tuesday, 4th june 2019 - static.swipeuk.com › assets ›...

Tuesday, 4th June 2019London Marriott Hotel Grosvenor Square

Grosvenor SquareW1K 6JP United Kingdom

2019 SC Awards Europe

EDITORIAL

EDITOR-IN-CHIEF Tony Morbin [email protected]

TECHNOLOGY EDITOR Peter Stephenson

SENIOR REPORTER Chandu Gopalakrishan [email protected]

PRODUCTION

LIST RENTAL Alex Foley +44 (0)20 8267 4964

BACK ISSUES John Denton +44 (0)1733 38 51 70

ADVERTISING

ACCOUNT DIRECTOR Martin Hallett +44 (0) 20 8267 8280 [email protected]

PUBLISHING

PUBLISHING MANAGER Gary Budd

CHIEF EXECUTIVE Kevin Costello

EVENTS MANAGER Nitika Sharma [email protected]

MARKETING EXECUTIVE Ieuan Holland [email protected]

How to contact us: SC Media UK, Haymarket Management Group, Bridge House, 69 London Road, Twickenham, TW1 3SP, UK Telephone: +44 (0)20 8267 8016

ContentsJudges..................... ......................................................................3Sponsors ................................................................................... ...4

Best Advanced Persistent Threat (APT) Protection ............... ...5Best Authentication Technology .............................................. ...5Best Behaviour Analytics/Enterprise Threat Detection ......... ...6Best Cloud Computing Security Solution ............................... ...6Best Customer Service ............................................................. ...7Best Data Leakage Prevention (DLP) Solution ....................... ...7Best Deception Technology .........................................................8Best Email Security Solution .......................................................8Best Emerging Technology ..........................................................9Best Endpoint Security ................................................................9Best Enterprise Security Solution .......................................... ...10Best Identity Management Solution ...................................... ...10Best Managed Security Service .................................................11Best Mobile Security Solution ....................................................11Best Newcomer Security Company of the Year .................... ...12Best Professional Training or Certification Programme ....... ...12Best Risk management/Regulatory Compliance Solution ........ ...13Best Security Team ................................................................. ...13Best SIEM Solution ................................................................. ...15Best SME Security solution .................................................... ...15Best Threat Intelligence Technology ...................................... ...16Best use of Machine Learning/ AI .......................................... ...16Best Vulnerability Management Solution .............................. ...17Regulatory Compliance Tools and Solutions......................... ...17Cybersecurity Student of the year ......................................... ...18Best Security Company .......................................................... ...18Outstanding Contribution ..................................................... ...20CSO/ CISO of the Year ........................................................... ...20

Recognising excellence Our highest scoring year ever!

Welcome to the SC Awards Europe 2019 book of the night, celebrating this year’s best of the best in cyber-security.

When popular Apps such as What’s App can take over our phone, and trade deals with China are impacted by cyber-spying fears, when cars get hacked and voting is undermined, its apparent that

cyber-security touches every part of the modern world.Increasingly the private sector cyber-security industry is a

critical component in a country’s defences, working with armed forces, law enforcement and intelligence, and in its own right to help protect civil society.

Which makes it great news that our Awards entries represent such an outpouring of talent and ingenuity in helping counteract and outsmart our adversaries. This year has seen an exceptionally high standard of entries, with some of the highest scores ever. Echoing this season’s Premier League football fight, where the runners up, Liverpool, were beaten by a single point, several of our highly commended had scores that would have won in any other year.

But just as Manchester City had to be truly outstanding to con-quer, so too did our winners tonight, who are at the top of their game, pushed all the way by a breadth of fantastic talent across the industry. Which makes all of the neutrals in the Awards stakes, the end users of our industry’s products and services, the true winners, reaping the benefits of such a tremendous achieve-ment by our finalists.

All our finalists are top performers in their sector, worthy of a place in the Champions League of cyber-security, but our winners have achieved the ultimate accolade of being the best in their field.

Congratulations to you all!

– Tony Morbin, Editor-in-chief, SC Media UK

SC AWARDS 2019 EUROPE 3

2019 SC Awards EuropeThe Judges

Mo AhddoudChief Information Security Officer, SGN

Stephen BonnerPartner, Deloitte UK

Jane FranklandManaging Director,Cyber Security Capital

Paul HeffernanChief Information Security Officer, Revolut

Mark HughesSenior Vice President & General Manager,Security, DXC Technology

Neira JonesNon-Executive Director, Cyber 1

Timothy LansdaleHead of Card Scheme Commercial Agreements, Worldpay

Mike LoginovChief Executive Officer & CSO, Ascotbarclay

Troels OertingHead of the World, Economic Forum Centre,

Emma PhilpottFounder and Manager UK, Cyber Security Forum

Pamela RüstemVice President of Strategic Alliances, ISSA UK

Raj SamaniChief Scientist, Mcafee

Daniel SchatzCISO, Perform Group & DAZN

Sarb SembhiCTO & CISO, Virtually

Martin SmithSASIG, Chairman & Founder, The Security Company

Quentyn TaylorDirector of Information Security, Canon

Marc WhiteChief Security Officer, Optomany


SC Media UK thanks all sponsors for their generous support of the 2019 SC Awards Europe. This event, which helps raise professional standards in the information security industry worldwide, was made possible thanks to their involvement.

CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver real-time protection and actionable intelligence from Day One.

Neustar offers industry-leading security solutions. SiteProtect NG is the largest, dedicated DDoS mitigation network worldwide with 10+ Tbps of scrubbing capacity. Complemented by Neustar’s robust WAF, it protects against all types threats including attacks at the application layer. Widely recognised as the leading provider in DNS services, Neustar guarantees 100% uptime for some of the world’s leading brands. Whilst its IPI data enables its customers to maintain compliancy, mitigate cyber security risks and capitalise on marketing spend.

The people we all rely on to make the world go round – they rely on Thales. Our customers come to us with big ambitions: to make life better, to keep us safer. Combining a unique diversity of expertise, talents and cultures, our architects design and deliver extraordinary high technology solutions. Solutions that make tomorrow possible, today.

From the bottom of the oceans to the depth of space and cyberspace, we help our customers think smarter and act faster - mastering ever greater complexity and every decisive moment along the way. With 80,000 employees in 68 countries, Thales reported sales of €19 billion in 2018.

2019 SC Awards EuropeThe Sponsors


SC AWARDS 2019 EUROPE

Finalists 2019• Flowmon Networks• Attivo Networks• Bitdefender

WINNERF-Secure

The faster you can identify and contain suspicious activity, the smaller the damage to your business.

