This used to be one of our most crowded categories. This year we have but one innovator because over the past three years all of our innovators in this category have gone on to the Hall of Fame. There is another reason; tools that fit this category are fewer and farther between. This is not because analysis and testing aren't necessary. They, of course, are. However, the tools that used to fit nicely in here have moved on to other categories largely due to their innovative approaches. The question, of course, is, “How can we function without these types of tools in our security kit?” The answer is that we cannot. The game has changed a lot though and the functionality that we used to see in these products has become more complicated out of necessity and has moved into other types of products.
A good example is one of the tools that moved from this category into the Hall of Fame this year. It is a forensic tool. But it is not enough today to analyze computer media. Now we have the cloud and a smart phone is as likely to have important information in a cloud storage site such as iCloud as it is to have data on the phone. And if it has data on the phone and in the cloud, what about the user's computer? That computer could be a PC or a Mac or both. It would be nice to be able to access all with a single tool. That got this innovator into the Hall of Fame but that was one more that left this category.
Our one innovator in this category this year looked at a problem and found a unique way to solve it. What the product does is not remarkable. What is remarkable is how it does it. That makes them a sort of poster-child for innovation. They took a problem, decided that it was not being addressed completely or efficiently and fixed those deficiencies. As a result, they are doing well and we expect them to make to Hall of Fame. Innovation is not just about the product or the technology. It's also about the business.
There are a lot of great product ideas that never get their time in the sun because the innovation ends with the product or the technology. Our Hall of Famers have overcome those challenges. But in the process, they also have defined the categories where innovation has, ironically, emptied the category.
High-Tech Bridge ImmuniWeb Company Name | High-Tech Bridge |
Flagship Product in this Category: | ImmuniWeb® |
Flagship Product cost | Starts at $999 per one application per year |
Web | https:// www.htbridge.com |
Innovation | Hybrid – human and automated – web and application vulnerability and penetration testing service. |
Greatest Strength | For a service that feels too human-intensive, this one certainly takes the benefits of automation and adds, as the web site says, this dimension of the human brain. This innovator's creativity, business acumen and well-deployed and conceived technology make it a winner, both here and in the market. |
High-Tech Bridge provides web and application testing services over the Internet using a combination of automated application vulnerability scanning and penetration testing by humans. Where we questioned the scalability of the pen testing turned out to be a non-issue due to the efficient manner in which the entire process is managed. Over the past year this innovator has refined the process further so that now an assessment takes less than half the time such assessments would normally take. The company has taken steps to improve automation which reduces the amount of time taken up with human-machine interaction without sacrificing the accuracy and completeness of the assessment process.
Trying to detect unknown vulnerabilities or unknown technologies can be a real challenge. You often cannot detect such anomalies as modified standard vulnerabilities but using their technology and process ImmuniWeb can. To automate the process even further and to extend it to an “always on” type of service this innovator is establishing partnerships with application firewall companies and they have zero false positives. The combination detects and sends the results to the firewall where the firewall remediates. This is part of improving customer outreach and the level of detail given to users to give them additional power.
As part of this outreach, the company has started two free online services: one to find cybersquatting and typosquatting domains and malicious sites that are abusing your web site, brand or proprietary information, and one for phishing with machine learning algorithms. The new Mobile XRay tool provides automated analysis of mobile applications.