GSN_HSA2017_Yearbook

The GSN 

2017 Digital Yearbook 

OF 

Homeland Security 

Awards

The GSN 2017 Homeland Security Awards

The GSN 2017 Homeland Security Awards 

Chuck Brooks, the Distinguished Judge of 

GSN’s 2017 Homeland Security Awards, agrees with 

the analysts now saying say that we are heading 

for a Fourth Industrial Revolution 

GSN: Chuck, thank you again for judging our 

most recent and very successful awards event. 

It was my real pleasure. Each year I am 

more and more impressed with the capabilities 

of the company submissions for best 

solutions. They are all top notch and at the 

innovative edge of security technologies. It 

also reassuring to review many of the new 

technologies being utilized across the physical 

and cyber spectrums for securing the 

homeland. 

GSN: Speaking of technologies, much is 

happening in the world emerging technologies. 

What are your quick thoughts as a subject 

matter expert on our new tech era? 

In my role of Chairman of CompTIA’s 

New and Emerging Technology 

Committee I get a 

window on what advancement 

is happening in both 

the public and private sectors. 

Many analysts are now 

saying we are entering a 

Chuck Brooks 

Fourth Industrial Revolution. 

I concur, these emerging technologies 

are already impacting how we live and 

work. With the advent of artificial intelligence, 

robotics, quantum computing, the 

Internet of Things, augmented reality, materials 

science, 3-D Printing, and data analytics 

the near future will be really exciting. 

We are living in an era where innovation, 

agility and imagination are all essential in 

order to keep pace with exponential tech- 

nological transformation taking place. It 

is easy to imagine potential applications 

for new technologies. For example some of 

the applied verticals in homeland security 

where I see emerging technologies applied 

in the next few years include: 

• Enhanced Surveillance (chemical and 

bio sensors, cameras, drones) 

• Improved facial recognition and 

license plate readers 

• New Non-lethal technologies 

• Counter terrorism and law enforcement 

informatics via predictive analytics and 

artificial intelligence 

• Advanced Forensics via materials 

science and supercomputing 

• Interoperable communications, 

geo-fencing, and situational awareness 

• Biometrics: assured identity security 

screening by bio-signature: Every aspect 

of your physiology can be used as a biosignature. 

Measure unique heart/pulse 

rates, electrocardiogram sensor, blood 

oximetry, skin temperature 

• Automated cybersecurity and information 

assurance 

• Robotic Policing 

That is my own future homeland security 

short list. However, even with new and exciting 

emerging technologies in the pipeline 

the new digital landscape of connectivity 

also brings a new and wide array of vulnerabilities 

and threats. 

GSN: What vulnerabilities and threats do you see 

associated with these new technologies and 

what will be government’s role in mitigating the 

threats? 

There is a security component to almost 

anything technology related. The connectivity 

of technologies, especially to the 

internet, makes everyone and everything a 

target of cyber intrusion. A good example 

is the Internet of Things (IoT). IOT refers 

to the emerging connectivity of embedded 

devices to the Internet. It is estimated that 

there will be as between 25 to 65 billon 

connected Internet devices by 2020 (depending 

on who you cite). The commercial 

Continued on next page 

4 5


and governmental IOT “landscape of sensors” 

is becoming more exponential and 

complex by the moment. Cybersecurity for 

the connected IP enabled smart devices, 

from phishing, malware, ransomware, and 

denial of service attacks is becoming more 

of a priority with each passing day. The 

breaches are already happening in both the 

public and private sectors. 

GSN: What are your thoughts on the incoming 

Administration on homeland security issues? 

I think that the appointment of General 

John Kelly at DHS is an excellent one. He 

has the integrity, dedication, and amazing 

leadership skills need for the role of Secretary 

of Homeland Security. He has always 

been admire by those who serve under him 

and I know he will be well received by the 

law enforcement community. I like the fact 

that he has stressed cybersecurity and protecting 

the electric grid during his confirmation 

hearings. Also, the appointments of 

Tom Bossert as Homeland Security Advisor 

and former Mayor Rudy Giuliani to bring 

in expertise from the private sector on 

cyber tech and applications bodes well. 

In terms of across government mitigation 

efforts, cybersecurity continues to be a lead 

focus in the Department of Homeland Security’s 

(DHS) growing role as the leading 

civilian agency for protecting government 

agency networks and in coordinating and 

collaborating with the private sector. The 

Department of Homeland Security (DHS) 

is likely to continue to expand that role in 

the new Administration. 

Lt. Gen. H. R. McMaster, President 

Trump’s choice for national security adviser, 

is seasoned with a strong expertise on 

national security threats. On the Department 

of Defense (DOD) Community side, 

General James Mattis, who brings 41-years 

of Marine Corps experience, is another 

excellent appointment. He simply gets 

things done and he will provide exceptional 

leadership and resources, especially for the 

warfighter. I also like the appointments of 

Retired Senator Dan Coats of Indiana as 

Director of National Intelligence, and Congressman 

Mike Pompeo as Director of the 

CIA. Both are respected by their colleagues 

and have deep legislative oversight experience 

on national security issues. They bring 

the necessary leadership qualities to meet 

geopolitical challenges that require sharing 

of information, threat intelligence, technologies, 

and working with multi-agency 

task forces. 

Although parameters and specifics of the 

missions at DOD and in the Intelligence 

communities differ from DHS, there still 

needs to be a collaborative effort for protecting 

the homeland domestically and 

abroad, especially with cybersecurity. I 

think that the new Administration has assembled 

a very strong and capable security 

leadership team. 

GSN: Can you update us on your social media 

and thought leadership activities? 

Yes, last year I was selected by LinkedIn as 

“One of the Top 5 People to Follow On 

LinkedIn” by LinkedIn (I was named #2). 

I now have around 32,000 first degree followers 

on LinkedIn and manage or own 12 

LI groups (mostly dealing with tech and 

security issues). I am also active on Twitter 

nearing 4,500 followers (please follow me 

@ChuckDBrooks) and on Facebook. As 

you all know, social media has become part 

of the digital fabric of how we communicate, 

operate, and conduct business in and 

out of government. 

In the recent months I have published over 

100 articles blogs. My topic areas have 

included homeland security, cyber security, 

defense, CBRNE, IT, R & D, science & 

technology, public/private partnerships, 

IoT, innovation. In addition to Government 

Security News, I have been published 

in FORBES, Huffington Post, InformationWeek, 

MIT Sloan Blog, Computerworld, 

Federal Times, NextGov, Cygnus 

Security Media, Homeland Security Today, 

The Hill, Biometric Update, CIO Water 

Cooler, Government Executive, Bizcatalyst360, 

Brink, IT Security Planet, Christian 

Science Monitor, and others. 

I have also been very active on the speak- 


6 7


ing circuit at a variety of conferences and 

events at Universities and forums over 

the past year. A couple of highlight; a few 

months back I presented at a workshop 

sponsored by The National Academies of 

Sciences, Engineering, and Medicine and 

the Federal Bureau of Investigation on 

Securing Life Sciences Data. I also spoke at 

George Washington University event about 

the Cyber Threat Spectrum along with copanelists 

John Perren, former Assistant Director, 

FBI’s Weapons of Mass Destruction 

Directorate, and Lieutenant Colonel Scott 

Applegate, Strategic Planner, J5, Cyber 

Policy Division, Joint Chiefs of Staff. I will 

be participating soon at USTRANSCOM 

Senior Leader Cyber Security Roundtable 

that will include Admiral Michael S. Rogers, 

who serves as the U.S. Cyber Commander, 

Director of the National Security 

Agency, and Chief of the Central Security 

Service. 

As always, thank you for speaking to me 

and letting me share my perspectives. GSN 

serves as an excellent media resource for all 

those active in the homeland security, cybersecurity, 

and national security fields. I 

strongly encourage others to become regular 

readers of your publication online and 

in print. 

About Chuck: Chuck Brooks is Vice President 

of Government Relations & Marketing 

for Sutherland Government Solutions. 

He has an extensive policy and technology 

background both in the public and private 

sectors. In government, Chuck has 

served at The Department of Homeland 

Security (DHS) in legislative leadership 

roles at The Science & Technology Directorate, 

the Domestic Nuclear Defense 

Organization, and FEMA (on detail during 

Hurricane Katrina). He served as a top 

Advisor to the late Senator Arlen Specter 

on Capitol Hill covering security and 

technology issues on Capitol Hill. He 

currently serves as subject Matter Expert 

to The Homeland Defense and Security 

Information Analysis Center (HDIAC), a 

Department of Defense (DOD) sponsored 

organization through the Defense Technical 

Information Center (DTIC). He also 

served in law enforcement as an Auxiliary 

Police Officer for Arlington, Virginia. In 

industry, Chuck was a Technology Partner 

Advisor to the Bill and Melinda Gates 

Foundation and he currently sits on the 

advisory boards of several corporations 

and organizations involved in cybersecurity 

and homeland security, including the 

Safe America Foundation. In academia, 

Chuck was an Adjunct Faculty Member at 

Johns Hopkins University where he taught 

a graduate course on homeland security for 

two years. He has an MA in International 

relations from the University of Chicago, a 

BA in Political Science from DePauw University, 

and a Certificate in International 

Law from The Hague Academy of International 

Law. Chuck is well recognized as a 

thought leader and subject matter expert 

on Cybersecurity, homeland security, and 

emerging technologies. In 2016, he was 

named “Cybersecurity Marketer of the Year 

by the Cybersecurity Excellence Awards. 

LinkedIn named Chuck as one of “The Top 

5 Tech People to Follow on LinkedIn” out 

of their 450 million members. Chuck has 

published dozens of articles in publications 

such as Forbes, Federal Times, Computer 

World, The Hill, Huffington Post, Government 

Technology, InformationWeek, and 

of course Government Security News on 

the technology and security topics. He is 

also a select “Passcode Influencer” for the 

Christian Science Monitor on information 

security issues. Chuck is a frequent speaker 

at conferences and events and his professional 

industry affiliations include being the 

Chairman of CompTIA’s New and Emerging 

Technology Committee, and as a member 

of The AFCEA Cybersecurity Committee. 

Chuck has also served as a judge for 

five Government Security News industry 

homeland security awards events. 

8 9


Category #1: Vendors of IT and Cybersecurity Products and Solutions 

Best User & Entity Behavior 

Analytics Solution 

Symantec – Platinum Winner 

Gurucul – Gold Winner 

Best Application Security Solution 

Waratek – Platinum Winner 

Code Dx, Inc – Gold Winner 

Sargent and Greenleaf – Silver Winner 

Bromium - Finalist 

Best Anti-Malware Solution 

Bromium – Platinum Winner 

Best Email Security/ Loss 

Management Solution 

Bromium – Platinum Winner 

Judging in this category is based on a combination of: 

• Increase in client organization’s security 

• Technological innovation or improvement 

• Filling a recognized government IT security need 

• Flexibility of solution to meet current and future organizational needs 

Best Mobile Application Security Solution 

Appthority – Platinum Winner 

Best Continuous Monitoring & 

Mitigation Solution 

DFLabs – Platinum Winner 

Netwrix Corporation – Gold Winner 

SolarWinds Worldwide, LLC – Silver Winner 

CyberArk - Finalist 

Best Physical Logical Privileged Access 

Management Solutions 

CyberArk – Platinum Winner 

Forum Systems – Gold Winner 

Best Endpoint Detection and Response Solution 

Secdo – Platinum Winnert 

Best Cyber Operational Risk Intelligence 

DFLabs – Platinum Winner 

RedSeal – Gold Winner 

RiskSense – Silver Winner 

Best identity Management Platform 

Centrify – Platinum Winner 

CyberArk – Gold Winner 

Forum Systems – Silver Winner 

Lieberman Software Corporation - Finalist 

Best Compliance/Vulnerability Assessment 

Netwrix Corporation – Platinum Winner 

Wombat Security Technologies, Inc. 

– Gold Winner 

Best Network Security/Enterprise Firewall 

OPAQ Networks – Platinum Winner 

10 11 

Best Multifactor Authentication Solutions 

Optimal IdM – Platinum Winner 

Best Security Incident and Event 

(SIEM) Management 

SolarWinds Worldwide, LLC 

– Platinum Winner 

Best Industrial Cybersecurity Solution 

Veracity Industrial Networks, Inc 

– Platinum Winner

2017 

GSN 2017 DIGITAL YEARBOOK OF HOMELAND SECURITY AWARDS RECIPIENTS 

Vendors of IT and Cybersecurity Products and Solutions 

Appthority 

2017 Platinum Winner 

Link to Web Page of Nominated Organization: 

–––––––––––––––––––––––––––––––––––––––– 

https://www.appthority.com/ 

Link to additional information: 

–––––––––––––––––––––––––––––––––––––––– 

https://www.appthority.com/solution/overview/ 

Appthority regularly updates its Mobile Threat Protection 

solution with protection from emerging threats, the latest 

EMM solution versions and features requested by customers. 

Updates provide government organizations with continuously 

updated protection from the highest risk threats 

without complicated administration requirements. 

Awards Category: 

–––––––––––––––––––––––––––––––––––––––– 

Best Mobile Application Security Solution 

Reason this entry deserves to win: 

–––––––––––––––––––––––––––––––––––––––– 

Appthority delivers mobile security solutions purpose-built 

for the needs of government organizations. Appthority 

has been the trusted mobile security provider of multiple 

domestic and foreign government organizations including 

the USDA, the Department of Veterans Affairs, the Department 

of State, and the European Commission. 

Appthority pioneered scalable and automated mobile 

threat detection and thoughtfully designed features and 

workflows that improve overall security posture while making 

it easier to manage the speed, scale and complexity of an 

organization’s mobile security. Appthority’s comprehensive 

Mobile Threat Protection solution continuously defends 

government organizations and delivers complete visibility 

into the risks of data breaches, losses and leakage tied to 

today’s mobile workforce. The result is stronger security, 

continuous compliance and significantly reduced risk of 

costly breaches. 

Appthority MTP provides the best protection and deepest 

app analysis - identifying mobile app, back-end, and 

ecosystem vulnerabilities, options for protecting PII and 

employee privacy, and powerful policies that can be customized 

to fit corporate needs. Built with busy security teams 

in mind, the solution also automates manual processes, 

provides automatic malicious threat protection, and one-day 

deployment with an agentless mode that enables immediate 

visibility and protection against mobile app threats. 

Appthority MTP is the only solution that fully protects 

government agencies from mobile threats to enterprise data 

and privacy. 

Key benefits include: 

- Deepest app analysis: Appthority MTP is years ahead of 

competing solutions with its patented technology that goes 

beyond simple malware yes/no to identify app, backend, 

and ecosystem vulnerabilities - the largest and fastest growing 

area of mobile risk. 

• Fastest path to visibility and protection: with an agentless 

deployment option, Appthority MTP can be up and 

running within just a few days, providing visibility and 

protection from mobile app threats without having to install 

an agent on every device. 

• On-prem EMM integration: MTP is the only solution 

that is built with an on-prem EMM connector option 

to ensure data isn’t stored in the cloud, credentials never 

leave your network and the system never reaches into your 

network. 

• Security and productivity: Appthority gives government 

organizations the flexibility to monitor and address mobile 

risk issues without interfering with employee productivity. 

