data and provides granular details in ways that are useful to admins. SolarWinds LEM makes deployment and management simple with its all-in-one virtual appliance, browser-based console, intuitive interface, and hundreds of built-in filters, rules, searches, and reports. Plus, it integrates with other SolarWinds products, including Network Performance Monitor and Server & Application Monitor to send/receive traps, as well as Alert Central for incident handling. SolarWinds LEM offers an easy-to-use, quick-to-deploy, scalable log management and SIEM solution that provides true real-time, in-memory event correlation, automated active responses for hands-free threat mitigation, File Integrity Monitoring, and USB defender technology to protect sensitive data, over 700 built-in correlation rules, more than 300 audit proven report templates, and a novel approach to IT search. Competing solutions require log and security management expertise from the user or the need for third-party consultants, plus days to months to implement properly; SolarWinds LEM can be deployed in under an hour and delivers easy-to-understand, actionable intelligence right out of the box enabling security and admins alike to immediately start detecting and remediating threats, as well as simplifying network and application troubleshooting, and streamlining compliance efforts. Judges liked the emphasis on real-time data with it being a simple real-time solution accessible to smaller organisations. AlienVault - USM, AlienVault McAfee Enterprise Security Manager (ESM) from Intel Security, Intel Security LogRhythm Security Intelligence Platform, LogRhythm Splunk - Splunk Enterprise, Splunk AlienVault - Unified Security Management, AlienVault Security is a growing concern for organisations of all sizes. In the SME market, companies realise that they could be the weaker link and a more viable entry point for hackers into the larger organisations that may be their customers or partners. Like larger organisations, SMEs need to ensure that they can prove good security practices. Often, they do not have the large budgets, resources and staff to deploy disparate security solutions, so AlienVault USM offers a solution which combines five essential security controls in one easy to use platform and within reach of even the tightest budgets. AlienVault has seen tremendous growth in the EMEA market for this kind of security offering, so much so that it opened a Sales and Technical Support Centre in Cork, Ireland to help cope with the demand. There are also offices in Spain and Reading in the UK. While the main premise of AlienVault USM is that it is easy for users to get up and running in a day, it also offers LightSpeed support, available to customers with an active Support and Maintenance Contract for the AlienVault USM product line. It provides access to a world-class support organisation, in addition to a support portal where users can submit and track support cases online. AlienVault also offers online and in-person training classes that help enable organisations of all sizes to quickly detect and effectively respond to the latest threats. Led by security professionals, AlienVault training classes and webcasts provide the instruction and hands-on practice needed to design, install, deploy, configure, and operate our Unified Security Management products. The judges called the solution a good one, a good price and great service. Trustwave Managed Security Services, Trustwave - Highly Commended NetBeat NAC, Hexis Cyber Solutions Qualys WatchGuard Firebox T10, WatchGuard 2015 SC AWARDS EUROPE. 13

