Wednesday, February 29, 2012

SC Magazine Awards 2012 Winners Announced

SC Magazine announced the US SC Magazine Awards winners on February 28 in a ceremony in San Francisco. The ceremony was held during RSA 2012 San Francisco but was not part of RSA. The winners for the Reader Trust categories are below. To view the Finalists for the Reader Trust categories and Winners in the Excellence Award and Professional Award categories, go to:

Awards were given out in the following categories:

Reader Trust Categories

· Best Anti-Malware Gateway – Cisco for Cisco Web Gateway

· Best Anti-Malware Management (client-based, typically software only) - ESET

· Best Cloud Computing Security - IBM for IBM Cloud Security Solutions

· Best Computer Forensics Tool – RSA for RSA Netwitness 9.6

· Best Data Leakage Prevention (DLP) – McAfee for McAfee Database Security

· Best Database Security Solution – Symantec for Symantec Data Loss Prevention

· Best Email Content Management – Proofpoint for Proofpoint Enterprise Protection/Enterprise Privacy

· Best Email Security - Sophos for Astaro Security Gateway v8.2

· Best Enterprise Firewall – Barracuda Networks for Barracuda NG Firewall

· Best Fraud Prevention – IronKey for IronKey Trusted Access

· Best Identity Management Application - CA Technologies for CA IdentityMinder

· Best Intrusion Detection/Prevention Product – Check Point Software Technologies for Check Point IPS Software Blade

· Best Managed Security Service - Dell Secure Works

· Best Mobile/Portable Device Security - Symantec for PGP Whole Disk Encryption

· Best Multifactor Product – Entrust for Entrust IdentityGuard

· Best NAC Product – ForeScout Technologies for ForeScout CounterACT

· Best Policy Management Solution - Tripwire for Tripwire Enterprise Solution 8.1

· Best Security Information/Event Management (SIEM) Appliance - HP for HP ArcSight Express

· Best UTM Security – Fortinet For FortiGate-60C

· Best Vulnerability Management Tool - Rapid7 for NeXpose Enterprise

· Best Web Application Firewall - SonicWall for SonicWall Web Application Firewall Service

· Best Web Content Management Product – Websense for Websense Web Security Gateway Anywhere

· Best Enterprise Security Solution – Websense for Websense Web Security Anywhere

· Best Regulatory Compliance Solution – Agiliance for Agiliance RiskVision with Agiliance Compliance Manager Application

Excellence Categories

· Best Enterprise Security Solution

· Rookie Security Company of the Year

· Best SME Security Solution

· Rookie Security Company of the Year

· Best Security Company

Professional Categories

· Best Security Team

· Best Professional Certification Program

· Best Professional Training Program

· CSO of the Year

· Editor’s Choice Award

· Best Security Team

What Readers Trust Awards Mean for the Recipients

• Third party validation by a leading dedicated security company

• Third party validation by peers

• Marketing/promotional rights for a year, subject to licensing

• A number of potential marketing/branding/lead generation opportunities for the recipients

Look for winners to be posted only once every four years. Well, actually not. This is a leap year. Congratulations to all winners!

Tuesday, February 28, 2012

An Irreverent Look at RSA San Francisco 2012 – Suggested Smackdowns

Today is Day three of the Exhibition Hall at RSA San Francisco 2012 - The ceremonial exchanging of chotchkes among vendors will begin shortly after one o'clock and will continue until the show ends at three. The sprint through by some attendees eagerly hoping to build their t-shirt collection without attending a presentation may be out in full force.

Some Day two observations - Day one below. Qualys attracted huge numbers to their booth with their breakfast wraps. Impressed that people will stand in line for some of the hardcover book giveaways/autographed if you would wait (titles to be added later). Not as impressed with how long people will stand in line for a slider. No line at the same booth for a blue martini! Exhibition hall presentations in the booths were "okay" with respect to attendance. The theatre presentations inside the Exhibition Hall, mixed. Sympathies to the booths who had to view the sumo wrestler guy in one booth all day long. Long line to get into a casino party in the evening. Perhaps because after more than 20 minutes of the "start" time, they still weren't letting people in.

Nice study by NSS on next generation firewalls. Capture rates of bad stuff versus price/performance. SonicWall did extremely well. Palo Alto Networks, pretty well. Juniper Systems did not do well at all. Very high price per protected Mbps and a low block rate. Barracuda probably isn't pleased either. They barely finished above average values in the study. Fortinet - great block rate, but expensive (not as high as Juniper, though). This wasn't a single vendor sponsored study. Go to SonicWall's site to obtain the report and and check out the visual.

Day one of the Exhibition Hall at RSA San Francisco 2012 was relatively low key. The presentations were pretty well attended. The walkways weren’t packed. The show people FINALLY put booth numbers on the floor in front of the booths and on ceiling banners, mentioning some of the companies in that row. Bravo!

Many of the presentations were on mobility and security. See a Channelnomics posting, “RSA Conference Buzz is All about Mobility” for a discussion on this.

Walking Down the Aisles and Tchotchkes!

A few magicians. A booth with trade show “hostesses” in blue Kate Perry wigs. A handful of racecars. Now a smackdown of these on Howard Street in front of Moscone South where RSA 2012 would have been interesting. Barracuda had one in their booth instead of their tour bus. Interestingly enough, Go Daddy didn’t have a car in their booth. They had an almost life size figure of Danika Patrick and were showing product adverts and Go Daddy commercials in their booth. Sound bites from presentation attendees being filmed in the ESET booth.

