Information Security and SearchSecurity.com presented more than 1,600 readers with a survey of some 360 security products, divided into 18 categories. The categories and product lists were determined by Information Security and SearchSecurity.com editors, in consultation with recognized information security experts.

To prevent products that received a small number of high scores from unduly influencing the results, we instituted a vote-qualification minimum. Three categories -- "data loss prevention," "database security" and "risk and policy management" -- failed to draw sufficient reader response and were not included in this year's awards. We cover them in our "emerging markets" section.

Respondents were asked to rate each product based on criteria specific to each category. For each criterion, respondents scored the product on a scale of one (poor) to five (excellent). In addition, each criterion was given a weighted percentage to reflect its importance in that category. Some criteria were applied in multiple product categories, and one, "Investment ROI -- are you getting your money's worth?" was asked in each product category.

Respondents also could opt out of scoring in one or more criteria by indicating "no opinion."

Winners were based on the cumulative weighted responses for each product category's criteria. Editors arrived at a product's overall score by calculating the average score it received for each set of criteria, applying the weighted percentage and adding the adjusted scores. In each category, the highest overall score received the gold medal, the next highest earned the silver medal, and the third highest took the bronze medal. Emerging technologies awards were determined by Information Security and SearchSecurity.com editors, who chose three innovative technologies that address a critical security need for enterprises and/or SMBs.