• User privacy: Appthority allows government organizations 

to monitor apps and devices for risk compliance and 

resolution, without revealing personal employee information 

to IT and security staff. 

• Efficiency: Appthority’s solution is easy to deploy and 

easy to integrate within an existing security stack, and easy 

to customize to the specific concerns and policies of each 

government organization. 

• Continuous compliance: Appthority enables government 

organizations to establish accountability, proactively 

reduce the attack surface available to hackers and ensure 

device compliance with risk policies at any point in time. 

Nominating contact for this entry: 

–––––––––––––––––––––––––––––––––––––––– 

Sara Pimentel, Assistant Account Executive 

Office: (415) 249 6776 

Nominating contact email address: 

–––––––––––––––––––––––––––––––––––––––– 

appthority@finnpartners.com 

Nominating organization address: 

–––––––––––––––––––––––––––––––––––––––– 

Finn Partner 

101 Montgomery St. #1500 

San Francisco CA 94104 

Overall, Appthority substantially reduces risk and ensures 

security efforts are focused on the largest and fastest growing 

threat vector, the expanding number of mobile threats to 

sensitive government data and privacy. Appthority extends 

the security perimeter to the true point of risk introduction 

- apps, devices and networks - and prevents risks from 

entering the ecosystem. Appthority has been the trusted 

mobile security provider of multiple domestic and foreign 

government organizations including the USDA, the Department 

of Veterans Affairs, the Department of State, and the 

European Commission. 

12 13

2017 


Bromium 



–––––––––––––––––––––––––––––––––––––––– 

Best Email Security/ Loss Management Solution 


–––––––––––––––––––––––––––––––––––––––– 

Email is the lifeblood of the modern organization. 

File attachments simply must be opened, 

and embedded links clicked on for today’s organizations 

to run. Despite improvements in detection 

and increases in phishing-awareness training 

for employees, email is still the primary attack 

vector. According to the IDC, the preferred attack 

instrument is weaponized files with embedded 

malware or malicious code/scripts. More 

than $1 billion was paid in ransom last year, with 

no signs of abating. 

Bromium Secure Files provides isolation environments 

for opening email attachments and 

clicking on links embedded in email or chat 

clients. 

Unlike other approaches that create a single 

virtualized “endpoint” environment in the cloud 

or on the endpoint, Bromium creates hard- 


ware-isolated micro-VMs. Each application is 

launched within its own micro-VM. The micro- 

VMs live on the endpoint, eliminating latency issues 

and securing every user task such as visiting 

downloading a document, or opening an email 

attachment. Each application task runs in its 

own micro-VM, and all micro-VMs are separated 

from each other using hardware enforcement and 

therefore not susceptible to kernel exploits. 

With Bromium Secure Files, file activity takes 

place within a micro-VM, protecting against 

malicious document-based attachments regardless 

of the source such as phishing email or internet 

download. Each file or link is isolated from 

all other files, the host PC, the network, and the 

file system. The micro-VM container for each 

file is disposed at the end of the tab session, and 

new micro-VMs are spun-up when new files are 

launched, invisible to the end user. 

Typical application types include Microsoft 

Word, Adobe PDFs, Microsoft PowerPoint, and 

other productive applications. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.bromium.com/ 


–––––––––––––––––––––––––––––––––––––––– 

https://learn.bromium.com/rs/497-ITQ-712/images/wpbromium-application-isolation-and-containment-ps-usen.pdf 


–––––––––––––––––––––––––––––––––––––––– 

Jessica Morales, Marketing 

jessica.morales@bromium.com 

Office: 650-483-3754 


–––––––––––––––––––––––––––––––––––––––– 

Bromium 

20813 Stevens Creek Blvd 

Cupertino, CA 95014 

14 15

2017 


Bromium 



–––––––––––––––––––––––––––––––––––––––– 

Best Anti-Malware Solution 


–––––––––––––––––––––––––––––––––––––––– 

With proven security protection and deployability, 

Bromium provides isolation of advanced malware threats 

across large federal government organizations. The Bromium 

Secure Platform meets the endpoint security needs 

of U.S. military, civilian federal, contractor and other 

organizations supporting critical public sector missions. 

To date, we’ve never had a customer report a single confirmed 

malware escape from a Bromium micro-VM. 

Bromium merits recognition for anti-malware leadership 

because the company invented a comprehensive, 

elegant and highly scalable defense designed to defeat 

costly data breaches at the point where they originate: 

vulnerable endpoint devices. 

Bromium is the first vendor to deliver an endpoint 

security solution based on virtualization. The company’s 

technology seamlessly protects laptops, agency workstations 

and hosts from compromises by upending traditional 

anti-malware norms relying solely on detection. 

Instead, Bromium opens applications, email and brows- 


ers - in a secure “micro-VM” instance controlled deep 

at the at the CPU-level. The micro-VMs are transparent 

to the end user, who is finally free to work (and click) 

on anything because they are protected. Meanwhile, the 

micro-VM traps and discards malware and other threats 

before they can cause malicious effects. 

This CPU-enforced isolation does not require signatures 

or updates and its elimination of malware, after logging 

crucial forensic fingerprints of attempted exploits, 

spares administrators from costly incident response cleanup 

and allows them to more strategically study attempted 

break-ins. In addition, this information is shared via the 

Sensor Network that ultimately informs the SOC. 

Beyond defeating active attacks, Bromium provides 

comprehensive task-centric detection for any malicious 

execution. It records comprehensive forensic intelligence 

for each endpoint attack, auto-correlating low-level endpoint 

events to deliver precise indicators of compromise 

(IOCs), to enable security teams to quickly detect and 

respond to an attack or attempted breach. 

Every Bromium-enabled endpoint forwards alerts 

detailed forensic evidence to Bromium’s Threat Analysis, 

which offers a precise and detailed view of malware 

behavior in real time, providing insight into an attack’s 

origins, techniques and targets. Bromium Threat Analysis 

delivers post-exploitation analysis and categorization of 

the complete attack cycle. Full samples of malware are 

provided for in-depth analysis by the security team, and 

signatures of unknown malware are generated in real 

time for use throughout the enterprise. 

Working together, Bromium’s features, monitoring 

and administration console eliminate otherwise timeintensive 

malware identification, blocking, and triage 

steps. Armed with more time, enriched threat data and 

the confidence of having averted attacks right at the endpoint, 

these features are helping Bromium’s government 

customers safeguard citizen data, priceless intellectual 

property while freeing up employees to focus on moving 

America forward. 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Bromium Secure Platform addresses the inescapable realities 

of vulnerable software and targeted advanced persistent 

attacks (APTs) that trick users into executing malware 

otherwise impossible to detect or prevent using traditional 

tools. 

https://www.bromium.com/sites/default/files/dsbromium-threat-analysis-us-en.pdf 


–––––––––––––––––––––––––––––––––––––––– 



Office: 650-483-3754 


–––––––––––––––––––––––––––––––––––––––– 

Bromium 



16 17

2017 


Bromium 

2017 Finalist 


Bromium is monitoring the virtual machine and 

looking for any “abnormal” activity. Unlike traditional 

security technologies, Bromium adapts to 

new attacks using behavioral analysis and instantly 

shares threat intelligence to eliminate the impact 

of malware. 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

https://learn.bromium.com/rs/497-ITQ-712/images/wpbromium-application-isolation-and-containment-ps-usen.pdf 


–––––––––––––––––––––––––––––––––––––––– 




–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Government security professionals are on the 

front lines of defending our nation from cybercriminals. 

But cyber criminals now have access to 

nation-state attack tools, and are using them to 

deliver a new breed of ransomware that is undetectable, 

rendering today’s detection-based security 

methods useless. 

Bromium takes a different approach: application 

isolation and containment. Rather than playing 

catch up with attackers, this approach neutralizes 

threats before they inflict damage. 

With application isolation, end users perform 

untrusted tasks – anything that could be an ingress 

point for malware – in an isolated environment. 

If malware is present, it completely plays 

out in the isolated environment, with no access 

to the protected host operating system or enterprise 

network. It’s the classic “honey pot” scenario 

where malware believes it’s fully running and 

executing, yet only damaging a disposable environment. 

The Bromium Secure Platform initiates an 

isolated micro-virtual machine – transparent to 

the end user – for every untrusted user task. This 

means every time a user opens a tab in a browser, 

clicks on an untrusted Office or PDF document, 

or runs an untrusted executable, Bromium creates 

a seamless hardware isolated virtual machine that 

performs the task for the user. If malware were 

part of that task, it only resides in that virtual 

machine for that specific task, thus keeping the 

protected host operating system safe. 

While the isolated virtual machine is performing 

the untrusted task on behalf of the user, 

Why Leading Government Agencies Choose Bromium 

Home to some of the most sensitive and sought 

after data, the public sector is a prime target for cyberattacks. 

Despite the best efforts of the resource 

and funding-constrained U.S. government, advanced 

malware and zero-day attacks often bypass traditional 

government defenses with devastating consequences. 

Office: 650-483-3754 


–––––––––––––––––––––––––––––––––––––––– 

Bromium 



18 19

2017 



Centrify Corporation 



–––––––––––––––––––––––––––––––––––––––– 

Best Identity Management Platform 


–––––––––––––––––––––––––––––––––––––––– 

Data breaches are happening at an alarming rate. 

Today’s security is not enough. To address this, 

Centrify is implementing a massive rethink in 

security and delivering the complete platform 

to stop breaches through the trifecta of Identity 

Services for applications, endpoints and infrastructure—both 

on-premises and in the cloud. 

By taking a unique approach to controlling both 

end user and privileged access in the hybrid 

enterprise, one that simplifies the implementation 

of identity best practices and strengthens an 

organization’s risk posture, Centrify is working 

to ensure the next dimension in security stops 

breaches. 

In today’s world of access, companies must 

increase their Identity and Access Management 

(IAM) maturity to effectively reduce the likelihood 

of a data breach. Centrify’s integrated 

identity security solution for federal customers 

increases IAM maturity and simplifies the implementation 

of best practices to ensure users are 

who they say they are, minimize risk and increase 

visibility. Centrify delivers stronger security, 

compliance and end user productivity through 

its common platform of Identity Services such 

as single sign-on, adaptive multi-factor authentication, 

risk-based access control, deep mobile 

and Mac management, comprehensive privileged 

access security, privileged session monitoring and 

risk analytics. 

Centrify’s solutions are FIPS 140-2, Common 

Criteria EAL 2+, and Certificate of Networthiness 

(CON) certified and compliant. Additionally, 

Centrify is in the final stage before achieving 

Federal Risk and Authorization Management 

Program (FedRAMP) compliance. Centrify’s 

FedRAMP compliant IAM solutions will enable 

federal agencies to reduce the risks of cybersecurity 

threats as well as to fulfill security and compliance 

requirements such as NIST 800-53 Least 

Privilege Access, FISMA, HSPD-12, ICAM and 

NIST 800-171. 

This entry deserves to win because Centrify is 

committed to helping government agencies defend 

the mission by protecting data and arming 

them with future-proof and accredited solutions. 

Centrify has a consistent track record of delivering 

innovative IAM solutions that enable federal 

and civilian agencies to defend against cyber 

threats and to secure infrastructure, apps and 

endpoints both on-premises and in the cloud. 

Centrify is trusted by more than 100 government 

agencies, including the FDA, Raytheon, U.S. 

Army and U.S. Air Force. 

Centrify’s solutions are also included in the 

Department of Homeland Security’s Continuous 

Diagnostics and Mitigation (CDM) program, 

which institutes a dynamic approach to fortifying 

the cybersecurity of government networks and 

systems. CDM recommends solutions and capa- 


–––––––––––––––––––––––––––––––––––––––– 

https://www.centrify.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Centrify is helping government customers protect data 

and stop breaches. More information can be found here: 

https://www.centrify.com/solutions/federal-compliance/ 


–––––––––––––––––––––––––––––––––––––––– 

Jenny Overell, Account Supervisor 

Finn Partners 

office: 415-249-6778 

cell: 925-878-5655 


–––––––––––––––––––––––––––––––––––––––– 

Finn Partners 

101 Montgomery Street #1500 

San Francisco, CA 94104 

bilities for federal departments and agencies to 

use to identify cybersecurity risks on an ongoing 

basis, prioritize those risks based upon potential 

impacts and enable cybersecurity personnel to 

mitigate the most significant problems first. 

20 21

2017 


Code Dx, Inc 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Application security testing (AST) has become a 

necessity, because the application layer is now the 

most common attack vector. According to the 

Department of Homeland Security (DHS), up 

to 90% of cyber incidents are traceable to software 

flaws that were exploited by attackers. There 

are many AST tools and techniques (i.e. static, 

dynamic, hybrid) to help software developers and 

security analysts find vulnerabilities during all 

stages of the software development lifecycle, but 

the truth is, there is no one tool that will catch 

every weakness. Developers need to, and do, use 

many tools to secure their applications. 

Additionally, despite the prevalence of so 

many AST tools, many developers and security 

analysts simply don’t use these tools as prescribed 

because of cost and operational obstacles. These 

obstacles include: difficulty in building security 

testing directly into the software development 

or DevOps process; high cost of using multiple 

tools; weeks of manpower needed to combine 

and correlate the findings from multiple testing 

tools into one format for easy remediation and 

reporting; and weeks of time prioritizing thousands 

of vulnerabilities, so that the most critical 

and those non-compliant with government regulations 

get fixed first. 

Code Dx, Inc. understands these challenges, 

and developed the Code Dx Enterprise Application 

Vulnerability Manager to help secure the 

software supply chain by providing an easy-touse 

and affordable application vulnerability correlation 

and management solution, enabling organizations 

to overcome these obstacles that are 

deterrents to using AST tools. This breakthrough 

product automates many of the manpower-intensive 

activities needed to run AST tools, consolidates 

the results, and prioritizes the reported 

vulnerabilities based on industry and regulatory 

standards. By using Code Dx Enterprise organizations 

achieve greater vulnerability coverage, 

and a better assessment of overall software security 

risk, in less time, and with fewer resources. 

In an environment where skilled security analysts 

and developers are in short supply, “doing more 

with less” is a must – the breakthrough in Code 

Dx Enterprise is this ability to amplify the effects 

of an AppSec teaming of people and tools 

to achieve higher-value results in less time, with 

less effort. 

Code Dx Enterprise takes in reports of vulnerabilities 

produced by a wide range of commercial 

and open-source static and dynamic tools, together 

with those found by manual code reviews, 

automatically correlates them, and removes duplicates. 

It also automatically checks the vulnerability 

status of third-party libraries that may be 

built into the code. Results are easily prioritized 

and, through Jira integration, assigned for remediation. 

It even maps findings to industry and 

government standards, so organizations can identify 

vulnerabilities that are potential violations 

of HIPAA, PCI, or DISA STIG regulations. 

Finally, Enterprise exposes its work to developers 

from within their integrated development 

environment, so developers and security analysts 

can work together to conduct their security tests 

and remediate the problems within their normal 

workflow. 

While the industry is working hard to deliver 

a greater diversity of powerful AST tools, Code 

Dx Enterprise differentiates itself by focusing 


–––––––––––––––––––––––––––––––––––––––– 

http://www.CodeDx.comn 


–––––––––––––––––––––––––––––––––––––––– 

Supported Testing Tools and Languages: 

t 

Pricing Model: 

https://codedx.com/code-dx-pricing/ 


–––––––––––––––––––––––––––––––––––––––– 

Frank Zinghini 

President & CEO 

Office: 631-759-3901 


–––––––––––––––––––––––––––––––––––––––– 

Applied Visions Inc. 