F-Secure Countercept is a fully managed service which is designed to detect the most skilled attackers within minutes, with around-the-clock coverage. It gives you a small number of filtered and accurate detections, enabling you to respond to real threats with actionable guidance from security experts.

Countercept was designed from the ground up to detect the most skilled attackers using non-malware techniques, and due to a 24x7x365 threat hunting service, customers can respond to those threats within a thirty-minute timeframe. These thirty minutes include initial investigation, false-positive filtering, and prioritisation. The objective is to provide actionable, insightful guidance as part of the alert. Unlike many other solutions

on the market, customers are always able to start incident response activities as soon as an anomaly is detected.

F-Secure Countercept as a managed detection service doesn’t require the resourcing of an in-house team of cyber-security experts working 24/7 while there is a shortage of cyber-security talents. The existing IT team can focus on other more value-adding areas instead of continuous monitoring, and only step in when a human-verified advanced threat has been identified.

Countercept is designed to provide an instantaneous, tangible roi and low overhead for customers. As it offers threat intelligence and security experts as part of that service, it further allows businesses to gain capabilities needed for detection and response - which are critical when securing against cyber-crime and to meet new regulations, such as GDPR and NIS in Europe.

BEST ADVANCED PERSISTENT THREAT (APT) PROTECTION

WINNERDuo Security

Duo Security provides a simple solution to a complex problem: ensuring only trusted users and trustworthy devices can access vital applications and services.

To streamline and strengthen authentication, Duo removed the need for the complexity of hard-ware tokens, as well as insecure SMS passcodes and passcode generators. Instead, it started with a patented system of push-based two-factor authentication (2FA), leveraging end users’ mobile phones as the authenticator through an easy-to-use applica-tion with end-to-end encryption.

Duo also addresses the com-plexity of modern IT environ-ments with its mix of mobile, BYOD and cloud-based devices. Agent-free telemetry provides rich device data to check the se-curity posture of user endpoints, and policies to block access from risky devices, protecting against malware or compromised endpoints.

2FA solutions are often expen-

sive, typically requiring a large investment up front just to get the solution up and running - not in-cluding renewal fees. Duo’s SaaS architecture enables customers to realise the most upfront value with no hidden costs, thanks to easy deployment, a simple subscription model, automatic updates with patch management and live support at no extra cost. The company’s transparent pay-as-you-go offering is billed monthly or annually on a per-user basis.

Duo’s allows organisations to consolidate security tools and dashboards to realise further savings. Duo aggregates and centralises all data into a single dashboard, allowing customers to gain visibility into mobile device and secure BYOD devices with-out agents. This reduces the need for multiple dashboards and tools to gather multi-platform device data, and often replaces the need for traditional Mobile Device Management (MDM) technolo-gies. IT can then use their budget for innovation, rather than infra-structure management.

BEST AUTHENTICATION TECHNOLOGY

Finalists 2019• Highly Commended: WatchGuard Technologies• OneSpan• IDnow• Cyxtera• Gemalto



WINNERHPE Aruba

Finding stealthy threats inside the network from compromised, negligent and malicious users and entities is challenging. These unknown threats are a high priority because they have evaded traditional security solutions and are active inside a network surveying and mov-ing laterally to maximise their cyber-attack results.

Aruba IntroSpect UEBA uses AI and advanced analytics to detect anomalous activity and evaluate whether that indicates a threat. Behaviours of each user, peer group and entity (i.e., systems, devices, IoT, anything with an IP address) are continu-ously monitored and evaluated. Comprehensive individual “risk scores” prioritise alerts. Comprehensive individual “risk profiles” provide complete granular context to speed investigation and response. This enables efficient and effective threat detection, prioritisation, investigation, and response at

enterprise scale.IntroSpect has more than 100

AI-based models to address at-tacks and kill chain activity such as phishing, ransomware, lateral movement, data exfiltration, C2, account takeover, account abuse, password sharing, and privilege escalation.

IntroSpect detects attacks by spotting small changes in behaviour that indicate an attack is active on the inside of an infrastructure. These can be comprised of many smaller actions that occur over long pe-riods of time and are difficult to detect because they can involve compromised users and hosts using legitimate credentials to access corporate resources. IntroSpect uses AI and analytics to automatically detect and evaluate anomalous and mali-cious behaviour. Over 100 ma-chine learning models are built in. This ensures prioritised, high fidelity alerts.

Incident Investigation is dramatically accelerated using comprehensive and continuous risk scoring.

BEST BEHAVIOUR ANALYTICS/ ENTERPRISE THREAT DETECTION

WINNERSendSafely

SendSafely is an end-to-end encrypted file transfer microser-vice. its drop-in file transfer capabilities seamlessly integrate into existing apps and work-flows, allowing you to quickly add inbound and outbound encrypted file transfer to any app with minimal custom code. its embeddable libraries provide automatic key generation and file encryption, and its file delivery platform handles automatic recipient authentication ensuring only authorised users can access the transferred files.

The microservice is an embed-dable widget that can be added to any website or web applica-tion and connects with popular third-party platforms like Sales-force and Zendesk. its Zapier App lets you connect SendSafely to over 1,000 platforms, incor-porating secure file transfer into virtually any workflow. Common use cases are securing GDPR Data Subject Access Requests, Customer Onboarding, KYC,

and the customer support process.

The SendSafely file transfer microservice allows you to easily implement end-to-end encryp-tion, which is widely recognised as the best way to protect information from unauthorised disclosure without specialised security knowledge. its platform operates in a secure by default state and does all of the techni-cal heavy lifting with regards to encryption, allowing your developers to spend time on what they do best.

Usability is everything. its secure file transfer microservice integrates seamlessly with the websites and apps you already use. The technology is conve-nient and user friendly.

Peace of mind is priceless. Nobody likes uploading scanned personal documents and other sensitive data to the internet. If you require this information is a high priority.

BEST CLOUD COMPUTING SECURITY SOLUTION

Finalists 2019• Highly Commended: Vectra• Gurucul• Fidelis Cybersecurity• Proofpoint

Finalists 2019• Highly Commended: Symantec• Barracuda Networks• N2WS, a Veeam Company• Thales eSecurity



WINNERProofpoint

Proofpoint offers its custom-ers dedicated 24x7x365 global support online and from mul-tiple global support centres.