15 BEST UTM SOLUTION BEST VULNERABILITY MANAGEMENT SOLUTION Sophos UTM, Sophos Sophos UTM provides a one-box approach to network, web, , wireless, web server and endpoint protection, allowing customers to consolidate multiple solutions into a single security gateway. Backed by the intelligence provided by Sophos global network of labs plus numerous other threat data sources, Sophos UTM offers advanced security features which are easy to setup and use. Using a single management console, customers can select which security features they want to activate and add further ones at any time. As a fullyfeatured web security gateway, gateway, network firewall and wireless management console, Sophos UTM has enabled its diverse customer base to reduce the number of solutions they need to manage whilst providing enhanced features, such as Advanced Persistent Threat Protection, which even the smallest company, can easily deploy. Sophos UTM provides the same features for every size of appliance; it says that no customer has to compromise on features, take a larger more expensive appliance just to get a particular feature or buy an additional appliance to get full protection or the visibility they need this is not the case with most competitor solutions. Every UTM appliance comes with a built in hard disk or solid state drive to store logs, quarantine data and reports on-box, meaning customers have constant access to historical data to make intelligent decisions and adapt their solution to the current need of their business. Customers can choose to deploy the UTM solution as hardware, software, virtual or in the cloud without forfeiting functionality. It is also offered by Managed Service Providers. Up to 10 of its UTM appliances can be clustered to provide optimal performance and high-availability for the changing business needs of an organisation. The judges said this provided a superb feature-set that can enable businesses of any size or structure to operate their business safely and securely. FortiGate-500D, Fortigate - Highly Commended Barracuda NG Firewall, Barracuda Networks Check Point 2200 and 4000 Series Appliances, Check Point GFI LanGuard 2014 R2, GFI Software LanGuard 2014 R2 is a comprehensive network vulnerability scanning and patch management security solution and is a critical component to any network security practice. LanGuard provides network administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for any other update tools. It also provides network auditing, powerful scanning and remediation capabilities, and vulnerability assessment for operating systems, third party applications and an increased number of network devices, including printers, routers, switches and mobile devices such as smartphones and tablets and mobile operating systems such as ios, Android and Windows Phone - providing a complete security solution. GFI LanGuard integrates with more than 4,000 security applications and can check for more than 50,000 different vulnerabilities on a network. This latest version of GFI LanGuard extends mobile device auditing to support cloud-based services including Office 365, Google Apps and Apple Profiles Manager and extends vulnerability assessment to a broader range of network devices. LanGuard says it differentiates itself from competition by being the only patch management tool necessary for an organisation, automating patching for all important operating systems: Windows, Apple OS X, Linux (Red Hat Enterprise Linux, Fedora, Ubuntu, Suse, OpenSuse, CentOS, Debian) and more than 70 of the most popular third-party software including Java, Flash Player and major web browsers. GFI LanGuard integrates with more than 4,000 security applications and can check for more than 50,000 different vulnerabilities on a network. In addition to security patches, LanGuard also supports non-security patches for Microsoft operating systems and third-party applications. According to the judges GFI LanGuard 2014 R2 maintains comprehensive coverage of network devices and thus ensures that all devices are appropriately assessed and updated. Rapid7 Nexpose Ultimate, Rapid7 - Highly Commended Lumeta ESI (Enterprise Situational Intelligence), Lumeta Corporation QualysGuard, Qualys Nessus, Tenable Network Security SC AWARDS EUROPE

16 BEST WEB CONTENT MANAGEMENT SOLUTION CSO/ CISO OF THE YEAR SPOSNORED BY NETTITUDE UserGate Web Filter, Entensys UserGate Web Filter is designed to provide effective security against web threats, such as phishing, Trojans, keyloggers, botnets, malware, etc. It also provides excellent broad protection against new and zero-hour threats. Moreover, the product features builtin anti-virus protection that makes web surfing much safer. UserGate Web Filter modular design gives high performance through ultra-low processing, memory, storage, and bandwidth consumption. UserGate Web Filter can control access to websites, Web 2.0 content, downloads, or streaming media based on users, groups, and time. The product can enforce granular policies that can provide security, increase productivity, and enforce any reasonable corporate policy. An SSL inspection function allows application of these policies to all social networks and search engines that would be otherwise impossible. Entensys (UserGate Web Filter developer) has rich experience in developing solutions related to content analysis of Internet traffic. For over ten years, Entensys technologies has protected companies and end users from Internet threats and enabled them to manage traffic, filter Internet content, and defend against spam and malware. UserGate Web Filter can be deployed at all levels, from enduser workstations to ISP-level distributed systems. It competes with products made by major IT security companies, and while Entensys is less well known, its solutions provide high-quality Internet filtering and support unlimited scalability for large deployments. UserGate Web Filter secures web browsing by company employees, protecting them from dangerous and malicious content, and allows blocking non-work-related websites such as social networks, dating services, employment websites, online games, and entertainment/ gaming. UserGate Web Filter can also block all web resources that are forbidden by law. The Entensys content filtering system allows monitoring Internet use and generating full statistics for analysis. The judges said that while Entensys is less well known, its solutions provide high-quality Internet filtering and support unlimited scalability for large deployments. Trustwave Secure Web Gateway, Trustwave - Highly Commended Barracuda Web Filter, Barracuda Networks Websense TRITON AP-WEB, Websense Daniel Barriuso, CISO, BP Plc Daniel Barriuso is the Chief Information Security Officer (CISO) at BP. He is responsible for cybersecurity across the Group, including strategy, governance, architecture, education, counter threat operations and incident response. Daniel is a frequent speaker and contributor at security forums and events. Prior to joining BP, Daniel was CISO at Credit Suisse and was chairman of the Investment Banking Special Interest Information Security Group (IBSIG) where he helped coordinate, in partnership with Bank of England and FSA, the first UK banking industry cyber-exercise (Waking Shark). Daniel also dedicates his time as a Professor at the Universidad Politecnica de Madrid, where he lectures and researches in the areas of IT governance and information security investment. Daniel sets high standards for himself and the team. He inspires his team to be the best. Since joining in late 2012, he has made a significant impact on the capability, motivation, performance and reputation of BP s Digital Security team. Daniel has helped establish information/cyber-security as one of the company s highest priority risks through thoughtful engagement with senior stakeholders across BP s business. Information/cyber-security risk is articulated in business terms and a comprehensive strategy has been defined in partnership with the Business. User awareness is one of Daniel s priorities and he has made it a priority for BP. He launched a new security behavioural change programme focused on making cybersecurity part of everyone s job. Mike Gibbs, BP s Group CIO said Under Daniel s leadership, BP has made a step change in its approach to Cyber security. He brings an enormous level of security expertise and experience. Perhaps even more importantly, Daniel has been able to engage with our executive business leadership so that cyber security is now owned by them as a priority business risk. His strategic outlook has been backed up by very strong delivery, giving him credibility at all levels. Daniel has built a fantastic team and a capability that puts us in a very strong position to continue to manage this most important of business risks in the future. Sean Groenewald, Liberty Global - Highly Commended Barry Coatsworth, (Former) New Look 2015 SC AWARDS EUROPE. 15