6 Bayview Avenue 

Northport, NY 11768 

on making those tools work together to produce 

actionable results more quickly, with less effort. 

With seamless integration into software development 

environments, it brings developers and 

security analysts together into an effective team. 

Customers see Code Dx Enterprise as a valuable 

multiplier of their existing investments in AST. 

22 23

2017 


CyberArk 

2017 Finalist 



–––––––––––––––––––––––––––––––––––––––– 

Best Continuous Monitoring & Mitigation Solution 


–––––––––––––––––––––––––––––––––––––––– 

Advanced cyber threats against governments loom large – 

whether the attacker’s goal is to compromise sensitive government 

data, steal personally identifiable information or disrupt 

normal operations. 

In addition to damaging external threats like those associated 

with ransomware, internal threats are a growing concern 

for agencies in part because they can be difficult to detect. 

Third-party contractors, like Harold Martin and Edward 

Snowden, add another significant layer of security complexity 

as their access isn’t usually controlled by an organization’s 

internal policies, yet they often have the same – or greater – 

levels of access to internal networks and information. 

To mitigate risk against internal and external threats, agencies 

need to continuously monitor privileged account sessions 

across every aspect of their network - including on-premises, 

hybrid cloud and DevOps environments. Privileged accounts 

provide access to critical systems in these environments, and 

credentials are increasingly sought out, stolen and exploited 

in successful cyber attacks. 

CyberArk enables government agencies to not only moni- 

tor privileged account activity, but also isolate threats and 

mitigate risk. With the ability to remotely terminate sessions, 

security teams can immediately stop threats before they disrupt 

operations. 

The CyberArk Privileged Account Security Solution 

improves security teams’ ability to respond to external threats 

and malicious insiders with the flexibility to extend detection 

beyond initial account logon events. Advanced insider threat 

detection capabilities automatically detect and alert on highrisk 

privileged activity during user sessions and enable rapid 

response to in-progress attacks. 

Available as part of the CyberArk Privileged Account 

Security Solution, CyberArk Privileged Session Manager acts 

as a jump server and single access control point, and prevents 

malware from jumping to a target system. It records keystrokes 

and commands for continuous monitoring, and produces 

detailed session recordings and audit logs to simplify 

compliance audits and accelerate forensic investigations. 

A data feed from CyberArk Privileged Session Manager into 

CyberArk Privileged Threat Analytics enables customizable, 

prioritized alerts with granular detail on high-risk privileged 

activity. Security operations teams can assign risk levels that are 

most relevant to their organization, monitor and analyze actual 

behavior during a privileged session, identify activity or commands 

that may indicate compromise, and prioritize threat 

response based on alert severity. By helping to prioritize the 

review of privileged session logs, CyberArk can also improve 

efficiency and shorten IT audit cycles to reduce costs. 

The CyberArk Privileged Account Security Solution has 

been added to the U.S. Department of Defense (DoD) Unified 

Capabilities Approved Products List (UC APL). This 

designation identifies products that have undergone a rigorous 

testing process conducted by the DoD, which assures 

acceptable levels of information assurance and interoperability 

capabilities. The solution has also been independently 

validated and awarded an Evaluation Assurance Level (EAL) 

2+ under the Common Criteria Recognition Agreement 

(CCRA). Additionally, CyberArk has received the U.S. Army 

Certificate of Networthiness (CoN), enabling the streamlined 

implementation of the CyberArk solution on the Army 

Enterprise Architecture/LandWarNet (LWN). 

CyberArk is trusted by more than 3,450 customers, including 

more than 50 percent of the Fortune 100. In the past 

year, CyberArk strengthened its presence at global governments 

with more than 100 percent vertical growth, accounting 

for 15 percent of the total business in Q1 2017. As of Q3 

2017, CyberArk had contracts across more than 22 distinct 

departments or agencies in all three branches of the U.S. 

federal government. 

CyberArk is positioned to help federal agencies meet 

today’s challenging security and compliance requirements, 

including FISMA/NIST SP 800-53 requirements around 

“Access Control,” “Audit and Accountability” and “Identification 

and Authentication;” Phase 2 of the Department of 

Homeland Security Continuous Diagnostics and Mitigation 

(CDM) program; NERC-CIP requirements related to privileged 

access control, remote access management and access 

revocation; and HSPD-12 requirements. 


–––––––––––––––––––––––––––––––––––––––– 

www.cyberark.com 


–––––––––––––––––––––––––––––––––––––––– 

CyberArk Privileged Account Security Solution: 

http://www.cyberark.com/products/privileged-accountsecurity-solution/ 

CyberArk Privileged Session Manager Solution: 

https://www.cyberark.com/products/privileged-accountsecurity-solution/privileged-session-manager/ 

CyberArk security and compliance for government organizations: 

http://www.cyberark.com/solutions/federal-governmentsolutions/ 

NIST SP 800-53 Revision 4: Implementing Essential Security 

Controls with CyberArk® Solution - link to whitepaper: 

http://www.cyberark.com/resource/nist-sp-800-53-revision- 

4-implementing-essential-security-controls-cyberark-solutions/ 

Addressing the NIST SP 800-171 CUI requirements with 

CyberArk - link to white paper: 

http://www.cyberark.com/resource/addressing-nist-sp- 

800-171-cui-requirements-cyberark/ 





CyberArk for NERC Secured Remote Access - link to whitepaper: 

http://www.cyberark.com/resource/cyberark-nerc-secured-remote-access/ 


–––––––––––––––––––––––––––––––––––––––– 

Lesley Sullivan, PR Manager 

Office: 617-663.0129 


–––––––––––––––––––––––––––––––––––––––– 

lesley.sullivan@cyberark.com 


–––––––––––––––––––––––––––––––––––––––– 

CyberArk 

60 Wells Avenue 

Newton, MA 02459 

24 25

2017 


CyberArk 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Advanced cyber threats against governments loom large 

– whether the attacker’s goal is to compromise sensitive 

government data, steal personally identifiable information or 

disrupt normal operations. 

In addition to damaging external threats like those associated 

with ransomware, internal threats are a growing concern 

for agencies in part because they can be difficult to detect. 

Third-party contractors, like Harold Martin and Edward 

Snowden, add another significant layer of security complexity 

as their access isn’t usually controlled by an organization’s 

internal policies, yet they often have the same – or greater – 

levels of access to internal networks and information. 

To mitigate risk against internal and external threats, agencies 

need to continuously monitor privileged account sessions 

across every aspect of their network - including on-premises, 

hybrid cloud and DevOps environments. Privileged accounts 

provide access to critical systems in these environments, and 

credentials are increasingly sought out, stolen and exploited 

in successful cyber attacks. 

CyberArk enables government agencies to not only moni- 

tor privileged account activity, but also isolate threats and 

mitigate risk. With the ability to remotely terminate sessions, 

security teams can immediately stop threats before they 

disrupt operations. 

The CyberArk Privileged Account Security Solution improves 

security teams’ ability to respond to external threats 

and malicious insiders with the flexibility to extend detection 

beyond initial account logon events. Advanced insider 

threat detection capabilities automatically detect and alert 

on high-risk privileged activity during user sessions and 

enable rapid response to in-progress attacks. 

Available as part of the CyberArk Privileged Account 

Security Solution, CyberArk Privileged Session Manager 

acts as a jump server and single access control point, and 

prevents malware from jumping to a target system. It 

records keystrokes and commands for continuous monitoring, 

and produces detailed session recordings and audit 

logs to simplify compliance audits and accelerate forensic 

investigations. 

A data feed from CyberArk Privileged Session Manager 

into CyberArk Privileged Threat Analytics enables customizable, 

prioritized alerts with granular detail on high-risk 

privileged activity. Security operations teams can assign 

risk levels that are most relevant to their organization, 

monitor and analyze actual behavior during a privileged 

session, identify activity or commands that may indicate 

compromise, and prioritize threat response based on alert 

severity. By helping to prioritize the review of privileged 

session logs, CyberArk can also improve efficiency and 

shorten IT audit cycles to reduce costs. 

The CyberArk Privileged Account Security Solution has 

been added to the U.S. Department of Defense (DoD) Unified 

Capabilities Approved Products List (UC APL). This 

designation identifies products that have undergone a rigorous 

testing process conducted by the DoD, which assures 

acceptable levels of information assurance and interoperability 

capabilities. The solution has also been independently 

validated and awarded an Evaluation Assurance Level 

(EAL) 2+ under the Common Criteria Recognition Agreement 

(CCRA). Additionally, CyberArk has received the 

U.S. Army Certificate of Networthiness (CoN), enabling 

the streamlined implementation of the CyberArk solution 


–––––––––––––––––––––––––––––––––––––––– 

www.cyberark.com 


–––––––––––––––––––––––––––––––––––––––– 

CyberArk Privileged Account Security Solution: 

http://www.cyberark.com/products/privileged-accountsecurity-solution/ 

CyberArk Privileged Session Manager Solution: 

https://www.cyberark.com/products/privileged-account-security-solution/privileged-session-manager/ 

CyberArk security and compliance for government organizations 

http://www.cyberark.com/solutions/federal-government-solutions/ 

NIST SP 800-53 Revision 4: Implementing Essential Security 

Controls with CyberArk® Solution - link to whitepaper: 

http://www.cyberark.com/resource/nist-sp-800-53-revision- 

4-implementing-essential-security-controls-cyberarksolutions/ 





CyberArk for NERC Secured Remote Access - link to white 

paper: 

http://www.cyberark.com/resource/cyberark-nerc-secured-remote-access/ 


–––––––––––––––––––––––––––––––––––––––– 

Lesley Sullivan, PR Manager 

office: (617) 663-0129 


–––––––––––––––––––––––––––––––––––––––– 

lesley.sullivan@cyberark.com 


–––––––––––––––––––––––––––––––––––––––– 

CyberArk 

60 Wells Avenue 

Newton, MA 02459 

26 27

on the Army Enterprise Architecture/LandWarNet 

(LWN). 

CyberArk is trusted by more than 3,450 customers, 

including more than 50 percent of the Fortune 100. In the 

past year, CyberArk strengthened its presence at global 

governments with more than 100 percent vertical growth, 

accounting for 15 percent of the total business in Q1 2017. 

As of Q3 2017, CyberArk had contracts across more than 

22 distinct departments or agencies in all three branches of 

the U.S. federal government. 







(CDM) program; NERC-CIP requirements related to 

privileged access control, remote access management and 

access revocation; and HSPD-12 requirements. 

28 29

2017 



DFLabs 

2017 PlatinumWinner 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Government agencies struggle with limited in-house IT security 

resources, budgets, and skilled security operations professionals 

to effectively identify and respond to the sophisticated 

cyber threats targeting their expanding IT attack surface. 

Security automation is a force multiplier that enables them to 

continuously monitor, interpret, assess risk, and respond to the 

firehose of data generated by best-of-breed security products 

and threat intelligence feeds. 

DFLabs has pioneered intelligence-driven security monitoring, 

automation and orchestration. The DFLabs IncMan 

platform automates and orchestrates the full security operations 

intelligence and incident response lifecycle, including 

continuous threat risk assessment and qualification, triage and 

escalation, threat containment and remediation, and reporting. 

DFLabs IncMan platform enables organizations to address 

the three main challenges security operations teams face today: 

(1) How to monitor and manage the sheer volume of alerts 

and incidents that are continuously generated; (2) How to 

achieve visibility into acute threats and prioritize them; and (3) 

How to effectively accomplish this, along with remediation, 

with limited resources. 

DFLabs IncMan provides a centralized, automated, 

intelligence-driven command and control security monitoring, 

automation and orchestration platform that spans the 

entire lifecycle of incident detection, threat investigation, and 

orchestration of response. Security operations center (SOC) 

and computer security incident response teams (CSIRT) 

security analysts, forensic investigators and incident responders 

use IncMan to respond to, track, predict and visualise cyber 

security incidents. The platform also enables security managers 

and CISOs to continuously oversee, manage and measure 

operational performance and cyber risk across every individual 

phase of the incident response workflow through role-based 

dashboards, customizable widgets, and nearly 150 KPIs 

and reports. 

DFLabs IncMan is the only platform capable of full 

incident lifecycle automation that includes built-in, automated, 

continuous threat intelligence gathering, risk assessment, 

triage and notification, context enrichment, hunting 

and investigating, and threat containment. 

In addition, DFLabs IncMan aggregates the output of 

third party security devices such as SIEM’s and EDR’s, and 

services such as Threat Intelligence and Malware Analysis 

to automate and orchestrate the correlation and fusion 

of these disparate intelligence sources. Threat Intelligence 

fusion is automated throughout threat qualification and investigation, 

triage and escalation, and threat containment. 

Currently supporting more than one hundred (and 

growing) leading third party security and threat intelligence 

sources, IncMan applies machine learning to guide 

IT security personnel through patented, highly adaptable 

playbooks and accelerate the most appropriate and effective 

response to mitigate cyber threats. 

The patented DFLabs R3 Rapid Response Runbooks 

automate the operationalization of threat intelligence from 

triage and investigation to containment using hundreds 

of conditional actions that allow workflows to execute a 

variety of data enrichment, notification, containment and 

custom steps based on complex, stateful and logical decision 

making. 

DFLabs’ Runbooks are enhanced with capabilities that 

enable incident responders to automate and accelerate 

the assessment, investigation and containment of threats, 

and to gather, maintain and transfer knowledge between 

incident response (IR) and SOC teams. DFLabs’ patentpending 

Automated Responder Knowledge (ARK) module 

applies machine learning to historical responses to threats, 

and recommends relevant playbooks and courses of action 

to manage and mitigate threats. With DFLabs, more junior 

staff can be empowered to manage threat containment and 

remediation. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.dflabs.com 


–––––––––––––––––––––––––––––––––––––––– 

https://www.dflabs.com/solution/incident-responseplatform-soc/ 


–––––––––––––––––––––––––––––––––––––––– 

Marc Gendron, President, 

Office: (781) 237-0341 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 

Marc Gendron PR 

190 Lower County Rd., 

West Harwich, MA, 02671 

Using DFLabs, customers have reduced average incident 

resolution times by up to 90%, boosted incident handling 

efficiency by 80% and increased incident handling by 300%. 

Meanwhile, MSSPs can automate security monitoring and incident 

response services with customer-centric workflows and 

communication channels, and also offers a platform to deliver 

premium managed detection and response services. 

To satisfy breach notification requirements, regulatory 

compliance, and implement a formalized incident response 

program, DFLabs’ measurable, enforceable and repeatable 

playbooks speed up incident and forensic investigations to 

comply with breach notification timelines. 

DFLabs IncMan is used by a growing number of Fortune 

500 and Global 2000 enterprises, government agencies, law 

enforcement and intelligence agencies. DFLabs has operations 

in Europe, North America and EMEA. 

30 31

2017 



DFLabs 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Government agencies struggle with limited in-house IT security 

resources, budgets, and skilled security operations professionals 

to effectively identify and respond to the sophisticated 

cyber threats targeting their expanding IT attack surface. 