Proofpoint’s Customer Support Center provides complimentary access to a comprehensive set of online services, including installation documentation, downloadable manuals, user-oriented manuals, solution-specific training videos, learning modules, time-tested best practices, and a robust knowledge base informed by Proofpoint’s community of us-ers and support team featuring thousands of searchable articles and discussion boards.

Customers can search the Customer Success Center to find quick effective answers and ac-cess understandable knowledge base articles, admin guides, and news articles, in addition to the documentation listed in the previous answer. The support site contains six easy-to-navigate topical sections, as well as a search option, and content

ranges from broad technology insights to targeted solution-oriented guides. This resource is now available to customers outside of the Proofpoint portal.

Proofpoint actively monitors the accessed documents and consistently sees a positive re-sponse. The portal personalises and recommends relevant in-formation for users based upon ticketing system data to ensure relevancy. Customers can also subscribe and view news chan-nels, view training schedules, and support guidelines.

Indicating effectiveness of content and quality of service, Proofpoint regularly scores well above the industry average in third party customer surveys, with a 93 percent satisfaction rating. Similarly, 80 percent of support cases are successfully closed by first-level support engineers.

Proofpoint believes a proac-tive approach to customer service is the key to success, which is why the company offers additional consulting services and professional expertise at no added charge.

BEST CUSTOMER SERVICE

WINNERDigital Guardian

DLP solutions both protect sensitive data and provide insight into the use of content within an enterprise. Since few enterprises classify data beyond public vs. everything else, DLP helps organisations better understand their data, and improves their ability to classify and manage content. These capabilities are essential to resource-strapped security teams, who need to know where their company’s most sensi-tive data resides and how it’s used – warding off internal and external threats.

The Digital Guardian (DG) Data Protection Platform, powered by the new Digital Guardian Analytics & Reporting Cloud (DG ARC), delivers the feature consolidation enterprises require to provide data protec-tion from all threats: an industry-first that prevents data loss at the endpoint, network and in the cloud while leveraging the same endpoint agent, network sensor and management console. This

approach streamlines the level of effort and number of resources required to manage an effective data loss prevention programme.

Digital Guardian is the first and only solution to unify DLP and Endpoint Detection & Response (EDR), which is made possible with the Analytics and Reporting Cloud (ARC). The visibility granted by ARC technology powers security analyst-approved dashboards and workspaces to enable DLP and EDR all within the DG Data Protection Platform. This technology consolidation detects all threats and stops data exfil-tration from both well-meaning and malicious insiders as well as external adversaries.

New User Entity Behaviour Analytics (UEBA) capabilities supplement data classifica-tion and rule-based policies so the Digital Guardian Data Protection Platform can deliver advanced analytics and anomaly-based detection to give deeper insight into suspicious activities surrounding sensitive data.

BEST DATA LEAKAGE PREVENTION (DLP) SOLUTION

Finalists 2019• Highly Commended: Symantec• Clearswift• Proofpoint • CoSoSys

Finalists 2019• Highly Commended: Barracuda Networks• Mimecast• Clearswift • SysGroup PLC• Forescout



Finalists 2019• Highly Commended: FireEye• Proofpoint • Libraesva Limited• Egress• Trustwave

WINNERMimecast

Email continues to be the dominant business communica-tion tool but is also prone to hardware failure, human error and cyber-attack. Operational dependency on Microsoft Office 365 is also accelerating, creating new challenges for cybersecurity professionals when something goes wrong.

Mimecast provides an inte-grated vision of comprehensive security controls before, con-tinuity during, and automated recovery after an attack.

As a 100 percent cloud-based service, customers do not face scalability issues or the need to manage updates.

For the typical organisation the cost of the service is ap-proximately £2/user per month and requires a part time admin-istrator to configure and manage the customer’s use of the service on an ongoing basis.

Additional value can be derived from Mimecast’s API partner programme that helps enterprise organisations and

systems integrators to add email analytics to SIEMs and SOCs. Mimecast integrations include Splunk, LogRhythm and QRa-dar, meeting a growing demand for tighter integration, threat intel correlation to improve detection and response.

One retail management customer used Mimecast’s cloud-based email archiving, providing an annual cost saving of £55,000 and slashed admin time on Exchange Server main-tenance from 20 percent to five percent. A major bakery chain used Mimecast to streamline email archiving and retrieval, saving them over £75,000 on replication infrastructure.

BEST EMAIL SECURITY SOLUTION

Finalists 2019• Highly Commended: CounterCraft• Fidelis Cybersecurity• Attivo Networks

WINNERIllusive Network

Stealth attackers within the network—insiders or outsid-ers—must investigate the environment, identify targets, and move methodically from one system to another to reach them. For decades, SOC teams have struggled to efficiently and ef-fectively remove these stealth at-tackers before they cause serious damage. Illusive stops attacks by disrupting the human decision-making process behind lateral movement. Illusive: 1) proactively hardens the network by removing excess credentials, connections, and pathways to critical assets; 2) detects attackers early in their journey by planting fake data on endpoints that trigger alerts when activated, and 3) simplifies inci-dent response by compiling real-time, human-readable forensic data from endpoints and decoy systems where the attacker is operating. Central machine learn-ing and visibility tools streamline SOC activity by automating deployment and management of deceptions, pinpointing pathways

that pose the greatest risk to critical systems and showing attacker location in relation to the organisation’s “crown jewels.”

To protect complex, evolving businesses, security leaders invest in a vast array of security controls and detection technologies. They flood the SOC with data, making it impossible for most security teams to discern what’s important. Because they’re cum-bersome to tune and maintain, it’s difficult to achieve results and evolve defences as the business evolves. Meanwhile, attackers thrive in the noise and “live off the land,” using native connectiv-ity to avoid detection, leaving the organisation subject to major cyber-incidents. By combatting the lateral movement process itself—rather than detecting spe-cific indicators-- Illusive provides a simple, direct, and easy-to-oper-ate platform that stops attackers who bypass perimeter defences even as threats rapidly evolve, and helps teams focus on security activity that matters most to the business. Powered by automation and machine learning

BEST DECEPTION TECHNOLOGY



WINNERSymantec

Today’s enterprise has an ex-tremely heterogenous endpoint en-vironment which brings increased security challenges (e.g. access to the cloud, mobile devices and BYOD). This diverse and complex endpoint environment is being exploited by attackers. Attackers find unmanaged or unknown devices to initiate an attack, and design how to compromise other valued assets.

