This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2013."
Download it now to read this article plus other related content.
Remember travel without the airline and hotel deals—or the cautionary tales—on aggregation sites? How about finding the local businesses that everyone frequents because of excellent pricing and services before Yelp?
Our eighth annual Readers' Choice Awards honor Information Security magazine voters' top security product choices in 19 categories, with the goal of informing readers by reporting how these security technologies and services perform in real-world deployments.
We take a unique approach to our Readers' Choice Awards and ask Information Security readers to only vote on the products in use in their respective organizations.
We take a unique approach to our Readers' Choice Awards and ask Information Security readers to only vote on the products in use in their respective organizations. The winning technologies are deployed in their networking environments, giving the senior security management that vote on them first-hand knowledge of the products' strengths, potential issues, vendor support and services and, foremost, return on investment.
This year's awards introduce new categories and bring back a few past ones that were on hiatus. New categories this year include "Cloud Security," "Data Loss Prevention," "Encryption," "Mobile Data Security" and "Unified Threat Management." Voters were asked to rate each product on a sliding scale from one (poor) to five (excellent), based on criteria specific to each category.
Our Readers' Choice Awards for 2013 also give us the opportunity to honor the hard-working vendors that are developing excellent enterprise security appliances and software. The awards recognize security products built around threat detection, network security, data loss prevention, device and application security, incident response and compliance. As in past years, several technology companies earned Readers' Choice Awards in multiple categories—Check Point Software Technologies Ltd., Dell Corp., Juniper Networks Inc., McAfee Inc. and Symantec Corp., among them. Congratulations to these vendors whose products were voted the best of the year, and to all the Readers' Choice Award 2013 winners.
October also marks the debut of our new "Security Economics" column. We are excited to welcome columnist Peter Lindstrom, principal and vice president of research at Spire Security, who is a longtime contributor to Information Security magazine and TechTarget's websites, including SearchSecurity.com.
In his first column, Lindstrom introduces the concepts behind "Security Economics" and looks at the challenges of technology risk management as security professionals make tough decisions about which activities to perform in the face of scarce resources and inevitable tradeoffs.
"We don't live in a perfect world, we live in one that puts limits on available resources," observes Lindstrom, "except for that one guy at every conference, who says he has significant budget."
If you are still trying to get your arms around software-defined networking, we try to dispel some myths about SDN and its various implementations by exploring the security foundation in an in-depth article authored by longtime technology journalist, Sally Johnson. Many people may not realize that SDN's origins stemmed in part from VMware's Martin Casado's early security work at intelligence agencies.
"As a proof point of SDN or an application built on top of SDN, network virtualization has solid security properties," said Casado. "This was the use case I was after while working for the intelligence agencies: How do you build isolated groups of compute that have their own security policy, which remains invariant independent of where the VMs go? To me, that's the Holy Grail and it's why I think network virtualization is going to be a fundament of any secure deployment in the future."
Finally, Dr. Anton Chuvakin, director of research at Gartner, and a thought leader on SIEM, looks at the processes around security information and event management and makes the case that security monitoring capability, which cannot be bought, is as important for success or failure in SIEM projects as the software tools and appliances.
It's the process, not the tools themselves, advises Chuvakin, who provides information about mandatory processes for newcomers and advanced data exploration for mature deployments. Despite his well-taken advice, be sure to check out the top SIEM in this year's Readers' Choice Awards.
This was first published in September 2013