17 RISK/POLICY MANAGEMENT AND REGULATORY COMPLIANCE SOLUTIONS EDITOR S CHOICE AWARD SecurityCentre Continuous View (SC CV), Tenable Network Security Tenable believes in providing the best possible experience to its customers through a variety of different channels. In its 2012 Vulnerability Assessment MarketScope report, Gartner says Tenable gets good marks for the quality of its technical and customer support, and for addressing customer feature requests. It offers unlimited, toll-free support, an online portal, and a discussion forum providing a deep knowledgebase of tutorials, and over 100 sample dashboards and reports. Tenable employs its own customer support and professional services staff through its offices around the world to enable true follow-the-sun support model. In addition Tenable fosters and maintains a thriving online community of security professionals that engage in active discussions and support through the discussions.nessus.org community. For its large accounts and enterprise customers, Tenable employs a specialised technical team of product specialists that, in many cases, were extremely sophisticated Tenable customers and product users that decided to join the company. Tenable is consistently identifying new ways to improve existing products. Within the past 12 months, the company has introduced more than a dozen new product updates designed specifically to help customers stay ahead of both internal and external threats, while streamlining and automating the compliance process. Updates to Nessus, an integral part of SC CV, regularly includes additional plugins to identify newly discovered vulnerabilities, updated reports, changes to compliance checks based on audit requirement changes, and core product updates. These updates occur approximately every six weeks. Tenable s products are the industry standard for continuous monitoring and vulnerability assessment, and the vast majority of third-party security auditors use Nessus as their primary tool to assess the risk status of enterprise networks. Customers use SC CV to gain comprehensive visibility into the effectiveness of their security and compliance programmes. The judges remarked that the solution has a good overview for compliance teams, what you might want in your back pocket for keeping an eye on things. Dell ChangeAuditor, Dell Software FireMon Security Intelligence Platform, FireMon Qualys Policy Compliance (PC), Qualys Tripwire Enterprise, Tripwire Cyber Essentials Most SC Awards go to companies which have raised the bar in their sector of information security. But many SMEs and even some medium sized companies have next to nothing in place to protect themselves from cyber-threats, and so Cyber Essentials, receives the Editor s choice Award for actually putting a bar in place for the first time, potentially having a greater impact on improving information security in the UK than any other single initiative. Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks and came about after CESG, the information security arm of GCHQ, found that 80 percent of cyber-threats come from less skilled attackers. In response, Cyber Essentials provides a clear statement of the basic controls all organisations of whatever size should implement to mitigate the risk from common internet based threats. And through the Assurance Framework it offers a cost-effective mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions. It does this by certificating best practice - awarding Cyber Essentials and Cyber Essentials Plus certificates for organisations, giving them a choice over the level of assurance they wish to gain and the cost of doing so. It lets them achieve the right balance between providing additional assurance of an organisation s commitment to implementing cyber-security to third parties, while retaining a simple and low cost mechanism for doing so. When properly implemented, the set of controls defined by Cyber Essentials will provide organisations with basic protection from the most prevalent forms of threats coming from the Internet. In particular, it focuses on threats which require low levels of attacker skill, and which are widely available online. Risk management is the fundamental starting point but the focus for Cyber Essentials is the basic cyber-hygiene that needs to become the minimum de-facto standard across the information security industry SC AWARDS EUROPE