Security automation is a force multiplier that enables them 

to continuously monitor, interpret, assess risk, and respond 

to the firehose of data generated by best-of-breed security 

products and threat intelligence feeds. 

DFLabs has pioneered intelligence-driven security monitoring, 

automation and orchestration. The DFLabs IncMan 

platform automates and orchestrates the full security operations 

intelligence and incident response lifecycle, including 

continuous threat risk assessment and qualification, triage 

and escalation, threat containment and remediation, and 

reporting. 

DFLabs IncMan platform enables organizations to address 

the three main challenges security operations teams face 

today: (1) How to monitor and manage the sheer volume 

of alerts and incidents that are continuously generated; (2) 

How to achieve visibility into acute threats and prioritize 

them; and (3) How to effectively accomplish this, along with 

remediation, with limited resources. 

DFLabs IncMan provides a centralized, automated, 

intelligence-driven command and control security monitoring, 

automation and orchestration platform that spans the 

entire lifecycle of incident detection, threat investigation, and 

orchestration of response. Security operations center (SOC) 

and computer security incident response teams (CSIRT) 

security analysts, forensic investigators and incident responders 

use IncMan to respond to, track, predict and visualise 

cyber security incidents. The platform also enables security 

managers and CISOs to continuously oversee, manage and 

measure operational performance and cyber risk across every 

individual phase of the incident response workflow through 

role-based dashboards, customizable widgets, and nearly 

150 KPIs and reports. 

DFLabs IncMan is the only platform capable of full 

incident lifecycle automation that includes built-in, 

automated, continuous threat intelligence gathering, risk 

assessment, triage and notification, context enrichment, 

hunting and investigating, and threat containment. 

In addition, DFLabs IncMan aggregates the output of 

third party security devices such as SIEM’s and EDR’s, 

and services such as Threat Intelligence and Malware 

Analysis to automate and orchestrate the correlation and 

fusion of these disparate intelligence sources. Threat Intelligence 

fusion is automated throughout threat qualification 

and investigation, triage and escalation, and threat 

containment. 

Currently supporting more than one hundred (and 

growing) leading third party security and threat intelligence 

sources, IncMan applies machine learning to guide 

IT security personnel through patented, highly adaptable 

playbooks and accelerate the most appropriate and effective 

response to mitigate cyber threats. 

The patented DFLabs R3 Rapid Response Runbooks 

automate the operationalization of threat intelligence 

from triage and investigation to containment using 

hundreds of conditional actions that allow workflows to 

execute a variety of data enrichment, notification, containment 

and custom steps based on complex, stateful 

and logical decision making. 

DFLabs’ Runbooks are enhanced with capabilities 

that enable incident responders to automate and accelerate 

the assessment, investigation and containment of 

threats, and to gather, maintain and transfer knowledge 

between incident response (IR) and SOC teams. DFLabs’ 

patent-pending Automated Responder Knowledge (ARK) 

module applies machine learning to historical responses to 

threats, and recommends relevant playbooks and courses 

of action to manage and mitigate threats. With DFLabs, 

more junior staff can be empowered to manage threat 


–––––––––––––––––––––––––––––––––––––––– 

http://www.dflabs.com 


–––––––––––––––––––––––––––––––––––––––– 

https://www.dflabs.com/solution/incident-responseplatform-soc/ 


–––––––––––––––––––––––––––––––––––––––– 

Marc Gendron, President, 

Office: (781) 237-0341 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 


190 Lower County Rd., 

West Harwich, MA, 02671 

containment and remediation. 

Using DFLabs, customers have reduced average incident 

resolution times by up to 90%, boosted incident handling 

efficiency by 80% and increased incident handling by 300%. 

Meanwhile, MSSPs can automate security monitoring and 

incident response services with customer-centric workflows 

and communication channels, and also offers a platform to 

deliver premium managed detection and response services. 

To satisfy breach notification requirements, regulatory 

compliance, and implement a formalized incident response 

program, DFLabs’ measurable, enforceable and repeatable 

playbooks speed up incident and forensic investigations to 

comply with breach notification timelines. 

DFLabs IncMan is used by a growing number of Fortune 

500 and Global 2000 enterprises, government agencies, law 

enforcement and intelligence agencies. DFLabs has operations 

in Europe, North America and EMEA. 

32 33

2017 


Forum Systems 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Identity is the most essential component of modern 

business enablement. Organizations depend on cloud 

technology, mobility, web portals and third-party integrations, 

and demand dynamic and agile access management 

capabilities for secure information sharing and 

data protection. 

Unfortunately, identity management products are 

woefully lacking. They merely establish trust without 

validating and enforcing expected user behavior, and 

rely on inadequate hand-coded, open-source security 

technologies and heavyweight agents that are complex, 

costly and burdensome. Compounding matters, the 

fragmented landscape of identity management repositories, 

databases and schemas requires IT to unify identity 

capabilities to achieve Federation, SSO and access control 

– a vexing, cost-prohibitive architectural challenge. 

Offering a scalable, code-free, agentless approach, the 

Forum Sentry API Security Gateway integrates security 

with identity processing for cost-effective identity and 

information assurance. Designed to consume the spectrum 

of identity and message formats while leveraging 

legacy infrastructure investments, Forum Sentry is the 

only complete “Federation-in-a Box” solution. Natively 

integrating with, augmenting and unifying any identity 

provider and repository, Forum Sentry simplifies Identity 

Federation and SSO through a powerful point-andclick 

policy engine. 

The only NIST FIPS 140-2 Level 2 and NIAP 

Network Device Protection Profile certified gateway, 

Forum Sentry secures identity, identity repositories and 

accompanying user information at network boundaries. 

Forum Sentry supports and enforces several forms 

of multifactor authentication, including content-based, 

role-based and attribute-based access control. And 

unprecedented multicontext authentication capabilities 

enable enterprises and government organizations to 

achieve simple, secure Identity Federation and SSO. 

Featuring industry-first, patented cryptographic acceleration 

of security processing, Forum Sentry serves as 

an information broker deployed as a logical API protecting 

applications and services. Architected on “security-first” 

design principles, Forum Sentry precludes 

clients from directly accessing application and services 

tiers. This unmatched level of security prevents identity 

compromise and enables SSO authentication and session 

management achievement – without required code 

changes or manipulation to backend systems. 

To continue to differentiate itself from the competition 

and deliver customer value, Forum Systems has 

introduced several key capabilities in the most recent 

version of its flagship Forum Sentry API Security Gateway. 

These new features include: 

• Compliance with Exacting Critical Infrastructure 

Security Mandates – Forum Sentry has been certified to 

comply with the U.S. Cybersecurity Executive Order, 

“Strengthening the Cybersecurity of Federal Networks 

and Critical Infrastructures” and with guidance from 

the UK’s National Cyber Security Centre. Both have 

strict cryptographic requirements for critical infrastructure 

security. 

• Perfect Forward Secrecy (PFS) – PFS ensures that 

past encrypted communications cannot be decrypted 

if long-term secret keys are compromised, significantly 

reducing the risks associated with cyberespionage and 

mass surveillance. And because Forum Sentry does not 

rely on any third-party cryptographic libraries, it is immune 

to vulnerabilities like Heartbleed, POODLE and 

not yet discovered exposures. 

• Added Identity Support – While already supporting 

major Federated Identity protocols such as SAML, 

OAuth and WS-Trust, Forum Sentry now features 


–––––––––––––––––––––––––––––––––––––––– 

http://www.forumsys.com 


–––––––––––––––––––––––––––––––––––––––– 

Forum Sentry API Security Gateway homepage. 

http://www.forumsys.com/en/products/forum-sentry-api-security-gateway/ 


–––––––––––––––––––––––––––––––––––––––– 

Liza Vilnits, Senior Account Executive 

Office: 781-672-3141 

lvilnits@chenpr.com 

‹ 


–––––––––––––––––––––––––––––––––––––––– 

CHEN PR 

71 Summer St., Penthouse 

Boston, MA 02110 

added support for OpenID Connect authentication 

and Java Web Tokens (JWT) standards. Enhancements 

have also been made for industry-specific and business 

use cases such as the Federal Aviation Administration’s 

SAML and Azure IoT Hubs. 

• Hardened Privacy and Security – Designed with 

“always on” security features, Forum Sentry can now 

be deployed in virtualized and cloud infrastructures 

that lack hardware encryption capabilities; support for 

network HSM (hardware security modules) has been 

implemented to ensure that the highest level of cryptographic 

security is available for every deployment 

scenario. 

• Richer Reporting and Analytics Capabilities – To 

make business analysis quicker and easier – and support 

security intelligence and other critical initiatives – Forum 

Systems added a framework to Forum Sentry that 

helps to capture the data, convert it to a common format 

like JSON and export it to any third-party prod- 

34 35

uct. Already featuring existing integrations with Google 

Analytics, Splunk, Elastic Cloud and Graylog, now any 

Big Data analytics platform can be supported easily. 

The award-winning Forum Sentry API Security 

Gateway is worthy of recognition for several reasons: 

• Leading Technology: Forum Sentry’s multicontext 

authentication within encrypted and encoded payload 

capabilities represents the next generation of multifactor 

authentication. By combining authentication information 

in correlation with information within the request 

and/or response, Forum Sentry provides essential context 

critical to validating user behavior with exchanged 

information. Completing the trust model with multicontext 

analysis of the /user and the data, Forum Sentry 

delivers simple, secure Federated Identity and SSO. 

• Customer Traction and Demonstrable Results: For 

more than 15 years, Forum Systems has been the security 

foundation in global network architectures, processing 

and securing 10+ billion transactions per day for U.S. 

federal agencies and foreign governments/agencies, as 

well as global enterprises in the financial services, energy, 

telecommunications, healthcare and transportation 

industries. Synovus CTO Santosh Kokate explains his 

engagement with the company: “Our yearly recurring 

licensing fees for the existing agent-based IAM solution 

were accumulating to a million dollars each year. In addition, 

development costs to support that solution were 

also growing with every new application and service. 

By deploying Forum Sentry and replacing the existing 

solution, we were able to simplify the complexity of our 

architecture, move to an agentless model for IAM, identity 

federation and SSO, and furthermore save $1.5M in 

development costs, support and licensing.” 

• Market Research Analyst Recognition: Kuppinger- 

Cole Senior Analyst Matthias Reinwarth has lauded Forum 

Sentry’s “inherent security architecture,” highlighting 

that “processing of identities and tokens is executed 

within the protected and certified security container 

without a possibility of compromising the identity data 

during its lifecycle or the individual identity repositories.” 

Further, Reinwarth emphasized Forum Systems’ 

“truly integrative approach towards managing identities,” 

that “SSO and security can be strategically implemented 

without the need for agents being installed on 

target systems.” Additionally, KuppingerCole Senior 

Analyst Alexei Balaganski recently recognized Forum 

Sentry as a “unified solution for API and service security, 

access management and threat protection,” highlighting 

its “rich monitoring, auditing and reporting 

capabilities” and “support for a broad range of identity 

and access control standards, tokens and credentials.” 

Stating that Forum Sentry is “still the only product on 

the market where security forms the integral foundation 

of the architecture,” Balaganski deems it “recommended 

for evaluation by any organization looking for 

the highest grade of security and reliability for their API 

infrastructure.” 

36 37

2017 


Forum Systems 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 

Best Physical Logical Privileged Access Management 

Solutions 


Privileged access management as a solution has expanded 

dramatically in scope driven by the evolution of 

mobility, cloud computing and APIs. Controlling access 

to information, systems and data are the cornerstones of 

effective privileged access management. However, our 

modern computing era requires a technology solution 

purpose-built to seamlessly and securely bridge the expanding 

diversity in technologies, systems, data formats 

and protocols. And an API security gateway has become 

a fundamental architectural component to solve these 

modern privileged access management requirements. 

The Forum Sentry API Security Gateway is a 

certified-secure product that combines identity access 

control with data security through policy-driven rules 

and dynamic assessment of data flows. This solutionbased 

approach to privileged access management allows 

unified data protection across disparate clients and users 

accessing data from both modern and legacy systems. 

Several solution areas converge within the gateway 

architecture, which provides a modern and secure approach 

to privileged access management. Importantly, 

the Forum Sentry API Security Gateway delivers several 

key capabilities, including: bi-directional data enforcement 

(request and response); data security (conformance, 

encryption, signatures); multifactor authentication 

(multicontext authentication); identity access 

control (SSO, Federation); role-based access control 

(RBAC and access-based access control [ABAC]); and 

threat mitigation (virus detection, DoS protection). 

Underscoring tremendous customer success, Forum 

Systems’ products have been the security foundation 

in global network architectures for more than 15 years. 

Notably, Forum Sentry processes and secures 10+ billion 

transactions per day worldwide for U.S. federal 

agencies, foreign governments/agencies and global 

enterprises in the financial services, energy, telecommunications, 

healthcare and transportation industries. 

To continue to differentiate itself from the competition 

and deliver customer value, Forum Systems has 

introduced several key capabilities in the most recent 

version of its flagship Forum Sentry API Security Gateway. 

These new features include: 

• Compliance with Exacting Critical Infrastructure 

Security Mandates – Forum Sentry has been certified to 

comply with the U.S. Cybersecurity Executive Order, 

“Strengthening the Cybersecurity of Federal Networks 

and Critical Infrastructures” and with guidance from 

the UK’s National Cyber Security Centre. Both have 

strict cryptographic requirements for critical infrastructure 

security. 

• Perfect Forward Secrecy (PFS) – PFS ensures 

that past encrypted communications cannot be 

decrypted if long-term secret keys are compromised, 

significantly reducing the risks associated with cyberespionage 

and mass surveillance. And because 

Forum Sentry does not rely on any third-party cryptographic 

libraries, it is immune to vulnerabilities 

like Heartbleed, POODLE and not yet discovered 

exposures. 

• Added Identity Support – While already supporting 

major Federated Identity protocols such as 

SAML, OAuth and WS-Trust, Forum Sentry now 

features added support for OpenID Connect authentication 

and Java Web Tokens (JWT) standards. 

Enhancements have also been made for industry-specific 

and business use cases such as the Federal Aviation 

Administration’s SAML and Azure IoT Hubs. 

• Hardened Privacy and Security – Designed with 

“always on” security features, Forum Sentry can now 

be deployed in virtualized and cloud infrastructures 

that lack hardware encryption capabilities; support 


–––––––––––––––––––––––––––––––––––––––– 

http://www.forumsys.com 


–––––––––––––––––––––––––––––––––––––––– 

Forum Sentry API Security Gateway homepage. 

http://www.forumsys.com/en/products/forum-sentry-api-security-gateway/ 


–––––––––––––––––––––––––––––––––––––––– 

Liza Vilnits, Senior Account Executive 

Office: 781-672-3141 


–––––––––––––––––––––––––––––––––––––––– 

CHEN PR 

71 Summer St., Penthouse 

Boston, MA 02110 

for network HSM (hardware security modules) has 

been implemented to ensure that the highest level of 

cryptographic security is available for every deployment 

scenario. 

• Richer Reporting and Analytics Capabilities – 

To make business analysis quicker and easier – and 

support security intelligence and other critical initiatives 

– Forum Systems added a framework to Forum 

Sentry that helps to capture the data, convert 

it to a common format like JSON and export it to 

any third-party product. Already featuring existing 

integrations with Google Analytics, Splunk, Elastic 

Cloud and Graylog, now any Big Data analytics platform 

can be supported easily. 