Attackers, today, are dynamic adversaries that employ multiple attack modes. For example, Man-in-The-Middle attacks that move upstream from the endpoint; Microsoft Active Directory-based lateral movement attacks; or using file-less, content-based techniques.

Symantec Complete Endpoint Defence, with Symantec Endpoint Protection as the core, offers the only single-agent, open manage-ment platform capable of provid-ing the prevention, detection, response, and hardening capa-bilities customers need to protect across the threat continuum, in a way that is smart, automated, and

adaptable to support each phase of the endpoint threat lifecycle. All of this backed by market leading AI tools.

As the challenges of endpoint security have grown more com-plex, the pool of cyber security talent has not kept up. This has created a difficult situation for IT departments, caught between the needs of the business and an increasingly complex security environment.

Symantec’s Complete Endpoint Defence solution can consolidate endpoint security tools, reduce management complexity and improve operational efficiency without sacrificing endpoint security.

Symantec Complete Endpoint Defence delivers interlocking defence against a variety of attack vectors and methods. ML and AI enable Symantec’s advanced device and cloud-based detec-tion schemes to identify evolving threats, across device types, op-erating systems, and applications. Symantec provides the detection, prevention, response, and harden-ing capabilities to protect across the threat continuum.

Finalists 2019• Highly Commended: CrowdStrike• Cybereason• FireEye• Webroot

BEST ENDPOINT SECURITY

Finalists 2019• Highly Commended: Senseon• IDECSI• Barac• Arxan Technologies

WINNERempow

empow is a new kind of intent-based SIEM (or i-SIEM) that serves as an active “brain” behind security infrastructure, detecting cyber-attacks and orchestrating adaptive investigation/mitigation actions in real time, without the need for human-written rules. Using true artificial intelligence (AI), including natural language processing (NLP), machine learn-ing and cause-and-effect analyt-ics, empow automatically under-stands threat intent, finds actual attacks hidden in the “noise,” and marshals the right security tools for incident response.

empow uses true AI to do what normally requires a large, experi-enced team of threat researchers, security operations analysts and incident responders to complete. This enables organisations who can’t afford a traditional SIEM or a SOC team to get SOC-class security. SOC teams can reduce their security operations costs and improve effectiveness by freeing analysts to focus on the attacks that really matter.

empow says all SIEMs other than empow’s require human-written, static correlation rules to detect advanced attacks. While this approach worked just fine in the simpler days of security, it quickly became obsolete with the advent of internet comput-ing. Additionally, the infamous, artisan basement hackers from the 1990s have evolved into automated, machine-generated attacks, increasing attack velocity and effectively making every threat “brand new.”

In this world, cyber-criminals will always have the upper hand because 1) human-written rules are only effective against known attacks and 2) humans cannot write or update rules as fast as machines can change attacks.

empow says it is the only SIEM vendor that is using true AI and causal analytics, rather than cor-relation rules, to detect, validate and prioritise attacks. By auto-mating the detection, analysis and response process, customers can detect, confirm and stop both known and unknown threats before they cause harm.

BEST EMERGING TECHNOLOGY



Finalists 2019• Highly Commended: SailPoint• My1Login• Auth0• OneLogin• IBM

WINNERPing Identity

The Ping Intelligent Identity Platform delivers secure and seamless access to all cloud, mobile, SaaS and on-premises applications and APIs. The plat-form includes PingID, PingAc-cess, PingFederate, PingOne, PingDirectory, PingDataGov-ernance and PingIntelligence for APIs, which uses artificial intelligence to detect and block API attacks.

Identity is a business impera-tive for enterprises looking to keep their corporate data safe. Organisations must ensure that only approved employees, partners and customers can ac-cess the right applications. Ping Identity focuses on authenticat-ing users and authorising access to resources versus protecting the endpoint. Users love Ping’s simplified identity experience, which speeds up productivity, the supply chain and customer transactions.

Ping manages identity and profile data securely; provides strong password management

tools and federated single sign-on capabilities; manages access security for both cloud and on-premises applications from a single management point; provides advanced multi-factor authentication capabilities and allows for auditing and discov-ery of any potential compliance violations.

Built on a foundation of open standards, Ping Identity’s solutions have been developed from the ground up to support the demanding needs of large enterprise customers and SMEs. It offers a complete IAM solu-tion for enterprise hybrid IT environments covering authenti-cation, federation, authorisation, auditing and account manage-ment. Ping is also believed to be the only IAM provider to solve identity challenges for enterprises in all stages of cloud adoption, whether they’re 100 percent in the cloud, on-premis-es or hybrid environments. Most recently, Ping says it became the first company to leverage artificial intelligence to secure API infrastructures in public and hybrid clouds.

BEST IDENTITY MANAGEMENT SOLUTION

Finalists 2019• Highly Commended: CyberArk• Forescout• Tenable• Palo Alto Networks• Vectra

WINNERProofpoint

By using the cloud, Proof-point can cost-effectively deliver services at scale to its entire customer base that would otherwise be impossible to deploy were they developed as on-premises solutions. The malware and phishing analysis systems (i.e., sandboxes, static analysis, protocol analysis, machine learning classifiers, etc.) are built at a scale that would be out of reach for all but the largest of enterprise or-ganisations. This cloud-based infrastructure effectively drives a low total cost-of-ownership, with no compromise to scale.

Threat actors are increas-ingly targeting people, not infrastructure, and the cloud is changing protection needs. Over 99 percent of all targeted attacks rely on users to activate them. Unlike security teams, cyber-criminals aren’t focused on infrastructure—they are focused on your people—and email is the top threat vec-tor for launching targeted

malware, phishing, and fraud attacks.

To help organisations iden-tify their Very Attacked People (VAPs), Proofpoint provides world-class phishing, email fraud, and malware detection and prevention, along with email authentication, email DLP/encryption, and response orchestration/automation for email incidents and data leaks.

Proofpoint processes more than five billion emails per day and its Nexus Threat Graph encompasses hundreds of bil-lions of correlated data points ensure protection. its multiple analytical techniques cover malware (including sandbox-ing, static, and protocol analysis), phishing (including machine learning-powered classifier and credential phish-ing kit detection), and email fraud (including a machine learning-powered “impostor classifier” and domain spoofing and typosquatting prevention).

BEST ENTERPRISE SECURITY SOLUTION



Finalists 2019• Highly Commended: Origin Comms• Wandera• Cyxtera• OneSpan

WINNERArmour Comms

Interception of mobile phone calls/messages is now much easier and a lucrative source for spear-phishing, commercial espionage and disruption to national security.