18 Haymarket Management Group, Teddington Studios, Broom Road, Teddington, Middlesex TW119BE, UK Telephone: +44 (0) Web:

Bringing Continuous Security to the Global Enterprise

Bringing Continuous Security to the Global Enterprise Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The

More information

TRITON APX. Websense TRITON APX

TRITON APX. Websense TRITON APX TRITON APX Unified protection and intelligence against Advanced Threats and data theft Your organization is faced with an increasing number of Advanced Threats that lead to data theft, denial of service

More information

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Stop advanced targeted attacks, identify high risk users and control Insider Threats TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

More information

NE T GENERATION CLOUD SECURITY PLATFORM

NE T GENERATION CLOUD SECURITY PLATFORM Qualys Cloud Platform The Qualys Cloud Platform and integrated suite of solutions enable organizations to simplify the process and reduce the cost of identifying and securing their IT assets, while ensuring

More information

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an

More information

IT Security. Muscat 15+ ABOUT US IN A GLANCE

IT Security. Muscat 15+ ABOUT US IN A GLANCE www.insight.co.om insightoman insightoman insightoman insight-information-technology www.insight.co.om insightoman insightoman insightoman insight-information-technology ABOUT US LOCATION Visit us at

More information

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

WEBSENSE TRITON SOLUTIONS

WEBSENSE TRITON SOLUTIONS WEBSENSE TRITON SOLUTIONS INNOVATIVE SECURITY FOR WEB, EMAIL, DATA AND MOBILE TRITON STOPS MORE THREATS. WE CAN PROVE IT. PROTECTION AS ADVANCED AND DYNAMIC AS THE THREATS THEMSELVES The security threats

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

DOBUS And SBL Cloud Services Brochure

DOBUS And SBL Cloud Services Brochure 01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

Endpoint Threat Detection without the Pain

Endpoint Threat Detection without the Pain WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Managed Security Services for Data

Managed Security Services for Data A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

Delivering Control with Context Across the Extended Network

Delivering Control with Context Across the Extended Network Delivering Control with Context Across the Extended Network Agenda Current Challenges Cisco ISE Overview Introducing Cisco pxgrid Customer Success Stories Only Cisco ISE Delivers 2013-2014 Cisco and/or

More information

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta.

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta. May 2012 Trust. Practical. Performanta. Company Overview Performanta Pty Ltd is an information security organisation that has a practical approach, competitively priced services, strong client commitment,

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

Web Security Update. A Radicati Group, Inc. Webconference. The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited

Web Security Update. A Radicati Group, Inc. Webconference. The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited The Radicati Group, Inc. www.radicati.com Web Security Update A Radicati Group, Inc. Webconference The Radicati Group, Inc. Copyright March 2010, Reproduction Prohibited 9:30 am, PT March 25, 2010 Speakers

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Information & Asset Protection with SIEM and DLP

Information & Asset Protection with SIEM and DLP Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the

More information

Requirements When Considering a Next- Generation Firewall

Requirements When Considering a Next- Generation Firewall White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

More information

Comprehensive real-time protection against Advanced Threats and data theft

Comprehensive real-time protection against Advanced Threats and data theft TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient

More information

2012 North American Managed Security Service Providers Growth Leadership Award

2012 North American Managed Security Service Providers Growth Leadership Award 2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

OVERVIEW. Enterprise Security Solutions

OVERVIEW. Enterprise Security Solutions Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s

More information

INSERT COMPANY LOGO HERE

INSERT COMPANY LOGO HERE INSERT COMPANY LOGO HERE 2014 Frost & Sullivan 1 We Accelerate Growth Technology Innovation Leadership Award Network Security Global, 2014 Frost & Sullivan s Global Research Platform Frost & Sullivan is

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

Is your business secure in a hosted world?