The award-winning Forum Sentry API Security 

Gateway is worthy of recognition for several reasons: 

• Leading Technology – The Forum Sentry API 

Security Gateway is the industry’s only NIST FIPS 

140-2 Level 2 and NIAP Network Device Protec- 

38 39

tion Profile certified API security gateway. Featuring 

industry-first, patented cryptographic acceleration of 

security processing, Forum Sentry serves as an information 

broker deployed as a logical API protecting 

data, applications and services. Architected on “security-first” 

design principles, Forum Sentry precludes 

clients from directly accessing data, application and 

services tiers by exposing APIs that are protected by 

privileged access management policies. This enables 

repeatable privileged access management solutions, 

as well as seamless deployments with minimal disruption 

to existing systems and architectures. 

• Demonstrable Results: Solving privileged access 

management with the Forum Sentry API Security 

Gateway provides significant cost savings over alternative 

approaches or technologies. Synovus Financial 

CTO Santosh Kokate explains this from his experience 

deploying a privileged access management 

solution for online mobile banking using the Forum 

Sentry API Security Gateway: “Our yearly recurring 

licensing fees for the existing agent-based IAM 

solution were accumulating to a million dollars 

each year. In addition, development costs to support 

that solution were also growing with every new 

application and service. By deploying Forum Sentry 

and replacing the existing solution, we were able to 

simplify the complexity of our architecture, move to 

an agentless model for IAM, identity federation and 

SSO, and furthermore save $1.5M in development 

costs, support and licensing.” 

• Market Research Analyst Recognition: KuppingerCole 

Senior Analyst Matthias Reinwarth has 

lauded Forum Sentry’s “inherent security architecture,” 

highlighting that “processing of identities and 

tokens is executed within the protected and certified 

security container without a possibility of compromising 

the identity data during its lifecycle or the 

individual identity repositories.” Further, Reinwarth 

emphasized Forum Systems’ “truly integrative approach 

towards managing identities,” that “SSO and 

security can be strategically implemented without 

the need for agents being installed on target systems.” 

Additionally, KuppingerCole Senior Analyst 

Alexei Balaganski recently recognized Forum Sentry 

as a “unified solution for API and service security, 

access management and threat protection,” highlighting 

its “rich monitoring, auditing and reporting 

capabilities” and “support for a broad range of 

identity and access control standards, tokens and 

credentials.” Stating that Forum Sentry is “still the 

only product on the market where security forms 

the integral foundation of the architecture,” Balaganski 

deems it “recommended for evaluation by any 

organization looking for the highest grade of security 

and reliability for their API infrastructure.” 

40 41

2017 


Gurucul 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 

Best User & Entity Behavior Analytics (UEBA) 

Solution 


Gurucul pioneered the cybersecurity category called 

user and entity behavior analytics (UEBA) and was the 

only vendor cited for meeting all five use cases outlined 

in the Market Guide for UEBA report by analyst 

firm Gartner: security management, insider threats, 

data exfiltration/DLP, identity access management, 

SaaS security, plus the extra qualifications for compliance 

and cyber fraud. 

The company’s UEBA platform Gurucul RiskAnalytics 

(GRA) is not only a proven, mature, big-data 

security analytics solution that is successfully deployed 

worldwide by government agencies to solve real-world 

security challenges. The company recently announced 

GRA is being used to protect more than 100,000 users, 

which represents the largest implementation of 

UEBA by the Federal Government to date. 

Government agencies with IT applications and 

resources that span their data center and the cloud 

were struggling to detect and prevent data exfiltration 

and privilege abuse, so Gurucul added hybrid behavior 

analytics models to GRA. This unique capability gives 

companies 360 degree visibility to detect threats across 

hybrid environments that had been evading cloud and 

data-center only security solutions. 

Although many agencies deploy privileged access 

management products to vault user accounts with 

high risk entitlements, these tools perform discovery 

at the account level, which is only the tip of the iceberg. 

For instance, an organization with 10,000 identities 

that each have 10 accounts with 10 entitlements 

has 1 million entitlements. It is not manually feasible 

to discover all possible entitlements. Gurucul solved 

this security challenge this year by introducing identity 

analytics and machine learning that scours identity, 


–––––––––––––––––––––––––––––––––––––––– 

http://gurucul.com/ 


–––––––––––––––––––––––––––––––––––––––– 

accounts, access and activity to discover and risk score 

privileged access down to the entitlement level across 

on-premises, cloud and hybrid environments. 

Gurucul’s cybersecurity technology is changing 

the way agencies protect themselves against insider 

threats, account compromise, IP and data theft, external 

attacks, and data exfiltration on-premises and 

in the cloud. GRA’s security intelligence and analytics 

technology incorporates machine learning, anomaly 

detection and predictive risk-scoring algorithms to 

reduce the attack surface for accounts, unnecessary 

access rights and privileges, and to identify, predict 

and prevent breaches. Gurucul GRA monitors user 

behaviors using machine learning algorithms to detect 

threats that appear as “normal” activity to traditional 

security products, such as hackers using login credentials 

stolen from authorized users, as well as malicious 

insiders like employees and contractors. 

Gurucul GRA is a multi-use UEBA platform with 

an open architecture that uniquely spans on-premise 

and the cloud and supports open choice of big data repositories. 

Gurucul GRA has the ability to ingest virtually 

any dataset for desired attributes, and includes 

configurable out-of-the-box analytics. In addition, 

Gurucul STUDIO, which is a part of GRA, enables 

customers to create custom machine learning models 

to meet unique privacy and confidentiality requirements 

typically found in federal government, military 

and intelligence environments. 

By offering an open choice of big data lakes, Gurucul 

GRA, which runs on Hadoop itself, can be 

deployed flexibly on any leading big data infrastructure. 

It protects existing IT investments, eliminates 

data duplication, and reduces storage fees. Customers 

can simply layer Gurucul’s advanced security analytics 

engine on top of their existing or new Hadoop, Cloudera, 

Hortonworks, MapR and Elastic/ELK deployments. 

http://gurucul.com/solutions/user-entity-behavioranalytics-ueba 

Gurucul’s UEBA solution provides risk-based behavior 

analytics essential for detecting insider threats, account 

hijacking and data exfiltration. Its real-time security 

analytics and intelligence technology combines machine 

learning behavior profiling with predictive risk-scoring 

algorithms to predict, prevent and detect breaches. 


–––––––––––––––––––––––––––––––––––––––– 

Marc Gendron, President 

Marc Gendron Public Relations 

office: 781-237-0341 

cell: 617-877-7480 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 


190 Lower County Road 

West Harwich, MA 02671 

Gurucul GRA features a self-audit capability, an 

industry-first, that empowers users to monitor their 

access for risk-ranked anomalous and suspicious activity, 

similar to the feedback loop that credit cards and 

credit monitoring agencies provide for their customers. 

The rich context that users provide goes beyond 

the knowledge of security analysts in security operation 

centers to identify and confirm anomalies. Self 


42 43

audits also provide security awareness and deterrence 

as key elements of an insider threat program. 

Unlike alternatives, Gurucul Risk Analytics (GRA) 

goes beyond rules, signatures and patterns with machine 

learning models based on big data from onpremises 

and the cloud, to learn normal base lines and 

apply advanced security intelligence and analytics that 

detects abnormal user and entity behavior. GRA extends 

beyond traditional UEBA and provides the ability 

to reduce the attack surface area of access through 

identity analytics (IdA). 

Gurucul GRA applies a risk-based approach for 

certifications, access requests and approvals, plus 

removes excess access, access outliers and cleans-up orphan 

and dormant accounts. This holistic approach of 

combining UEBA with IdA enables GRA to identify 

with precision the compromise and misuse of identity, 

which is the root of most modern cyber threats. 

This Gurucul approach is underscored by the 2017 

Verizon Data Breach Investigations Report (DBIR), 

which found that a whopping 81% of hacking-related 

breaches use either stolen and/or weak passwords making 

identity a core issue of modern threats. 

As for ease of implementation and use, Gurucul 

GRA leverages 300+ ready-to-use machine learning 

models for on-premises, cloud or hybrid environments. 

Over 30 data connectors speed ingestion of 

popular data sources, plus a flex connector enables 

any data source to ingest into GRA, with no waiting 

on roadmaps or professional services. GRA focuses 

on 33 primary use cases for threats, access and cloud. 

More advanced customers can customize risk weightings 

plus develop their own machine learning models 

without coding within GRA. 

44 45

2017 



Lieberman Software Corporation 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Today’s advanced cyber threats present a serious 

challenge for homeland security. They bypass perimeter 

security and covertly infiltrate networks, 

exploit vulnerabilities to move between systems, 

and extract sensitive data at will. 

Lieberman RED – Rapid Enterprise Defense 

Suite consists of five cyber security modules that 

help government IT groups identify and repair 

weaknesses in security configuration, implement 

strong privileged identity management, and provide 

automated remediation when a cyber-attack is 

detected. 

The suite provides automated countermeasures 

against sophisticated cyber attacks to reduce losses 

to acceptable levels, even during constant attack. 

Lieberman RED is a complete Cyber Defense Platform 

that protects organizations against malicious 

insiders, advanced persistent threats (APTs) and 

other sophisticated cyber attacks – on-premises, in 

the cloud and in hybrid environments. 

Lieberman RED operates by delivering a continuous 

cycle of proactive defense in four phases: 

• Finding security vulnerabilities by interactively 

building maps and reports of systems, identities, 

permissions, configurations and more. 

• Closing the discovered security gaps by repairing 

poor security, systems and identity configurations. 

• Providing secure, controlled access to credentials, 

delegating escalation and running privileged 

programs securely. 

• Automatically discovering and changing credentials 

at any scale with no human interaction. 

Automating Privileged Identity Management 

More than 1,800 organizations worldwide - including 

government agencies and system integrators 

-deploy Lieberman Rapid Enterprise Defense 

(RED) Identity Management, the Privileged Identity 

Management component of Lieberman RED. 

RED Identity Management automatically discovers 

and secures the powerful privileged identities that 

grant access to systems with sensitive data. RED 

Identity Management reduces an organization’s risk 

exposure by ensuring that only the right people 

have access to sensitive and critical resources at the 

right time. 

Protecting Government Agencies 

Government agencies are high value targets of 

advanced cyber attacks. Lieberman RED adds a 

critical cyber defense layer against attacks targeting 

government organizations by proactively responding 

to cyber attacks and interactively healing compromised 

IT environments. 

It is also valuable in reducing the costs of IT 

administration and compliance for federal government 

agencies. Lieberman RED provides an automated 

solution that can be quickly deployed to 

large government environments, so costs to taxpayers 

for implementation are very low and ongoing 

costs are almost zero. And by reducing manual IT 

tasks – like changing passwords by hand – the suite 

helps government IT workers focus on more strategic 

initiatives. 

Lieberman RED helps government agencies better 

verify their compliance with regulatory mandates 

such as CAG, FISMA/NIST, FIPS, NERC 

and others by auditing privileged account activity. 

This includes logging privileged access to systems, 

network devices, databases, cloud platforms and 

applications – detailing who on the IT staff had 

access to systems with sensitive data, at what time 


–––––––––––––––––––––––––––––––––––––––– 

http://www.liebsoft.com 


–––––––––––––––––––––––––––––––––––––––– 

http://www.liebsoft.com/red 

Today’s vulnerability scanning tools are utilized to locate 

weaknesses that may be exploited by intruders. However, 

these tools do not repair the problems that are identified. 

Lieberman RED provides tools to handle the consequences 

of cyber intrusions. The modules of the suite limit the 

lifetime of stolen credentials, eliminate well-known and 

shared credentials, and kill off unauthorized installed 

software. 


–––––––––––––––––––––––––––––––––––––––– 

Paula Brici , Senior Associate 

Madison Alexander PR 

office: 714-832-8716 


–––––––––––––––––––––––––––––––––––––––– 

Madison Alexander PR 

3250 El Camino Real, Suite 116 

Tustin, CA 92780 

and for what stated purpose. It also lets users generate 

reports covering accounts, groups, event data, 

installed software and patches, registry values, policies, 

trusts, and more. 

Lieberman RED is built on technology developed 

by Lieberman Software dating back to 1997. 

This technology is deployed to protect more than 

one billion users across government, national defense 

and commercial sectors. Lieberman RED is 

also developed solely in the USA – and supported 

by US-based personnel. 

46 47

2017 



Netwrix Corporation 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 

Best Compliance/Vulnerability Assessment 


–––––––––––––––––––––––––––––––––––––––– 

As compliance standards get stricter and new ones are 

added, adhering to all their requirements is becoming 

more challenging. This requires businesses to put in 

more effort to prove that all the necessary controls are 

in place and they are ready to beat cyber risks. Netwrix 

Auditor is a visibility platform for user behavior 

analysis and risk mitigation that enables control over 

changes, configurations and access to help organizations 

reduce risks to their IT environments and fulfill 

the requirements of PCI DSS, HIPAA, SOX, FISMA, 

ISO 27001, GLBA, FERPA, NERC, GDPR and 

other standards. 

Netwrix offers security analytics to help organizations 

beat the following challenges: 

Enable control over security policies. Netwrix 

enables customers to monitor what’s going on across 

their IT environments and present data about critical 

changes across the broadest variety of systems to easily 

prove that their security policies are enforced and no 

suspicious activities took place. Netwrix Auditor serves 

as a single point of access to the audit trail, which is 

stored in the audit archive for up to 10 years and can 

be accessed at any time for security investigations. 

“I regularly review reports summarizing daily 

activity across the whole IT environment to validate 

adherence to PCI requirements. I can monitor access 

to network resources and sensitive data, check for 

unauthorized changes to privileges and perform many 

other tasks — in just five minutes a day.” — Michael 

McIsaac, Mountain Park Lodges, http://www.netwrix. 

com/download/CaseStudies/netwrix_success_story_ 

mpl.pdf 

Demonstrate proactive approach to risk mitigation. 

Reports on user behavior anomalies, alerts on threat 

patterns and interactive risk assessment dashboards 

help organizations demonstrate their ability to continuously 

evaluate and reduce risks to sensitive data. 

Permission analysis feature enables companies to ensure 

that access rights are in strict accordance with the 

least-privilege principle and limit the reach of insider 

and outsider attacks. 

“Netwrix Auditor gives me clear understanding 

of what is protected in our IT infrastructure — and 

what requires attention and proactive measures before 

vulnerabilities turn into hacks. With 50TB of data and 

all the activity occurring in the systems, I would be 

spending hundreds of hours just trying to detect any 

potential issue, and I might never find it.” — William 

Gilbert, Cellular One, http://www.netwrix.com/download/CaseStudies/netwrix_success_story_cellular_one_ 

ne_arizona.pdf 

Pass audits with less effort. Netwrix automates 

the monitoring process and delivers on-demand and 

scheduled reports tailored to specific requirements of 

PCI DSS, SOX, HIPAA and other standards to help 

organizations spend less time and money on preparation 

to audits. The Interactive Search enables customers 

to quickly find answers to auditors’ questions, e.g. who 

accessed a particular sensitive file, or how access rights 

were modified during the past year. 