Consumer messaging apps claim to be secure and are widely used throughout enterprise markets, however, while encrypted, they are still vulnerable to attack. In addition, they may hold customer data offshore, in a cloud controlled by a multi-national social media company interested solely in monetising its customers’ information by selling advertising.

Enterprises of all descrip-tions need a professional, se-cure alternative to ensure that they meet their governance requirements under GDPR and other industry regulations to protect corporate data.

Armour Mobile provides functionality and ease-of-use of consumer apps (WhatsApp,

Viber etc) with added security. Armour’s technology has been approved by NCSC, FIPS, NATO. It provides a commu-nications platform that secures calls, messages, video and con-ferencing between endpoints, using standards-based crypto-graphic mechanisms. The calls, messages and attachments are encrypted end-to-end.

Unlike consumer-grade apps where customer data may be held offshore (and mined for marketing opportunities), Ar-mour Mobile is a subscription service, where the end-user organisation keeps control of its own data.

Amour Mobile protects data at rest as well as in transit in-cluding data held in messages and attachments. The sender can optionally set the time for messages to automatically delete after the recipient has read them.

Armour Comms says it is the only UK-based company with NCSC approval for its technol-ogy and is a founding member of Secure Chorus.

BEST MOBILE SECURITY SOLUTION

Finalists 2019• Highly Commended: IBM• NETSCOUT• Datto• CNS• Digital Guardian

WINNERBT Security

BT has more than 70 years’ experience on the frontline of cyber-security. It is believed to be unique amongst MSSPs in having an integrated inter-nal and commercial security team. It walks in the shoes of the CISO, dealing with over 125,000 cyber-attacks a month. The same experts who protect its business against the most determined and well-resourced criminals and nation states also protect its customers.

It is truly global, operating in 180 different countries with a 3,000 strong team and 15 SOCs. It has an unrivalled view of the threat landscape from mining its global network. It combines this with threat feeds and intelligence provided by its partnerships with law enforce-ment (Interpol and Europol) and the NCSC to deliver unique security intelligence for its customers.

As an integrator rather than a manufacturer of technology,

customers value its vendor-agnostic stance and neutral advice to help them capitalise on previous investments and find the right partner for their journey.

Its cloud services enable customers to collaborate with confidence across the business, ensuring that the right people can access the right resources wherever they are. Custom-ers can benefit from the faster internet connections, flexible infrastructure and increased resilience that moving to the cloud offers without increasing their exposure to breaches.

BT’s cyber-services reduce the time it takes customers to detect and mitigate threats. Using big data techniques and visual analytics to automate security processes and increase the productivity of security teams.

Its compliance services en-able customers to safeguard the reputation and legal position of their business and brand.

BEST MANAGED SECURITY SERVICE



Finalists 2019• Highly Commended: Bob’s Business• CREST• Red Goat Cyber Security• ISACA• (ISC)2

WINNERSecure Code Warrior

Secure Code Warrior is a proven suite of secure cod-ing tools within one powerful platform, assisting organisa-tions to shift the focus from security reaction to prevention. It empowers developers to secure the code they write from the start, using cutting-edge, gamified training that is relevant and based on real-world source code. The platform also includes Sensei, a real-time security coaching solution installed in the developer’s IDE to monitor, share knowledge and auto-cor-rect coding mistakes that lead to security vulnerabilities.

Its integrated suite of secure coding training moves the focus from reaction to prevention, helping developers to code se-curely and at the speed of agile and DevOps innovation. Gami-fied, hands-on training and tournaments drive engagement and retention, and the platform includes self-paced learning and assessments for every skill

level. SCW makes security an exciting, positive experience, impacting how developers think and behave. With a security-first mindset, they can become their organisation’s first line of defence from cyber-threats.

SCW empowers developers to code securely, reducing the number of common vulnerabili-ties and enabling faster, security-driven code, which improves the relationship between security and development teams.

Sensei is its novel secure coding tool, offering instant security policy compliance through real-time coaching, information sharing, reporting, and auto-correction. It works as a knowledge base, guiding developers on AppSec best practice as they craft code.

This distinctive approach empowers developers to code securely, achieve rapid improve-ments in security compliance and consistency, as well as a better quality and speed of code writing. The more teams use the tools in its platform, the better they’ll become at secure coding.

BEST PROFESSIONAL TRAINING OR CERTIFICATION PROGRAMME

WINNERCybSafe

CybSafe replaces tick-box awareness training with software that provides GCHQ-accredited training content and other scientifically-proven, data-driven human cyber-risk interventions. Fusing psychol-ogy and behavioural science with artificial intelligence and data science, CybSafe trans-forms cyber-security and data protection awareness, behaviour and culture.

The cloud-based SaaS soft-ware intelligently applies neuro-linguistic programming (NLP) techniques and data analysis and evolves through machine learning and the user’s learn-ing preferences. This makes CybSafe’s modular awareness training much more effective and increasingly personalised to the individual over time. Users get support at the right time, in a way much more likely to influ-ence behaviour.

The advanced reporting and analytics dashboards make

it easy to track impact and progress, areas for improvement, and return on investment. This enables administrators to easily report the type and location of risk and vulnerabilities, and to explore opportunities with deci-sion makers.

CybSafe’s goal is to redefine cyber-security awareness and enable organisations to use science, data and advanced tech-nology to address cyber-risk. At the same time, CybSafe intends to become the world’s leading data analytics company focused on human cyber-risk.

To achieve this, the CybSafe team has built what it says is the world’s first truly intel-ligent cyber-security awareness platform, which uses data and behavioural algorithms to provide personalised training and human cyber-risk interven-tion. Over time, the software becomes increasingly effective at changing user behaviour.

Alongside this focus, CybSafe aims to build a community of people passionate about human cyber-security.

BEST NEWCOMER SECURITY COMPANY OF THE YEAR

Finalists 2019• Barac



Finalists 2019• Highly Commended: DVLAe• Lloyds Banking Group• Bank of England• Burberry• Anglo American

WINNERICON Clinical Research

The security team through responding to cyber threats and supporting the business has been able to garner support to build a global team which is divided into 3 pillars of Infor-mation Security, Cybersecurity Operations & Security Architec-ture. This allows the team as a whole to safeguard the environ-ment and perform business as usual activities while providing the information security assur-ance and security architecture services required to support and grow the business. This struc-ture has seen the security team achieve security standards such as ISO27001:2013 and cyber-essentials and provide assurance to its customers on a regular basis. By providing security services to a high standard, sup-porting the business in projects and supplier relationships and communicating & advising on cyber security risks the security team has been able to harvest the trust of business divisions,

senior leadership and facilitate continued investment in the security programme.

