-
Cisco Systems for Cisco Web SecurityCategory description
WinnerProducts in this category generally are appliances. Their purpose is to act as gateways, usually at the perimeter of the
Category
enterprise, protecting against various types of malware attempting to enter the enterprise from outside.Best Anti-Malware Gateway
-
-
McAfee for McAfee Endpoint Protection SuiteCategory description
WinnerThese products are used to provide a central management point for mitigation of the threat of malware. They manage the
Category
anti-malware software/appliances from a central point, facilitating data file updates, reporting, alerting and more. They are
not in themselves anti-malware products. Malware management, for the purposes of this category, is defined as a product
that reduces the threat of malware for small, medium or large enterprises on an organization basis by managing instances
of an anti-malware product or products residing on endpoints, servers or gateways.Best Anti-Malware Management (client-based, typically software only)
-
Best Anti-Malware ManagementCategory
FinalistBest Anti-Malware Management (client-based, typically software only)
-
Guidance Software for EnCase ForensicCategory description
WinnerProducts in this category fall into two sub-categories: network and media. The network tools must be exclusively intended for forensic analysis of network events/data. If the product is a SIEM with forensic capabilities, it should be placed in the SIEM category. Media tools cover just about all other non-network forensic tools, including those tools that collect data from media over the network and live forensics tools. This also includes specialized forensic tools that are not intended to analyze network data.
CategoryBest Computer Forensics Tool
-
-
Symantec for Symantec Data Loss PreventionCategory description
WinnerIncludes products that help organizations safeguard their intellectual property and customers’ critical data persistently –inside and outside the company. Network-based and endpoint data leakage prevention products (also sometimes called extrusion prevention products) will be considered. Products should prevent data from unauthorized exit from the network or protect data on the endpoint, whether the endpoint is connected to a network or not (e.g., laptops that are removed
Category
from the network for travel). Products must be policy-driven and should include scanning of all data, regardless of protocol or application leaving the network, and/or keep track of peripherals, such as removable storage and attached to the endpoint – reporting that inventory to a central location or adminstrator. All entrants should have the capability of being managed by a centralized administrator. Those products considered part of this category include: network DLP products, which are typically gateways; those products protecting only endpoints; and hybrid products, those that operate at both
the gateway to the network and at the endpoint. Products should be transparent to the user. Specifically for endpoint DLP, traffic should be monitored and encryption should be available. Products that offer encryption exclusively are inappropriate for submission, although encryption may be part of a larger package of DLP capabilities.Best Data Leakage Prevention
-
-
Symantec for Symantec Brightmail GatewayCategory description
WinnerThese products may filter email messages based on content, source or other criteria. Direction of flow may be either to the organization, from the organization or both. These products are enterprise-centric and should have, but are not required to have, some form of centralized management. They may include spam filters, junk mail filters, malware filters, unauthorized content (sometimes called “extrusion protection” or “data leakage protection”), phishing and other types of undesirable content. However, these are not simply anti-spam filters.
CategoryBest Email Content Management
-
-
Best Email SecurityCategory description
WinnerEmail security addresses the ability to exchange email messages securely. This includes ensuring the privacy of sensitive messages, limiting the repercussions of email forgery, and managing other aspects of email security within the organization. These email security products should be evaluated on their effectiveness, manageability, non-intrusiveness, ease of use and other factors that impact the implementation of this type of product in the enterprise environment.
CategoryBest Email Security
-
-
Symantec for Symantec Endpoint Protection 11.0Category description
WinnerSolutions should take an “in-depth” defense approach. Entrants should have an integrated, multifunction endpoint/UTM offering – not a single-function product. These products typically aggregate a wide variety of threat data into a single unified tool. Many organizations define those threat categories as anti-virus, content management, IDS/IPS and spam filtering. The minimum functionality, according to IDC, is IDS/IPS, anti-virus and firewall/VPN. Entrants should meet this IDC
Category
minimum functionality. As well, all products must function at the endpoint as opposed to the gateway, although hybrid gateway/endpoint devices will be allowed as long as there is an integral endpoint piece to the product.Best Endpoint/UTM Security
-
-
Cisco Systems for Cisco ASA 5585-XCategory description
WinnerProducts in this category are organizational firewalls, not personal firewalls. Firewalls must provide a mechanism to filter incoming and outgoing traffic based on port, protocol, source IP address and destination IP address. All products must have the ability to terminate network traffic based on the above filtering criteria. Additional details below. Product is a proxy-based firewall. Proxy-based firewalls are firewalls that terminate the Time-to-Live (TTL) field in the IP header as the packet is processed. They must protect all layers of the OSI model, including the application layer. Also, they must maintain two separate data streams (client to proxy firewall and proxy firewall to destination). Product is a stateful inspection-based firewall. Stateful inspection firewalls are firewalls that maintain a state of connections
Category
database or table. Stateful inspection firewalls track the state of connection and make filtering decisions based on information in the state table or database. With stateful inspection firewalls, a single stream of data is maintained. Product is a packet filter firewall. Packet filter firewalls use source IP, destination IP, source port and destination port to determine if a packet is permitted. A packet filter firewall does not terminate the TTL field in the IP header. A packet filter
firewall does not use a state table or database for filtering of traffic.Best Enterprise Firewall