“I use out-of-the-box compliance reports to check 

whether the fire district is meeting CJIS, ISO and 

HIPAA regulatory guidelines. To complete the audit, 

we used to spend 3-4 weeks, whereas with Netwrix 

Auditor it is a 2-day process. To do everything Netwrix 

Auditor does, we would need at least two full-time employees 

for monitoring the system and spend around 

$190,000 annually, which we cannot afford.” — Oscar 

Hicks, Clackamas Fire District #1, http://www.netwrix.com/download/CaseStudies/netwrix_success_story_clackamas_fire_district.pdf 


–––––––––––––––––––––––––––––––––––––––– 

http://www.netwrix.com 


–––––––––––––––––––––––––––––––––––––––– 

Product tour 

https://www.netwrix.com/it_change_tracking_solution_features.html 

Customer success stories: 

https://www.netwrix.com/customer_case_studies.html 

Use cases: 

https://www.netwrix.com/use_cases.html 


–––––––––––––––––––––––––––––––––––––––– 

Alena Semenova, Senior PR Specialist 

Office: 949-407-5125 x4021 


–––––––––––––––––––––––––––––––––––––––– 


300 Spectrum Ctr Dr #200 

Irvine, CA 92618 

48 49

2017 




2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Netwrix Auditor is a visibility platform for user 

behavior analysis and risk mitigation that enables 

control over changes, configurations and access in 

hybrid IT environments to protect data on premises 

and in the cloud. The platform provides security 

analytics and user activity monitoring to help 

organizations with following issues: 

Detect security threats. Risk assessment feature 

enables organizations to evaluate their IT environments 

for risks like excessive administrative rights 

and idle user accounts to quickly act on gaps in 

security. The behavior anomaly discovery feature 

helps companies identify users with the most suspicious 

behavior over time. Multiple reports and 

alerts on threat patterns enable organizations to 

make sure they are notified about critical changes in 

IT environments, while user activity video recording 

helps them avoid privilege abuse. 

“We use Netwrix Auditor to protect all data, 

including sensitive information across all network 

shares and file servers. We monitor everything that 

happens with data, who has access to files and who 

modifies or deletes them. This enables our IT team 

to ensure the confidentiality of protected data, and 

also to hold employees accountable for accidental 

or purposeful file deletions.” — Doug Schreiner, 

Fresno City College, www.netwrix.com/go/fresnocitycollege 

Streamline compliance. Netwrix enables customers 

to monitor what’s going on across their critical 

systems and present data about critical changes and 

user activities to auditors to prove that all the necessary 

security controls are in place. Out-of-the-box 

compliance reports tailored to requirements of PCI 

DSS, SOX, GLBA and other standards help organizations 

pass audits with less effort, while Interactive 

Search enables customers to quickly find answers to 

auditors’ questions. The audit trail is stored in the 

archive for up to 10 years and can be accessed at 

any time for security investigations. 

“We needed to comply with FFIEC guidelines 

and establish required level of network and data security. 

Netwrix Auditor keep us in compliance and 

saves us 10 hours per month just on keeping track 

of user activity. We can prove that the required controls 

are in place at any point of time; if we need to 

provide additional information during the audits, 

we can do it right away.” — Jeff Wilbert, CoastHills 

Credit Union, https://vimeo.com/208819390 

Increase productivity of IT security and operations 

teams. Netwrix Auditor automates monitoring 

and reporting tasks to ensure systems availability 

and quickly address issues that may cause 

downtime. On-demand and scheduled reports are 

delivered directly to stakeholders via email or saved 

in the designated file shares, which eliminates the 

need to draw up the report manually. 

“We use Netwrix Auditor to find the root causes 

of operational issues and minimize the risk of business 

downtime. When one of the IT team members 

accidentally removed everyone from the Remote 

Desktop Users group and nobody could access 

remote servers, I ran a report on Active Directory 

changes and spotted the issue in a matter of minutes, 

while without the software it could have taken 

hours.” — Larry Heidenreich, First National Bank 

and Trust of Beloit, http://www.netwrix.com/download/CaseStudies/netwrix_success_story_fnbt.pdf 


–––––––––––––––––––––––––––––––––––––––– 

http://www.netwrix.com 


–––––––––––––––––––––––––––––––––––––––– 

Product tour 

https://www.netwrix.com/it_change_tracking_solution_features.html 

Customer success stories: 

https://www.netwrix.com/customer_case_studies.html 

Use cases: 

https://www.netwrix.com/use_cases.html 


–––––––––––––––––––––––––––––––––––––––– 

Alena Semenova, Senior PR Specialist 

Office: 949-407-5125 x4021 


–––––––––––––––––––––––––––––––––––––––– 


300 Spectrum Ctr Dr #200 

Irvine, CA 92618 

50 51

2017 


OPAQ Networks 

2017 Winner 

Vendors of Physical Security Products and Solutions 


–––––––––––––––––––––––––––––––––––––––– 

Best Network Security/Enterprise Firewall 


–––––––––––––––––––––––––––––––––––––––– 

State and local governments are struggling to defend 

an extended IT footprint that spans networks, 

cloud applications, mobile users, IoT and more 

-- against increasingly complex cyber threats. An 

effective defense requires multiple, best-of-breed 

security products that are expensive to acquire and 

complex to deploy and maintain. In addition, governments 

typically have limited budgets and often 

lack skilled resources. Increasingly, they are turning 

to managed security service providers (MSSP) to 

help them manage their security and mitigate risks. 

The OPAQ 360 cloud-based platform enables 

MSSPs to make best-of-breed network security capabilities 

accessible to state and local governments. 

This eliminates the need for governments to make 

capital expenditures in hardware and software, and 

hire a legion of expensive and scarce IT and security 

personnel. 

The OPAQ 360 platform delivers subscriptionbased, 

end-to-end network security from the 

cloud that can be centrally managed and enforced 

through a single interface. It incorporates best-ofbreed 

next generation network, application and 

SaaS firewall, web application firewall, and DDoS 

mitigation capabilities from Palo Alto Networks, 

Cloudflare, Duo Security and other known and 

trusted brands. The OPAQ platform also includes 

patented software-defined segmentation, quarantine, 

and other security capabilities that prevent 

threats from moving laterally and spreading 

throughout internal networks. No other company 

offers this type of protection as a service. 

The above security capabilities are enmeshed 

into OPAQ’s own private networking backbone, 

which eliminates tradeoffs between protection and 

performance. OPAQ’s transit partnerships with 

world-class ISPs such as Internap and NTT, major 

carrier hotels, and more than 150 peering relationships 

including Amazon, Apple, Facebook, Google, 

Netflix, and others, means networking performance 

is optimized. The OPAQ platform makes more 

than two million route changes every day, and more 

than 50% of OPAQ customers’ traffic never even 

touches the Internet – it goes directly to its destination 

with no latency. 

OPAQ protects data centers, branches, mobile 

and remote workers, and IoT environments against 

ransomware, advanced persistent threats (APTs), 

and a broad range of external as well as internal 

cyber threats. It is quick to deploy and scales to 

meet new business requirements and growth. The 

OPAQ 360 Portal centralizes and simplifies security 

monitoring, policy management and enforcement, 

and reduces costs. 

OPAQ customers have slashed IT security 

costs by more than 40 percent through a reduction 

in product acquisition, support, implementation, 

management and security operations. With 

OPAQ, deployment time has been reduced by 91% 

through streamlined logistics and operations. Complexity 

of security management has also been reduced 

by 80% through the elimination of the need 

to deal with multiple security vendors, products, 

and policies. 

Finally, the OPAQ leadership team is highly 

experienced and respected in the security industry. 

CEO Glenn Hazard was CEO of successful 

privileged identity and access management vendor 

Xceedium, which was acquired by CA Technologies 

in 2015. Chief Strategy Officer Ken Ammon 

was founder of NetSec, one of the industry’s first 


–––––––––––––––––––––––––––––––––––––––– 

https://opaqnetworks.com 


–––––––––––––––––––––––––––––––––––––––– 

The OPAQ 360 platform delivers subscription-based, 

end-to-end network security from the cloud that can be 

centrally managed and enforced through a single interface. 

It protects data centers, branches, mobile and remote 

workers, and IoT environments against ransomware, 

advanced persistent threats (APTs), and a broad range of 

external as well as internal cyber threats. 

https://opaqnetworks.com/solution 


–––––––––––––––––––––––––––––––––––––––– 



Office: (781) 237-0341 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 




MSSPs, which was acquired by MCI (now Verizon 

Business). OPAQ’s CTO Tom Cross is a former 

IBM X-Force and Lancope advanced research 

executive, who is well respected within the security 

community. OPAQ’s customer base includes a government 

agencies, Fortune 100 and 500 enterprises 

as well as midsize companies. 

52 53

2017 


Optimal IdM 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 

Best Multifactor Authentication Solutions 


–––––––––––––––––––––––––––––––––––––––– 

• The Optimal Authentication Service (OAS) 

seamlessly adds multi-factor authentication options 

to both web and non-web applications. 

• OAS gives customers many MFA options 

including: Password-less access using push 

notifications like fingerprint authentication and 

TOTP via SMS/Text Messaging, E-mail and 

Voice. 

• The integration of OAS into The OptimalCloud, 

a complete Identity-as-a-Service 

(IDaaS) solution, has created the first ever 

virtual directory offered with MFA. 

The Optimal IdM authentication-as-a-service 

(AaaS) offering, called The Optimal Authentication 

Service (OAS), allows single and multifactor 

authentication (MFA) methods to easily 

be added within any application. The OA app 

is available on both the Google Play and the 

Apple iOS app stores. 

OAS is a hosted RESTful web service that 

provides customers with the ability to perform 

various types and levels of authentications, 

including single and multi-factor. The service 

may be deployed in any data center and is offered 

in a multi-tenant environment as well 

as in an isolated/dedicated environment. OAS 

can easily integrate into an application using 

the RESTful call, or by using the Optimal IdM 

.NET SDK or jQuery plugin. 

Because the service is available via industry 

standard REST calls, both web and non-web 

applications may easily add MFA capabilities, 

including password-less options. As a MFA service, 

OAS helps prevent phishing and man-inthe-middle 

attacks by delivering push notifications 

to a user’s registered mobile device which 

optionally works with fingerprint enabled 

systems. OAS includes other MFA options like 

Time-based One-Time Password (TOTP) and 

traditional One-Time Passcodes (OTP) that 

can be sent via Short Message Service (SMS), 

Email or voice calls. 

Each can be used as a stand-alone option or 

in conjunction with a complete Identity Access 

and Management (IAM) program. When integrating 

with an existing system, customers can 

leverage OTPs via SMS, Email or voice without 

storing any information about the user in 

the cloud service. When using TOTP or push 

notifications, only device information is stored, 

which reduces the amount of personal identifiable 

information that is needed. The service 

can also be used to access applications in a 

password-less method by sending a push notifications 

to a mobile device for logins. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.optimalidm.com 


–––––––––––––––––––––––––––––––––––––––– 

Optimal IdM authentication-as-a-service (AaaS) 

https://optimalidm.com/products/hosted/aaas 


–––––––––––––––––––––––––––––––––––––––– 

Matt Pitchford, Marketing Director 


–––––––––––––––––––––––––––––––––––––––– 

matt.pitchford@optimalidm.com 


–––––––––––––––––––––––––––––––––––––––– 

Optimal IdM 

3959 Van Dyke Rd #190 

Lutz, FL 33558 

54 55

2017 



RedSeal 

2017 Gold Winner 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Government agencies trust RedSeal for missioncritical 

security, because it’s the best way to measure 

and manage the digital resilience of their 

networks. 

RedSeal’s network modeling and risk scoring 

platform is a trusted and critical component of 

cyber operations across more than 40 agencies, including 

Department of Defense; the intelligence 

community; FEMA and civilian agencies, and 

state and local governments across the country. 

As these entities know, trying to manage security 

without a network model is like trying to 

protect your country without clearly understanding 

your borders, where your high value assets 

are, and all the ways they are vulnerable to attack. 

Case in point: to create a highly-resilient global 

network for the DoD, the Defense Information 

Systems Agency (DISA) uses RedSeal to model 

and continuously monitor the infrastructure of 

the Joint Regional Security Stacks (JRSS). Redseal 

provides visibility into network segmentation and 

measures overall resiliency to deliver risk-based 

situational awareness. 

RedSeal’s platform provides agencies with one 

unified model of their complex network across 

hybrid datacenters, including devices that are 

on-premise, virtualized, or in a public cloud. 

From this single model, they can understand their 

security posture and accelerate their investigation 

of incidents as well as audit and compliance. 

With RedSeal, security teams can visualize access 

paths -- intended or unintended. They can 

further prioritize which vulnerabilities to mitigate 

based on the accessibility of valuable assets and 

target their resources where they’ll have the biggest 

impact. And they can make improvements 

based on the results of RedSeal’s virtual penetration 

testing. 

When an attack happens, RedSeal’s network 

modeling and risk scoring platform adds critical 

network context to incident investigation efforts. 

First responders get a detailed map showing paths 

between the suspicious host and all reachable assets. 

They can then drill down to understand the 

change required to prevent that access, enabling 

decision makers to quickly protect the organization, 

wasting no time on guesswork. 

By benchmarking progress with RedSeal’s Digital 

Resilience Score, agencies can optimize their 

existing cybersecurity investments, minimize the 

impact of an attack, and maximize digital resilience 

to protect business value and operations. 

The RedSeal platform is Common Criteria certified 

and supports U.S. Federal Common Access 

Cards (CAC) for two-factor authentication. Additionally, 

users can manage RedSeal on an IPv6 

network. 

Red Seal Department of Defense Clients: 

–––––––––––––––––––––––––––––––––––––––– 


–––––––––––––––––––––––––––––––––––––––– 

https://www.redseal.net/ 


–––––––––––––––––––––––––––––––––––––––– 

How RedSeal can help government agencies: 

https://www.redseal.net/government/ 

RedSeal’s government partners: 

https://www.redseal.net/partners/government-partners/ 

RedSeal’s government resources: 

https://www.redseal.net/government/governmentresources/ 

More information on the RedSeal Platform: 

https://www.redseal.net/our-platform/ 


–––––––––––––––––––––––––––––––––––––––– 

Connor Szymanski, Account Executive 

Finn Partners 

office: 415.249.6777 


–––––––––––––––––––––––––––––––––––––––– 

RedSeal 

101 Montgomery Street 

Suite 1500 

San Francisco, CA 94101 

56 57

2017 



RiskSense 

2017 Silver Winner 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

The cyber threat landscape is changing rapidly, 

forcing organizations to protect a growing attack 

surface that spans the network, endpoints, 

applications, cloud services, mobile devices, IoT 

and even operational technology (OT) networks. 

RiskSense has pioneered a new, proactive approach 

to cyber risk management intelligence that 

government entities use to reveal cyber risk across 

their entire operational attack surface, quickly 

orchestrate remediation and monitor the results. 

RiskSense continuously gathers, unifies, analyzes, 

and contextualizes internal security intelligence, 

external threat data, and correlates this 

data with business criticality to predict threat 

susceptibility and exploitable vulnerabilities and 

ensure remediation is prioritized to protect what 

matters most to the organization. Monitoring 

controls include related policy and procedure, 

virus and malicious code, intrusion detection, and 

event and state monitoring. Logging processes 

provide an effective control to highlight and investigate 

security events. 

