Security Innovation of the Year 2009

Winner – WebSense

WebSense built its reputation as a market-leading vendor of URL filtering software, but has broadened its portfolio over the last few years to help its customers tackle a growing number of threats.

Technology acquisitions such as PortAuthority saw the company become an early leader in data loss prevention (DLP), while the recent acquisition of Defensio, offering blog protection, shows an increasing focus on protecting users from the multitudinous bogeys of Web 2.0.

“Around 2000, we noticed that threats had begun to migrate from email to the web, particularly with the rise of spyware and phishing,” explains WebSense technical director Mark Murtagh.

“Once we had acquired all the components, we began an aggressive integration strategy to set up the framework of a business platform that brings employees, applications and the web together.”

That framework now addressed what the company bills as essential information protection.

Key to that strategy, an approach somewhat unique among security companies, is that effective protection involves allowing the business to say ‘yes’ in a secure and controlled manner, rather than viewing it as a series of limitations placed on users.

“Our approach is: ‘how do you say yes?’,” Murtagh explains. “For example: employees should have access to social media, but you need to have the right balance. Security doesn’t have to lock down the company.”

WebSense has also developed a range of hosted services, such as email provision, in response to businesses demanding that threats and annoyances such as spam be intercepted at the boundary.

“Organisations had to gear up to deal with the rise in volumes of spam as their bandwidth took a hit,” Murtagh says. “Email is the most obvious business area to outsource security, putting the responsibility for spam filtering and security at
the provider end.”

The future of security is one which must respond to the increasingly dynamic relationship between the user and technology. Where an identical page was once served to multiple users and as such was easily blocked by a simple URL filter, explains Murtagh, “Now content is served individually; a personalised, living, breathing thing, and to respond to that you need real-time inspection.”

At the same time, organisations are looking towards web collaboration as a way of pushing productivity forward, and security companies like WebSense must play a role in freeing users to embrace the opportunities collaboration offers.

“Historically, security has been seen as an insurance concept. We believe that security is a business enabler,” Murtagh concludes.

Runner-up – VeriSign

VeriSign is one of the Internet’s most trusted security brands, and is responsible for running two of the Internet’s main DNS services: .com and .net. The company’s iDefense division is at the forefront of cyber-crime research worldwide, while its identity and authentication arm is tackling fraud head-on with an innovative shared one-time-password (OTP) network.

The latest version of the company’s OTP token can be integrated into a credit card format, and holds the potential to revolutionise the security of web commerce in the near future. “Unlike other forms of two factor authentication,” says Mike Davis, director of VeriSign Identity and Authentication Services, “the token store, the place the OTP is checked, is moved from the business that gave you the token over to VeriSign, which enables sharing with any other members of the network.”

Related Topics

Information Age Awards