Magicians. An eight-foot transformer in the FireEye booth. FireEye also had a packed event in the evening. Several golf games. Opportunities to win iPads. Opportunities to win Kindles. A drawing for a large screen LCD TV. A booth where you could punch some guy.

Complimentary drinks from five to six on Tuesday during the Expo Hall Pub Crawl... Most of these offerings seemed to be in the three digit aisles. Ditto with some free food. Popcorn compliments of Trend Micro. A handful of booths offering coffee drinks. About twenty-eight rows in the event.

Way too many pens. Lots of candy. A return of round stress balls. Lots of LBT’s, Little Black T-shirts (actually they tended to be on the large size). Pink ones seemed to be given out in one both. Did I say pens? Did I say candy? Money clip. Branding bags. Several booths handing out the abbreviated “Something” for Dummies books. These are actually informative. Thanks, Quest, among other companies.

The big keynote will be on Friday by former Britain Prime Minister Tony Blair. Perhaps attendees who purchased his biography will get a partial rebate. Informative, but not too exciting. Tuesday keynotes – Qualys’ CEO Philippe Courtot, McAfee Chief Technology Officer Stuart McClure and New York Times columnist David Brooks.

Some Suggested Smackdowns for the Next RSA San Francisco

These could add some excitement for next year. Instead of “he said, she said” spread across multiple aisles, put some competitors in the front of a room, and have add it. Audience applause for the winner. Losers split the cost of beverages for attendees.

Secure Web Gateway Smackdown - The formerly public traded company McAfee, the formerly publicly traded company Blue Coat Systems, Websense, and Zscaler.

Next Generation Firewall (NGFW) Smackdown - Palo Alto Networks, SonicWall, Check Point. BTW. NSS has put out an interesting study showing that the SonicWall’s largest NGFW firewalls have the best price/performance and capture rates of bad stuff.

Endpoint Security Smackdown (only companies with a booth eligible) - Symantec, McAfee, Sophos, Kaspersky, Ahn, G Data, Trend Micro.

A Suggested Required Drinking Game for Presenters

Every time the audience catches the presenter saying “next generation”, the presenter should have to down a shot of something.

SC Magazine Awards 2012 Winners To Be Announced This Evening

There will be 32 happy companies at the end of the evening tonight, February 28, in San Francisco. SC Magazine will be announcing the SC Magazine Awards 2012 winners at a ceremony just down the street from RSA 2012 San Francisco. Reps from the other companies? They’ll probably head out to one of the parties to drown their sorrows. Winners? They’ll probably head out to one of the parties to celebrate. There will be more tuxedos, ties, and evening attire in this room than at any other security event within a mile of RSA 2012 San Franciso

See the winners at:

Awards will be given out in the following categories:

Reader Trust Categories

· Best Anti-Malware Gateway

· Best Anti-Malware Management (client-based, typically software only)

· Best Cloud Computing Security

· Best Computer Forensics Tool

· Best Data Leakage Prevention (DLP)

· Best Database Security Solution

· Best Email Content Management

· Best Email Security

· Best Enterprise Firewall

· Best Fraud Prevention

· Best Identity Management Application

· Best Intrusion Detection/Prevention Product

· Best IPsec/SSL VPN

· Best Managed Security Service

· Best Mobile/Portable Device Security

· Best Multifactor Product

· Best Policy Management Solution

· Best Security Information/Event Management (SIEM) Appliance

· Best UTM Security

· Best Vulnerability Management Tool

· Best Web Application Firewall

· Best Web Content Management Product

Excellence Categories

· Best Security Company

· Rookie Security Company of the Year

· Best Enterprise Security Solution

· Best Regulatory Compliance Solution

· Best SME Security Solution

Professional Categories

· CSO of the Year

· Best Security Team

· Best Professional Training Program

· Best Professional Certification Program

· Editor's Choice Award

Look for winners to be posted only once every four years. Well, actually not. This is a leap year.

Thursday, February 23, 2012

Stealthy Goings On In the San Francisco Bay Area

Black helicopters, disguised as black helicopters, hovering on highway 101 just south of San Francisco International Airport. People wearing hoodies, on their laptops looking at the closed doors of a conference room just down the hallway. Rental cones of silence hanging from the ceiling of the conference room. White noise machines. Food tasters on call.

Some black hat operation? Secret meetings on Facebook’s upcoming IPO (Initial Public Offering)? Merger and Acquisition discussions between companies who don’t want to be seen in the same room together or at the “W”, during RSA 2012 San Francisco?

None of the above. Not even stealthy. It’s the Anti-Malware Testing Standards Organization (AMTSO) members meeting,behind held prior to RSA 2012 San Francisco. These people won’t be found with the tchotchke collectors journeying the RSA exhibition hall. Quite an impressive international membership,from A to W. No, I’m not a member. A number of these people,who easily qualify as malware “smartest guys in the room” will be trekking up to RSA 2012 San Francisco after this meeting.

The AMTSO does good stuff. It’s worth checking out their organization and their (free) white papers. Titles include "AMTSO Fundamental Principles of Testing" and "AMTSO Best Practices for Testing in the Cloud Security Products". There is more to evaluating a security product than clicking “like” on a fan page.

The Anti-Malware Testing Standards Organization (AMTSO) was founded in May 2008 as an international non-profit association. They focus on addressing the global need for improvement in the objectivity, quality, and relevance of anti-malware testing methodologies.AMTSO membership is open to academics, reviewers, publications, testers, and vendors, subject to guidelines determined by AMTSO.