RiskSense breaks down existing silos and automates 

cyber operational risk intelligence management 

to ensure that imminent cyber risks 

are quickly identified and remediated. Using 

an attacker’s viewpoint, the platform examines 

the entire attack surface, including the network, 

applications, web, databases, IoT devices and 

OT networks. RiskSense provides a detailed attribution 

of all critical vulnerabilities mapped 

to known exploits, malware, and threats, based 

on the asset criticality with specific guidance on 

remediation action prioritized to ensure efficient 

alignment of resources. 

The platform’s data aggregation and reconciliation 

capabilities eliminates manual threat hunting 

and reduces false positives. A closed-loop remediation 

process assures that a ticket is only closed 

once the effectiveness of the remediation action 

has been revalidated by the organization’s security 

tools. 

The RiskSense Platform uses human-interactive 

machine learning technology to determine a credit-like 

risk score that allows users to assign different 

levels of risk to assets across an organization, 

which guides and streamlines remediation efforts 

to protect critical assets at risk. RiskSense crosschecks 

remediation follow-through by performing 

vulnerability persistence analysis, assuring that 

applied remediation actions have been effective. 

RiskSense continuously validates business criticality 

and exploitability of vulnerabilities and prioritizes 

and orchestrates remediation actions, which 

significantly reduces the risk of exposure to cyberattacks. 

Ultimately, RiskSense empowers government 

agencies to apply proper cyber hygiene, lower 


–––––––––––––––––––––––––––––––––––––––– 

https://www.risksense.com 


–––––––––––––––––––––––––––––––––––––––– 

https://www.risksense.com/why-risksense 


–––––––––––––––––––––––––––––––––––––––– 


Office: (781)237-0341 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 


190 Lower County Rd, 


remediation costs, shorten time-to-remediation, 

reduce the window of opportunity for hackers, 

and significantly lower the risk of cyber-attacks. 

RiskSense founders collaborated with the U.S. 

Department of Defense and U.S. Intelligence 

Community, developed Computational Analysis 

of Cyber Terrorism against the U.S. (CACTUS), 

Support Vectors Intrusion Detection, Behavior 

Risk Analysis of Vicious Executables (BRAVE), 

and the Strike Team Program. 

As a Software-as-a-Service (SaaS) solution, 

RiskSense allows for a low TCO, requiring no 

infrastructure investment and scaling according to 

business requirements. 

58 59


2017 


Sedco 



–––––––––––––––––––––––––––––––––––––––– 

Best Endpoint Detection and Response Solution 


–––––––––––––––––––––––––––––––––––––––– 

Secdo converges automation, endpoint security & 

incident response to deliver the first end-to-end 

platform for advanced threat management, hunting, 

investigation, response, remediation, and 

defense—reducing operational costs and response 

times, while increasing productivity and scaling 

resources. 

Secdo is the only endpoint security solution that: 

• Automates key stages of the incident response 

process 

• Provides thread-level endpoint and server visibility 

so security and IT team know everything 

that is happening on their endpoints 

• Integrates with any SIEM and security system, 

ingests alerts and marry them with historical 

endpoint data to provide full investigation back 

to the root cause. 

• Provides security teams with more than 50 surgical 

response and remediation actions that could 

be automated. 

• Enables security teams to create custom-detection 

rules based on attack behaviors (Behavioral IOCs) 

Secdo is the first open and adaptive endpoint 

security solution. All other solutions are provided as 

a black box that customers cannot change or customize. 

Secdo’s approach is that the end-customer 

knows the organization and can participate in the 

process of securing the organization. Promoting 

this new security culture, Secdo is leading the way 

for security vendors to change the state of security, 

integrating customer feedback for tailoring detection 

and prevention rules based on their environment 

and experience. 

Security and IR teams are forced to triage 

thousands of alerts triggered daily. Most alerts 

remain unattended and real breaches are often 

overlooked. For the alerts that are handled, analysts 

use multiple data sources and tools to collect 

forensic evidence and analyze it in a laborious 

process that can take days. Finally, when a real 

threat is identified, response requires multiple 

tools and access to devices, which takes time and 

resources. 

With Secdo, all incident response is performed 

from one pane of glass. The end-to-end IR process 

takes minutes, alert investigations are automatic, 

and remediation is surgical and remote. 

With a clear understanding of the attack, Secdo 

provides a set of powerful, granular response and 

remediation tools. Security and IT teams can 

remotely view, retrieve, assess, isolate, contain and 

delete individual processes/threads on any host 

from a single pane of glass. Users can continue 

to work while investigation and remediation take 

place with no downtime and no interruption to 

productivity. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.secdo.com 


–––––––––––––––––––––––––––––––––––––––– 

https://secdo.com/product/ 


–––––––––––––––––––––––––––––––––––––––– 

Joe Austin, PR Manager 

MPR 

Office: (512) 531-9119 


–––––––––––––––––––––––––––––––––––––––– 

joeaustinprar@outlook.com 


–––––––––––––––––––––––––––––––––––––––– 

MPR 

545 Aspen Drive 

Austin, TX 78737 

60 61

2017 






–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Successful threat mitigation requires continuous monitoring 

of network configuration changes and potential policy 

violations, but this process needs to be automated, fast, and 

reliable. Continuous real-time monitoring and alerts for automated 

detection and remediation of harmful security violations 

is essential. 

SolarWinds® Network Configuration Manager (NCM) 

provides these benefits—and more. In addition to the “bread 

and butter” of compliance and configuration, SolarWinds 

NCM offers compliance auditing to help ensure that devices 

are configured correctly; automated change control workflow 

and bulk configuration updates; and automatic vulnerability 

assessments that allow teams to identify and fix vulnerabilities. 

All in a single solution. 

Unique features for preventing configuration changes and 

managing vulnerabilities 

NCM offers several unique and powerful features to help 

agency IT professionals protect against vulnerabilities and 

prevent unauthorized network configuration changes. NCM 

uses Cisco® IOS® and ASA vulnerability scanning and NIST 

FISMA, DISA STIGs, and DSS PCI compliance assessments 

to improve network security. 

Administrators can manage changes through automated 

workflows and set up two-level approval policies for configuration 

updates, helping ensure that only the right changes are 

made, by the right people. Plus, NCM has change management 

auditing and real-time change notification features that 

allow administrators to see who made a configuration change 

and when, so they can quickly respond to the change and 

mitigate the issue if necessary. 

Staying compliant 

Government IT compliance requirements are complex and 

ever-changing, and agencies must respond to constant data 

calls for compliance reporting. NCM actively detects configuration 

policy violations to help improve compliance with 

federal regulations and corporate standards, including those of 

NIST FISMA, PCI, HIPAA, SOX, RMF, and DISA STIGs. 

Additionally, SolarWinds NCM complies with numerous 

government standards and approvals: 

U.S. Government certifications and approvals, including: 

• Army CoN 

• Navy DADMS 

Technical Requirements, including: 

• FIPS compatibility 

• DISA STIGs 

• NIST compliance 

• Common Criteria EAL Certification 

• Section 508 VPATs 

A wealth of compliance reporting options are included. 

The software itself features hundreds of built-in compliance 

reports to help meet major auditing authority requirements, 

including DISA STIGs, NIST FISMA, and more. Meanwhile, 

THWACK®, SolarWinds’ online user community, 

provides a number of free report templates that can be used to 

prepare for an inspection. 

Built by the IT community 

NCM was built and continues to be updated using feedback 

from the IT community. SolarWinds depends on this 

feedback to ensure NCM meets IT professionals’ security and 

compliance needs. 

Much of input from the community comes from 

THWACK users. The online community provides a place 

where IT professionals can request and vote on new features, 

share information, troubleshoot government-specific problems, 

and discuss features and updates they would like to see. 

Additional features and highlights 

• Integrates with NIST National Vulnerability Database 

for updates 

• Support for a wide variety of devices, including firewalls, 

routers, switches, and more 

• Support for Cisco, Juniper®, HP®, and others 


–––––––––––––––––––––––––––––––––––––––– 

http://www.solarwinds.com 


–––––––––––––––––––––––––––––––––––––––– 

StolarWinds Network Configuration Manager webpage 

http://www.solarwinds.com/network-configurationmanage 


–––––––––––––––––––––––––––––––––––––––– 

Lisa Sherwin-Wulf, Director of Marketing 

– Federal and National Government 

Office: 703.386.2628 


–––––––––––––––––––––––––––––––––––––––– 

lisa.sherwinwulf@solarwinds.com 


–––––––––––––––––––––––––––––––––––––––– 


7171 Southwest Parkway, Building 400, 

Austin, Texas 78735 

• Integrates with SolarWinds Network Performance Monitor’s 

NetPath to see configuration changes in the network 

service path 

Built to scale 

NCM is built for IT environments of all sizes and can easily 

scale to meet growing infrastructure needs. Licensing depends 

on the total number of devices an IT pro manages, including 

firewalls, routers, switches, or any other device that supports 

remote access and a command line interface. 

SolarWinds NCM is used by nearly every U.S. federal civilian 

agency, DoD branch, and intelligence agency. It is available 

on the U.S. General Services Administration (GSA) Schedule, 

Department of Defense ESI, and other contract vehicles. 

62 63

2017 






–––––––––––––––––––––––––––––––––––––––– 

Best Security Incident and Event (SIEM) 

Management 


Threats to IT networks continue to accelerate 

and evolve. While enterprising hackers from 

external sources test the robustness of network 

security parameters, internal threats in the form 

of careless and malicious insiders remain a major 

and ongoing concern. 

It is critical that agencies take steps to combat 

these threats—and SolarWinds® Log & 

Event Manager (LEM) is a powerful weapon. 

This comprehensive SIEM solution delivers 

dynamic, real-time log collection and analysis 

for immediate and actionable threat intelligence. 

LEM can capture and analyze log data 

in real-time from multiple sources and specific 

incidents, allowing users to quickly identify and 

remediate threats, uncover policy violations, 

and resolve vital network issues. 

Active Responses for fast threat mitigation 

Time is a critical factor in responding to 

these concerns, and teams must be able to 

react quickly. LEM has unique built-in Active 

Responses that allow users to take automatic 

actions for fast, hands-free threat mitigation. 

Users can quickly shut down breached systems, 

block IP addresses, kill unexpected processes, 

and disable user accounts. Plus, LEM has a 

rules configuration wizard that can be used to 

improve usability. 

Additional innovations for better security 

and compliance 

LEM features other innovations not seen in 

traditional SIEM solutions. The software includes 

in-memory correlation for immediate 

threat detection and remediation; USB Defender® 

technology to help identify rogue devices 

and enforce USB policies; and unique IT search 

capabilities for better remediation and audit reporting. 

LEM includes support for single signon 

and improved management. 

Fast and easy for better response 

When responding to a threat, users need 

intuitive interfaces and features, without sacrificing 

power or capabilities—the hallmarks 

of LEM. The solution includes an easy-to-use, 

point-and-click interface and data visualization 

tools to quickly search log data, perform event 

forensics, and identify the cause of security incidents 

or network problems. 

Community-built security 

The feedback of IT professionals is instrumental 

to improving and updating SolarWinds 

LEM to suit real-world needs. SolarWinds’ 

online user community, THWACK®, features 

a forum in which IT pros can request and vote 

on new features and thus directly influence 

product updates. Check out the SolarWinds 

LEM feature request forum to see this process 

in action. 

Additional features and highlights 

• Proactive defense against “brute force” attacks, 

breaches, and insider abuse 

• Threat Intelligence feed integration that automatically 

retrieves updates 

• File Integrity Monitoring for broader compliance 

support and deeper security intelligence 

• Out-of-the-box compliance reports with 

predefined, customizable templates, including 

NIST FISMA, DISA STIGs, PCI, HIPAA, 

SOX, and support for RMF 


–––––––––––––––––––––––––––––––––––––––– 

http://www.solarwinds.com 


–––––––––––––––––––––––––––––––––––––––– 

SolarWinds Log & Event Manager webpage: 

http://www.solarwinds.com/log-event-manager 


–––––––––––––––––––––––––––––––––––––––– 

Lisa Sherwin-Wulf, Director of Marketing - Federal 

and National Government 

Office: 703.386.2628 


–––––––––––––––––––––––––––––––––––––––– 

lisa.sherwinwulf@solarwinds.com 


–––––––––––––––––––––––––––––––––––––––– 


7171 Southwest Parkway, Building 400, 

Austin, Texas 78735 

Like all SolarWinds software, LEM is built 

to scale and can support IT environments of all 

sizes. It employs a node-based license model that 

allows users to stay within their planned budgets 

as they deploy and expand their IT infrastructures 

across multiple data centers and geographies. 

A new Workstation Edition license makes 

monitoring logs from Windows® workstations 

more affordable than ever. 

SolarWinds LEM is used by nearly every U.S. 

federal civilian agency, DoD branch, and intelligence 

agency. It is available on the U.S. General 

Services Administration (GSA) Schedule, 

Department of Defense ESI, and other contract 

vehicles. 

64 65

2017 


Symantec 

2017 Winner 



–––––––––––––––––––––––––––––––––––––––– 

Best User & Entity Behavior Analytics Solution 


–––––––––––––––––––––––––––––––––––––––– 

Security analysts and investigators are flooded 

with threat alerts. With limited resources and 

time, they piece through each one, looking 

for the needle in the haystack - the truly critical 

and imminent alert. They are also flooded 

with false positives, wasting time chasing fires 

that don’t exist. On top of these challenges, 

valuable data is no longer only inside organizations’ 

four walls. It’s being stored, transmitted 

and accessed from everywhere by hundreds of 

thousands of employees and third-party vendor 

users. While the number of people touching 

the data and the amount of data itself have 

increased, the amount of people protecting it 

remains the same, leaving security practitioners 

overwhelmed and scrambling, trying to monitor 

where the data is going, who is accessing 

it, and how they are accessing it. The lack of 

continuous visibility causes significant threats 

to be missed, and then it’s too late. 

Enter Symantec Information Centric Analytics (ICA) 

Powered by Bay Dynamics 

With its proprietary, algorithm-based User and 

Entity Behavior Analytics, Symantec ICA enables 

organizations to detect, prioritize and mitigate 

the most critical insider and outside threats. Symantec 

ICA detects unusual and risky behaviors 

of employees and third party vendor users, prioritizes 

the riskiest users based on a combination 

of mission impact if the threat were to succeed, 

asset value and associated vulnerabilities, and 

automatically delivers a prioritized list of the top 

riskiest users to security analysts/investigators 

responsible for mitigation. To reduce false positives, 

once Symantec ICA detects an abnormal 

behavior, it compares the behavior to those of 

the user’s peers and overall team. Symantec ICA 

also engages line-of-business application owners 

who govern the assets under attack, asking them 

to qualify if the behavior was business justified, 

before the alert is sent to the SOC. If the application 

owner deems the alert business as usual, 

it is white-listed and the alert will not show up 

again. This qualification significantly reduces 

false positives and enables users to do their jobs 

uninhibited. 

Symantec ICA is enabling organizations to 

improve efficiency by detecting and prioritizing 

only the most critical threats. One of our customers 

had 80% of non-malicious DLP events 

auto-remediated with Symantec ICA. Another 

customer was able to cut down its actionable 

workload from hundreds of thousands of events 

per day to hundreds. As a result, the organization 

was able to reassign the bulk of the team, reducing 

it from 35 to just five people. 