ICON has established an Information Security Council, consisting of the heads of the business units, to ensure that the business and security are aligned as the organisation continues to grow and evolve. Active involvement on the part of leadership has resulted in a vested interest in information security that is being driven from the ‘top down’ – benefiting the organisation as a whole.

As security is engrained in so many business processes, there is regular and constant collabo-ration between the security staff and colleagues. For instance, the security team work with the business throughout a project’s life cycle to ensure that security requirements were appropriately implemented into the project. The security team will carry out regular assessments of the busi-ness’ suppliers and vendors to ensure they have the appropri-ate security controls to protect ICON’s information.

BEST SECURITY TEAM SPONSORED BY

Finalists 2019• Highly Commended: AlgoSec• Proofpoint• Information Risk Management (IRM)• Tufin

WINNERTripwire Inc

Tripwire Enterprise is a security configuration management (SCM) suite that provides fully integrated solutions for policy, file integrity and remediation management. Organisations can use these solutions together for a complete end-to-end SCM solution or use its file integrity monitoring or policy management solutions on their own to address today’s pressing security and compliance challenges, while building a foundation that positions them to address tomorrow’s.

For regulatory compliance, Tripwire Enterprise establishes and maintains consistent compliance agent- based and agentless continuous configuration assessment against over 1000 combinations of platforms and security and compliance policies, standards, regulations and vendor guidelines. Its Policy Manager capability also offers complete policy customisation, waiver

and exception management, automated remediation options, and prioritised policy scoring with thresholds, weights and severities. It does all this while providing auditors with evidence of compliance and making policy status highly visible and actionable for compliance teams.

Changes to configurations, files and file attributes throughout the IT infrastructure are just part of everyday life in enterprise organisations. But hidden within the large volume of daily changes are the few that can impact file or configuration integrity. These include unexpected changes to attributes, permissions and content, or changes that cause a configuration’s values, ranges and properties to fall out of alignment with compliance policies. To protect critical systems and data, you need to detect all changes, capture details about each instance, and determine if a change introduces security risk or non- compliance. Time is saved using automated continuous auditing.

BEST RISK MANAGEMENT/REGULATORY COMPLIANCE SOLUTION



Finalists 2019• Highly Commended: Redscan• AT&T Cybersecurity• CensorNet• Malwarebytes

WINNERWatchGuard Technologies

WatchGuard’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplic-ity, making WatchGuard a suitable solution for SMEs and distributed enterprises.

The WatchGuard Firebox M270 is designed specifically for small to medium sized en-terprises companies with up to 500 users. Watchguard reports that according to independent testing by Miercom, the M270 is the industry’s fastest entry-level rack-mounted appliance when running full UTM services, outperforming competitive products by up to 82 percent.

With fewer specialised in-house IT specialists and re-sources, the M270 offers SMEs enterprise-grade protection, that is easy to deploy and manage at a price point that fits their needs.

WatchGuard’s Firebox M270 delivers industry-leading throughput capable of process-ing the what it describes as ever-

rising tide of encrypted HTTPS traffic. According to Miercom, the M270 even outperforms more costly competitors’ models with the full suite of UTM security services running.

Intel Atom processors with QuickAssist Technology (QAT) give the M270 significant performance advantages and enable the appliance to run all security services offered in WatchGuard’s Total Security Suite, including IntelligentAV the company’s new AI-based antivirus service, as well as Access Portal and DNSWatch phishing protection, which were both introduced in 2018.

The M270 gives users net-work speed and enterprise-grade security services in one easy-to- manage appliance, including APT Blocker, IPS, Gateway AV, WebBlocker, App Control, DLP, Reputation Enabled Defence, Mobile Security, Network Dis-covery and SpamBlocker, using best-of-breed technologies.

WatchGuard Dimension provides administrators with complete visibility and insight into threats at the perimeter.

Finalists 2019• Highly Commended: Rapid7• IBM• Securonix• LogRhythm

WINNERExabeam

For many recent data breaches demonstrate that traditional SIEM, as a security management solution, is broken. Attacks using stolen/misused passwords are on the rise, with companies struggling to detect them effectively. Exabeam’s Security Management Platform (SMP) decreases the risk of cyber-threats for any organisation. It incorporates a new approach to data protection, relying on modern analytics, automation, and human expertise.

Traditional SIEM products are often no longer able to detect credential-based attacks, whether from a hacker using stolen passwords, or from a malicious employee using their own access rights. Traditional SIEM products also limit data collection by charging by the byte. Nearly every company that suffered from a public breach in recent years had a SIEM system in place at the time. Modern security organisations deserve better. Exabeam SMP is a

security management platform that delivers on the initial “promise of SIEM”: complete visibility into modern threats and automated, intelligent response.

By offering unlimited log management at a flat cost, companies are not forced to store the minimal amount of data to avoid a large bill. They can log as much data as they want for analysis and forensic purposes.

Automated alert prioritisation creates reduces noise from false positives and low value alerts. This lets analysts focus on true positives and helps optimise existing investments like DLP

Exabeam’s patented Smart Timeline technology automates incident investigation thus automating a task that takes as much as 70 percent of analyst time. This vastly improves productivity for each FTE.

Exabeam SMP’s security orchestration and automation provide fully or semi-automated response to incidents through the use of pre-built APIs and response playbooks - this reduces human error and response times.

BEST SIEM SOLUTION BEST SME SECURITY SOLUTION



WINNERSymantec

Symantec’s Global Intelligence Network is believed to be the largest of its kind parsing over nine trillion telemetry points. The amount of data is beyond the capacity of humans to analyse, or correlate with activity on a customer’s network.

Symantec Targeted Attack Analytics (TAA), leverages Symantec’s telemetry dataset and Attack Investigator Team to create artificial intelligence (AI) and machine learning (ML) algorithms that expose attack patterns occurring in the customer environment.

TAA uses enterprise and cross-enterprise telemetry from all termination points (endpoint, proxy, email and cloud) to train advanced AI. Rather than spending months attempting to manually investigate attacks, TAA has a holistic view of both the customer’s company and that firm’s industry to determine the source, scope and impact of an attack in hours.

TAA’s delivery as a cloud-

based analytic service enables the frequent re-training and evolution of analytics to adapt to new attack methods with no product updates.