Is your business secure in a hosted world? Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer

More information

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

GOING BEYOND BLOCKING AN ATTACK

GOING BEYOND BLOCKING AN ATTACK Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version

More information

If you can't beat them - secure them

If you can't beat them - secure them If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation Box Security Whitepaper Box: Redefining Security for the Cloud Securing Content: The Core Currency of Your Business We know that your content is the core currency of your business. Product requirements,

More information

Box: Redefining Security for the Cloud

Box: Redefining Security for the Cloud Box: Redefining Security for the Cloud Securing Content: The Core Currency of Your Business We know that your content is the core currency of your business. Product requirements, detailed financial analysis,

More information

Simplify Your Network Security with All-In-One Unified Threat Management

Simplify Your Network Security with All-In-One Unified Threat Management Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

AirWatch Solution Overview

AirWatch Solution Overview AirWatch Solution Overview Marenza Altieri-Douglas - AirWatch Massimiliano Moschini Brand Specialist Itway 2014 VMware Inc. All rights reserved. Cloud Computing 2 BYOD 3 Device aziendali? 4 From Client/Server

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS AND DATA THEFT Your business and its data

More information

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev Symantec Enterprise Security: Strategy and Roadmap Galin Grozev Senior Technology Consultant Symantec Bulgaria Enterprise Threat Landscape Attackers Moving Faster Digital extortion on the rise Malware

More information

Cisco Cloud Web Security

Cisco Cloud Web Security Data Sheet Today s highly connected and fast-moving world is filled with complex and sophisticated web security threats. Cisco delivers the strong protection, complete control, and investment value that

More information

Cloud and Data Center Security

Cloud and Data Center Security solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic

More information

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto

More information

Overcoming PCI Compliance Challenges

Overcoming PCI Compliance Challenges Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

$ Drive awareness and increase participation. National account program. Flexible managed Security Solutions for hospitality

$ Drive awareness and increase participation. National account program. Flexible managed Security Solutions for hospitality National Account Program Managed Security Solutions for Hospitality National account program Flexible managed Security Solutions for hospitality The Trustwave National Account Program is designed with

More information

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research 2 3 6 7 9 9 Issue 1 Welcome From the Gartner Files Definition:

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

email management solutions

email management solutions Safeguard business continuity and productivity with Mimecast email management solutions Computacenter and Mimecast in partnership Expert software solutions Computacenter and Mimecast help organisations

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

The ForeScout Difference

The ForeScout Difference The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete

More information

Symantec Messaging Gateway powered by Brightmail

Symantec Messaging Gateway powered by Brightmail The first name in messaging security powered by Brightmail Overview, delivers inbound and outbound messaging security, with effective and accurate real-time antispam and antivirus protection, advanced

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013 Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory

More information

Trend Micro. Advanced Security Built for the Cloud

Trend Micro. Advanced Security Built for the Cloud datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

A strategic approach to fraud

A strategic approach to fraud A strategic approach to fraud A continuous cycle of fraud risk management The risk of fraud is rising at an unprecedented rate. Today s tough economic climate is driving a surge in first party fraud for

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Speed Up Incident Response with Actionable Forensic Analytics

Speed Up Incident Response with Actionable Forensic Analytics WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents

More information

ForeScout MDM Enterprise

ForeScout MDM Enterprise Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify

More information

A COMPLETE APPROACH TO SECURITY

A COMPLETE APPROACH TO SECURITY A COMPLETE APPROACH TO SECURITY HOW TO ACHEIVE AGILE SECURITY OPERATIONS THREAT WATCH Cyber threats cost the UK economy 27 billion a year 200,000 new threats are identified every day 58% of businesses

More information

A HELPING HAND TO PROTECT YOUR REPUTATION

A HELPING HAND TO PROTECT YOUR REPUTATION OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION

More information

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Addressing BYOD Challenges with ForeScout and Motorola Solutions Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software

More information

How to Define SIEM Strategy, Management and Success in the Enterprise

How to Define SIEM Strategy, Management and Success in the Enterprise How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have

More information

2012 North American Enterprise Firewalls Market Penetration Leadership Award

2012 North American Enterprise Firewalls Market Penetration Leadership Award 2012 2012 North American Enterprise Firewalls Market Penetration Leadership Award 2012 Frost & Sullivan 1 We Accelerate Growth Market Penetration Leadership Award Enterprise Firewalls North America, 2012

More information

Guide to Evaluating Multi-Factor Authentication Solutions

Guide to Evaluating Multi-Factor Authentication Solutions Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper

SHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch

More information