GOLD MEDAL: Skybox View 2.0
Skybox Security, www.skyboxsecurity.com
Information security, as a market, is as dynamic as the infrastructures it protects. Picking winners in the established security categories is relatively simple; identifying the products that enterprises will embrace tomorrow is a little harder.
In reviewing the numerous products that have entered the security market over the last year, the editors of Information Security picked the three most promising for the emerging technologies category. Topping our list is Skybox Security's View 2.0, a clear leader in the emerging automated risk measurement and management space.
Skybox View vividly and intelligently calculates and demonstrates risk. Much like a SIM, Skybox pulls data from various sources -- firewalls, routers, IDSes, scanners, servers and applications -- and normalizes it, munching through its risk models and comparing the composite against business objectives and policies. The result is a clear picture of an enterprise's risk exposure. With that intelligence, enterprises are able to act on risk, adjusting their posture and building better event contingency plans.
Skybox View offers many benefits. For starters, the monitoring will tell you when you have increased or unacceptable risk exposure. It will identify and forecast potential exploitable weaknesses, and it accurately measures regulatory and policy compliance. The security intelligence it generates is contextual to the enterprise's unique environment and requirements, making its forecasts and recommendations more reliable.
In the latest release, Skybox has added metrics for assigning value to various network assets, a means for identifying metrics that fall under security regulations such as Sarbanes-Oxley, risk trending and tracking tools, and the ability to measure risk change over time.
Automated risk measuring and modeling is still a nascent space. Skybox and its rivals will continue to develop and refine these tools into more comprehensive risk management platforms. Skybox has shown that it will compete as a leader and visionary in this field.
SILVER MEDAL: Prexis
Ounce Labs, www.ouncelabs.com
Ounce Labs' Prexis family of products is among the first to provide reliable, automated source code reviews. Prexis will find security and quality issues in common software languages, providing developers and enterprises with valuable intelligence on how to fix problems that could cause a breach, before code is compiled.
BRONZE MEDAL: CounterPoint C-245 (formerly Mi40 Inverted Firewall)
Mirage Networks, www.miragenetworks.com
The CounterPoint C-245 is an excellent example of the new breed of security solutions that incorporates signature and anomaly detection, IPS and ingress/egress traffic monitoring and control.