Traditional breach detection captures isolated scans from organisation-wide termination points. Because this approach doesn’t provide global visibility, customers must manually correlate these scans and integrate them with limited threat intelligence sourced from external feeds. Also, because most organisations don’t have the expertise to design AI algorithms, nor skilled threat researchers investigating attack groups, they incur threat visibility gaps, higher false positive rates, longer threat dwell times, and less precise detections. Traditional breach detection can easily miss the most dangerous threats to organisation.

TAA leverages event data from all its customer termination points. Its data scientists continually develop new AI algorithms that run on this data lake.

WINNERSophos

The rapid growth of complex coordinated threats is outpacing the ability of many organisations to protect themselves. Point products can stop individual elements of an attack, but they don’t work together to protect your data, devices, and network from sophisticated, coordinated cyber-attacks. Organisations need a layered approach to security where products connect and share information.

Sophos Synchronised Security is a best of breed security system designed to enable your defences to be as coordinated as the attacks they protect against. By connecting with each other in real time via a Security Heartbeat, Sophos endpoint and network solutions, including Sophos XG Firewall and Sophos Intercept X Advanced with EDR, work together to predict and provide automatic threat detection and protection against threats. To maintain full vis-ibility into the threat landscape, SophosLabs tracks, deconstructs

and analyses 400,000 unique and previously unseen malware attacks for cyber-attack novelties and cyber-criminal innovation.

No other solution provid-ers on the market deliver a comparable type of synchro-nised and integrated commu-nication between endpoint and network security products says Sophos. Synchronised Security leverages best-of-breed technol-ogy, including XG Firewall and Intercept X Advanced with EDR. XG Firewall provides what it describes as unprec-edented visibility into the network, users, and applications, enabling businesses to protect themselves from advanced threats. Sophos Intercept X Advanced with EDR integrates intelligent endpoint detection and response top-rated malware detection, top-rated exploit protection and other leading unmatched endpoint protec-tion features. IT managers have on-demand access to curated intelligence from SophosLabs, guided investigations into suspicious events and recom-mended next steps.

BEST THREAT INTELLIGENCE TECHNOLOGY

Finalists 2019• Highly Commended: Exabeam• Flashpoint• AT&T Cybersecurity• EclecticIQ

Finalists 2019• Highly Commended: Vectra• Senseon• Webroot• CrowdStrike• Barracuda Networks

BEST USE OF MACHINE LEARNING/ AI



Finalists 2019• Highly Commended: Outpost24• Tenable• RiskSense• Rapid7

BEST VULNERABILITY MANAGEMENT SOLUTION

WINNERSkybox Security

Vulnerability management is about more than scan-and-patch. To focus on vulnerabili-ties most likely to be used in an attack, organisations need: A comprehensive, current and centralised repository of vulner-ability occurrences accessible on demand, encompassing vulnerabilities from on-prem, multi-cloud and OT networks; Correlation of occurrences to available and active exploits in the wild; Simulations to deter-mine vulnerability exposure within their network; Recom-mendations of best response op-tions including patches and IPS signatures, as well as configura-tions or access changes

Skybox Vulnerability Control provides these capabilities in a single solution, integrating with scanners and other deployed solutions, making their data actionable and targeting actual risk. With insight into the net-work and asset layers, Vulnera-bility Control pinpoints exposed vulnerabilities — impossible

with scanners alone.With Skybox, organisations

have a systematic approach to assess, prioritise and plan reme-diation, maximising vulnerabil-ity management resources:

It establishes a single source of truth for vulnerability occur-rences centralising results from multiple vulnerability discovery solutions deployed in traditional IT, cloud and OT networks. It simulates attacks (similar to pen tests).

It prioritises vulnerabilities by risk to the organisation (by exposure and exploitabil-ity) rather than generic/static severity scores and delivers security analyst-verified research of dozens of public and private security data sources it Identi-fies mitigation alternatives to leverage security controls when patching is impossible or undesirable and reduces false positives to near–zero levels and eliminates unnecessary patching. It also bridges gap between the intention behind investments and their actual usefulness in reducing risk.

Finalists 2019• Highly Commended: Panaseer• Netwrix• OneTrust• Radiflow

WINNERTripwire Inc

Tripwire Enterprise is a secu-rity configuration management (SCM) suite that provides fully integrated solutions for policy, file integrity and remediation management. Organisations can use these solutions together for a complete end-to-end SCM solution or use its file integrity monitoring or policy manage-ment solutions on their own to address today’s pressing security and compliance challenges, while building a foundation that posi-tions them to address tomor-row’s.

For regulatory compliance, Tripwire Enterprise establishes and maintains consistent compli-ance agent- based and agent-less continuous configuration assessment against over 1000 combinations of platforms and security and compliance policies, standards, regulations and ven-dor guidelines. Its Policy Manager capability also offers complete policy customisation, waiver and exception management, automated remediation options,

and prioritised policy scoring with thresholds, weights and severities. It does all this while providing auditors with evidence of compliance and making policy status highly visible and action-able for compliance teams.

Changes to configurations, files and file attributes through-out the IT infrastructure are just part of everyday life in enterprise organisations. But hidden within the large volume of daily changes are the few that can impact file or configuration integrity. These include unexpected changes to attributes, permissions and content, or changes that cause a configuration’s values, ranges and properties to fall out of alignment with compliance poli-cies. To protect critical systems and data, you need to detect all changes, capture details about each instance, and determine if a change introduces security risk or non- compliance.

REGULATORY COMPLIANCE TOOLS AND SOLUTIONS



WINNERPalo Alto Networks

Palo Alto Networks R&D is leading to a significant innovation in how organisations consume cyber-security capabilities. The Application Framework is cloud-based and extends the Palo Alto Networks Security Operating Platform by offering a SaaS consumption model that allows end-customers to evaluate and deploy new capabilities via security applications developed by its engineering team, as well as those built by third-party developers and other security industry vendors. Under this consumption model, customers rapidly implement cloud-based security applications without having to deploy or manage additional appliances or software agents. The framework and its third-party applications became available from August 2018 with apps from 30 plus vendors.

Palo Alto Networks is

committed to maintaining trust in the digital age. It does this by safely enabling all applications and preventing successful cyber-breaches for organisations worldwide. In part this is by how the business invests in deep cyber-security expertise, innovation (AI, automation, cloud, predictive analytics) and how it has developed a game changing security platform that is now extended through its Application Framework.

Palo Alto shares threat intelligence with other organisations including competitors. Its threat intelligence research arm Unit 42 shares intelligence with other organisations. Palo Alto Networks was also a founding member of the Cyber Threat Alliance.

Palo Alto Networks is focussed on trust in the security of the applications it relies on every day. This trust is built and protected through encouraging prevention strategies.

BEST SECURITY COMPANY

Finalists 2019• Patryk Michal Zajdel

Finalists 2019• Highly Commended: F-Secure• Sophos• Kaspersky Lab• Digital Shadows• CyberArk

WINNERElliott Simmonds, Telesoft Technologies

His interest in the cyber-security industry stems from his desire to dissect and solve problems related to technol-ogy. His interests have led him to wanting to further understand and contribute to the operation of large-scale systems and maintaining criti-cal national infrastructure. Not just because of the importance to modern society, but because the field offers a diverse range of opportunities and directions for him to follow. Due to the rapidly increasing need for and constant evolution of technol-ogy behind cyber-security, he says he knew that he needed to be well read and quick on his feet. This is something that in-spires him as a competitive and logically minded individual.

Furthermore, he is working towards becoming proficient in programming in multiple languages to the point where he can design and develop

independently, providing more informed inputs during each stage of product development in both hardware and software. During the course of his career in cyber-security, he has and will continue to study key tech-nical fundamental principles in order to find an area he can focus on and specialise in. The main contributor towards him reaching his aims is his ongoing apprenticeship at Telesoft Technologies, a small company that provides global cutting-edge cyber-security infrastructure. At Telesoft a highly specialised team of dedicated and passionate indi-viduals, create a positive work environment that will continue to nurture his progress in the field. As a member of the R&D department for over a year, he has been exposed to the development and implementa-tion of cyber-security solutions, along with maintaining and improving existing products. Working at Telesoft has given him valuable insight into the industry from all perspectives.

CYBERSECURITY STUDENT OF THE YEAR SPONSORED BY

J93162 NEU Security Ad A4.CS Awards Europe 2019_HR.pdf 1 31/05/2019 12:02



CSO/ CISO OF THE YEAR SPONSORED BY

WINNERLisa Ventura, UK Cyber Security Association

Lisa Ventura has spent the last ten years in cyber-security and has made a significant con-tribution to the industry. She started her career in cyber in April 2009 when she became the Chief Operations Officer of Titania Ltd, a leading cyber-security software development company based in Worcester in the Midlands. Through her guidance the company grew from a two-person start up to a thriving SME with a turnover of over £2million, offices and a team of more than 20 em-ployees. In addition, Ventura was responsible for a network of distributors and resellers for Titania Ltd in over 40 countries. She was a Founder Member of the Malvern Cyber-Security Cluster.

Ventura went on to form Venture Cyber Security and as a consultant she produces nu-merous cyber-security policies for companies and undertakes

training to help organisations be more cyber-aware. She also undertakes awareness raising work, white paper production and benchmark-ing report production through Venture Content Marketing, PR and Digital specifically for cyber-security and technology companies including the Boost Technology Group, Proficio, MAC Solutions, Cyber Senate, Corinium and more.

One of Ventura’s biggest achievements to date is the UK Cyber Security Asso-ciation which was formed in 2014. This is the UK’s first membership association that is dedicated solely to individu-als and companies working in cyber-security and provides cyber-security industry news, insights, reports, networking events, webinars, seminars and an annual conference.

Her book “The Rise of the Cyber Woman”focuses on the cyber skills gap and how women are rising to the forefront in the cyber security industry.

WINNERDr Stefan Lüders, CSO at CERN

As computer security officer for CERN – the internation-ally renowned research facility and home of the Large Hadron Collider (LHC), the world’s most powerful particle collider – Dr. Stefan Lüders has a vast and complex environment to protect.

CERN’s massive IT infra-structure facilitates collab-orative research among tens of thousands of scientists around the world. The organisation’s own computer centres – com-prising over 15,000 servers. storing in excess of 300PB of data – are supplemented by the world’s largest computing grid: comprised of 170 computing centres located in 42 countries, with over 750,000 CPUs.

Dr. Lüders determined that creating and staffing a traditionally structured security operations team to defend the immense attack surface was not a feasible option. Instead,

he put in place a foundation of best-in-class security solutions and focused on instilling a culture of personal accountabil-ity; where users are empowered with the knowledge and sense of responsibility to protect the organisation’s digital assets.

Despite the gravity of his role, Dr Lüders brings a unique charisma and sense of humour to his position that is both engaging and enrolling. He infuses the mission-critical dis-cipline of security with eclectic perspectives that make the topic accessible and relatable, such that colleagues are personally inspired to become involved in the fight against cyber-crime.

Given the academic nature of the organisation and its numer-ous industrial facilities, the un-derlying premise of Dr Lüders’ strategy for securing CERN is pragmatism. He embraces the unique realities of working with a group of the world’s foremost scientists and has crafted an approach that leverages their strengths and addresses any inherent shortcomings.

OUTSTANDING CONTRIBUTION

Finalists 2019• Highly Commended: Airbus• Neustar• CREST• Photobox• The Security Company (International) Limited

Finalists 2019• Highly Commended: Camelot / The National Lottery• The British Land Company PLC• CRH• FedEx Express • Legal & General

Thales-STA-ad-v3.indd 1 5/31/19 12:35 PM



Haymarket Media GroupBridge House, 69 London Road

Twickenham. TWI 3SP

Telephone: +44 (0)20 8267 8016Web: www.scmagazineuk.com

WINNERICO

Every year, SC’s Editor’s Choice Award recognises a person, organisation or initiative that has made a significant impact on cyber-security over the past year.

Clearly its GDPR, the biggest driver of cyber-security awareness and spend ever, as boards struggle to ensure compliance.GDPR has slammed the brakes on the untrammelled gathering of individuals’ data without their consent by global tech giants, with

the aim of giving control back to the data subject. It’s an EU regulation, but its remit is international, setting a global benchmark for citizens’ data rights that will not be reversed by Brexit.

In the UK the roll-out and enforcement of GDPR has been undertaken by the Information Commissioner’s Office. It has implemented GDPR, smoothly, efficiently, without fuss or complaint - a remarkable achievement. In short, it has been a success, hence the winner of the Editor’s Choice award for 2019 is the ICO.

EDITOR’S CHOICE

tuesday, 4th june 2019 - static.swipeuk.com › assets ›...

Documents