Symantec ICA is enabling organizations to 

focus their resources, efforts and investments on 

protecting the assets that are most important to 

the mission. 

Symantec ICA’s User and Entity Behavior 

Analytics is not rules based. The platform’s 

machine learning capabilities enables it to adjust 

how alerts are prioritized and delivered based on 

past engagements from stakeholders across the 

agency and impact to the mission if the asset 

under attack were compromised. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.symantec.com/products/informationcentric-analytics 


–––––––––––––––––––––––––––––––––––––––– 

https://www.youtube.com/watch?v=nqxETYOH5i8&t=4s 

https://www.youtube.com/watch?v=QHgVvKAZO9U&t=123s 

https://www.youtube.com/watch?v=ZNgOkEvfkQk&t=5s 


–––––––––––––––––––––––––––––––––––––––– 

Abby Ross, Director of Marketing and PR 

Bay Dynamics 

office: 312.443.2460 


–––––––––––––––––––––––––––––––––––––––– 

Bay Dynamics 

99 Hudson Street 

6th Floor 

New York, NY 10013 

66 67

2017 



Veracity Industrial Networks, Inc. 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 

Best Industrial Cybersecurity Solution 


–––––––––––––––––––––––––––––––––––––––– 

Veracity’s innovative platform enables OT network 

admins to view all devices on the network, 

white-list communications between devices, set 

up dynamic security zones and visualize impact 

on traffic within the network. Veracity recently 

delivered product to the U. S. Department of 

Energy as part of the “Chess Master” project in 

July of 2017. This important project will build 

on the successful commercial release of utilityrated 

software defined network (SDN) technology 

under the previous CEDS project, Watchdog, 

and produce a solution operators can use to 

quickly establish and apply network policies. 

“We are honored that the HSA Awards Program 

selected Veracity as the best industrial cybersecurity 

solution that not only meets current 

needs of the government sector, but future de- 

mands, as well,” said Paul Myer, Veracity CEO. 

“This most recent acknowledgement reinforces 

our leadership position as the industry’s foremost 

technology for critical infrastructure cybersecurity.” 

Veracity was also recently recognized in CSO 

Magazine’s “10 Emerging ICS and IIoT Cybersecurity 

Companies to Watch”, IIOT World’s “Top 

ICS/SCADA Cybersecurity Startups to Watch”, 

Cybersecurity Ventures’ “Cybersecurity 500” 

(#242) and named OCTANe 2017 High Tech 

Innovation Award Finalist. Veracity offers a full 

demonstration lab that potential customers can 

use to learn more about the Veracity Platform 

in a virtual, simulated network environment. To 

learn more about this and request a demonstration, 

go to https://veracity.io/demo/ 

About Veracity Industrial NetworksTM 

Veracity delivers a resilient, secure industrial 

network that provides an on-premises, centralized 

configuration, control, and monitoring solution 

that tracks all connected devices and their 

communications. The Veracity platform is an 

award-winning, secure-by-default network that 

moves beyond the detection and alerting of cyber 

events into a resilient network that reduces the 

attack surface by design. 

The Veracity Industrial SDN network massively 

reduces the complexity of the network by 

repurposing the switch infrastructure to ensure 

communication between devices is determined 

by the system’s design. Veracity provides an innovative 

and comprehensive platform for critical 

networks that enables your business mission. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.veracity.io 


–––––––––––––––––––––––––––––––––––––––– 

Forcepoint Stonesoft ® NGFW: Optimize and scale network 

security: 

https://veracity.io/product/ 


–––––––––––––––––––––––––––––––––––––––– 

Brenda Christensen, CEO 

Stellar Public Relations 

Office: (818) 307-9942 


–––––––––––––––––––––––––––––––––––––––– 

brenda.christensen@stellar-pr.com 


–––––––––––––––––––––––––––––––––––––––– 

Stellar Public Relations 

1519 NW 42nd Ave. 

Cape Coral, FL 33993 

38 39

2017 



Wombat Security Technologies 

2017 Finalist 


–––––––––––––––––––––––––––––––––––––––– 

Best Compliance/Vulnerability Assessment Solution 


–––––––––––––––––––––––––––––––––––––––– 

than 150 purpose-written questions, including queries 

related to protected health information (PHI)/HIPAA 

and the Payment Card Industry Data Security Standard 

(PCI DSS) 

• Write their own questions to evaluate employees’ 

recognition of internal policies, compliance requirements, 

and known issues 

• Use predefined assessments to quickly and easily 

schedule and deliver assignments to end users 

• Link follow-up training based on assessment results 

• Utilize professionally translated content to deliver 

consistent assessments to a global employee base 

• Track progress and target existing and emerging 

areas of concern from the organization level down to 

the individual level 

element of cybersecurity risk. Additionally, many industries 

are bound by laws and regulations related to cybersecurity. 

The robust nature of the Wombat Security portfolio 

gives organizations the flexibility they need to evaluate 

and train employees, and CyberStrength is a particularly 

valuable tool for organizations that are seeking the 

ability to create and deliver assessments about general 

cybersecurity topics as well as end-user data and network 

protections within regulations like the following:HIPAA, 

PCI DSS, General Data Protection Regulation (GDPR), 

North American Electric Reliability Corporation Critical 

Infrastructure Protection (NERC CIP), Gramm-Leach- 

Bliley Act, PAS 555 Cyber Security Risk Governance and 

Management Specification. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.wombatsecurity.com/ 

Wombat Security Technologies is dedicated to offering 

effective tools to equip organizations with everything 

they need to assess areas of vulnerability, evaluate enduser 

cybersecurity knowledge levels, and educate their 

employees about best security practices and compliance 

regulations. Wombat’s Security Education Platform — a 

purpose-built learning management system — features 

a portfolio of tools that infosec professionals and governance, 

risk, and compliance officers can use to build a 

comprehensive, end-to-end cybersecurity awareness and 

training program. In addition to simulate attack-based 

assessments, Wombat offers CyberStrength® Knowledge 

Assessments, a unique, robust, and flexible tool that 

allows organizations to gauge their vulnerabilities to a 

wide range of cybersecurity threats and evaluate end-user 

understanding of key requirements related to regulations, 

mandates, and organizational policies. 

Wombat launched CyberStrength in 2013 to support its 

vision of an end-to-end cybersecurity assessment tool and 

to enable organizations to evaluate vulnerabilities beyond 

the phish. Since its launch, CyberStrength has exponentially 

enhanced organizations’ visibility into their end users’ 

knowledge levels and has given additional breadth and 

depth to the scope of security awareness and training programs. 

This vulnerability assessment tool enables program 

administrators to create, deliver, measure, and analyze 

organization-wide and targeted cybersecurity knowledge 

evaluations. Using CyberStrength, organizations can: 

• Establish a baseline measurement of end users’ understanding 

of critical cybersecurity topics (including 

phishing) 

• Assess about topics beyond the phish, mobile device 

and mobile app security, data management, physical 

security, and more 

• Create their own assessments from a library of more 

CyberStrength is a part of the Assess component of the 

Wombat’s market-leading Continuous Training Methodology, 

a holistic approach to cybersecurity awareness 

training that gives organizations the opportunity to integrate 

assessments, education, reinforcement materials, 

and reporting/measurement. Customers who have used 

this cyclical approach to cybersecurity education have 

experienced up to a 90% reduction in successful external 

phishing attacks and malware infections. 

For many organizations, security awareness and training 

programs have progressed from being a “maybe” to a 

“must” as a result of high-level national and regional mandates. 

Regulatory bodies are looking past technical safeguards 

and acknowledging the need to manage the human 


–––––––––––––––––––––––––––––––––––––––– 

CyberStrength overview and request a demo page: 

https://www.wombatsecurity.com/security-education/security-awareness-knowledge-assessment 


–––––––––––––––––––––––––––––––––––––––– 

Gretel Egan, Brand Communications Manager 

office: 412-621-1484, x136 


–––––––––––––––––––––––––––––––––––––––– 

gegan@wombatsecurity.com 


–––––––––––––––––––––––––––––––––––––––– 

Wombat Security Technologies, Inc. 

3030 Penn Avenue 

Pittsburgh, PA 15201 

70 71

2017 



Waratek 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

The majority of government agencies still run 

custom-developed, mission critical applications on 

out-of-date versions of Java. Most of these applications 

cannot be taken offline to install updates, 

and the quarterly frequency of critical patch updates 

overwhelms IT staff. And, like their private 

sector counter-parts, public sector development 

teams use open source and third party software 

components in their application stacks – components 

that contain known and unknown flaws that 

can be exploited by hackers. 

Waratek has developed a disruptive approach 

to application security that is highly accurate, easy 

to install and simple to operate – without impacting 

performance, does not require code changes 

or tuning, and generates no false positives. The 

Waratek Application Security Platform can deployed 

in a matter of minutes in on-premises datacenters 

and cloud environments, protecting new 

and legacy applications out-of-the-box against the 

2013 & 2017 OWASP Top Ten. 

Current approaches to protecting web applications 

that run on managed runtime environments 

involve applying a patch, fixing the vulnerability 

or disabling the flawed functionality when possible. 

Alternatively, web application firewalls can 

mitigate some threats, but are often plagued by 

false positives and cannot see what’s happening inside 

an application as it executes. Zero day attacks 

are notoriously difficult to protect against since 

they are, by definition, unknown exploits. 

Waratek monitors, detects and blocks threats 

from within an application’s runtime (i.e. JVM 

or CLR) in real-time, to enable applications to 

self-protect from the inside out. With Waratek, 

organizations gain visibility into malicious activity, 

enforce security policies and virtually patch 

vulnerabilities at runtime. The platform mitigates 

against vulnerabilities in legacy application platforms, 

third party and open source code, and 

effectively counters zero day malware. Waratek 

automatically modernizes any web application 

running on a legacy version of Java by updating 

it with all the security and performance improvements 

inherent to the most current Java OS without 

changing a single line of code or performing a 

restart. 

Unlike other solutions that follow traditional 

application security approaches, Waratek uses 

a virtualization-based approach to create secure 

containers for protecting 100 percent of an application 

software stack using a simple agent plug-in. 

As a result, Waratek does not require any performance 

impacting instrumentation or inaccurate 

approaches that “guess” if an attack is underway 

using pattern matching, regular expressions or 

other heuristic-based techniques. 

Waratek’s unique virtualization-based approach 

extends the life of applications and significantly 

reduces the need for enterprises to re-write or 

modify their software to comply with regulations. 

Virtualization also eliminates the constant tuning, 

blacklist/whitelist maintenance, and rule-writing 

associated with web application firewalls. In addition, 

Waratek can virtually patch applications 

while the application runs, eliminating the need 

to schedule production downtime, test the patch, 

and restart the application – all activities that 

delay the installation of a patch and increases the 

risk of attack against a known vulnerability. 

Since Waratek creates a secure container within 

a Runtime Environment, it can protect an infinite 


–––––––––––––––––––––––––––––––––––––––– 

www.waratek.com 


–––––––––––––––––––––––––––––––––––––––– 

A short video depicting the technology: 

https://youtu.be/z8PRaAE4Y9E?rel=0 


–––––––––––––––––––––––––––––––––––––––– 



Office: 781-237-0341 


–––––––––––––––––––––––––––––––––––––––– 

marc@mgpr.net 


–––––––––––––––––––––––––––––––––––––––– 




number of applications without introducing any 

scalability, performance degradation, management 

or configuration issues. These combined capabilities 

significantly reduce the total cost of ownership 

compared to other web application security 

products. 

According to Gartner’s Top 10 Security Predictions 

2016, by 2020, 40 percent of enterprises 

will secure developed applications by adopting 

application security self-testing, self-diagnosing 

and self-protection technologies. Gartner recommends 

companies adopt runtime application selfprotection 

(RASP). 

72 73


Category #2: Vendors of Physical Security Products and Solutions 

Judging in this category is based on a combination of: 

• Increase in client organization 

• Technological innovation or improvement 

• Filling a recognized government IT security need 

• Flexibility of solution to meet current and future organizational needs 

VIDEO SURVEILLANCE SOLUTIONS 

BARRIERS 

Best Nuclear/Radiation Detection Solution 

FLIR Systems, Inc. – Platinum Winner 

Best Explosives Detection Product or Solution 

Rapiscan Systems – Platinum Winner 

Best Active Shooter Gunshot Detection Solution 

Shooter Detection Systems 


Best Thermo, Nightvision, Infrared Cameras 

FLIR Systems, Inc. – Platinum Winner 

CohuHD Costar Gold Winner – Gold Winner 

Best City-Wide Video Surveillance 

Logos Technologies - – Platinum Winner 

COMMUNICATIONS SOLUTIONS 

Best Interoperable First Responder 

Communications 

LRAD Corporation – Platinum Winner 

Best Mass Notification System 

Desktop Alert – Platinum Winner 

Best Tactical Mesh Radio 

Persistent Systems – Platinum Winner 

Best Perimeter Protection, Intrusion 

Detection System 

AMICO – Platinum Winner 

PureTech Systems – Gold Winner 

FLIR Systems, Inc. – Silver Winner 

Best Crash Barriers (Fences, Gates, 

Barriers, Bollards) 

TCP-Security Solutions – Platinum Winner 

DETECTION PRODUCTS 

Best Chemical Detection Product or Solution 

Rapiscan Systems – Platinum Winner 

FLIR Systems, Inc. – Gold Winner 

Teknoscan Systems Inc. – Silver Winner 

SERVICES EDUCATION 

Best College/University in Homeland Security 

Bellevue University – Platinum Winner 

Best Disaster Preparedness, Recovery, Clean-up 

High Rise Escape Systems Inc. 


OTHER PRODUCTS 

Best Access Control Hardware 

Sargent and Greenleaf – Platinum Winner 

74 75

2017 



Amico 


target as man, animal, vehicle, aircraft and its distance, 

direction and speed of the intrusion. This 

information is then directed to security managers 

by email all in real time to make the proper 

response. This reconfigurable surveillance system 

can include lights, noise and other deterrents as 

the intruders are detected long distances from the 

perimeter barrier. 

AMICO has also incorporated crash barriers and 

gates, ballistic panels, lighting, cameras, tickler 

wire, into their layered defense system 


–––––––––––––––––––––––––––––––––––––––– 




AMICO has evolved the old standards of physical 

security fencing; deter, deny and delay. Today 

AMICO offers a new patent pending system, a 

smart fence. The AMIGUARD Perimeter System 

for new construction combines proven materials 

for the protection against the 3-D’s plus the ability 

to detect intruders; may they be man, animal, 

aircraft and vehicles up to 4KM away and cover 

2,000 plus acres. 

The First component, the AMIGUARD System 

provides a physical barrier up to 40-ft high with 

infill materials exceeded maximum breach times 

per ASTM F2781. The first new fence design in 

decades creating a pleasing visual while providing 

maximum security. 

Not all fences are new or need to be completely 

removed and rebuilt. AMICO’s Chameleon system 

retrofits existing chain link to a higher level of 

security by using existing posts for rails economy 

and retrofitting with medium or maximum security 

infill panels to reach the required level of 

security. This high security curtain wall system is 

also visually pleasing and secure. 

Thirdly, the time for determining if the intrusion 

is hostile takes time. AMICO’s GroundAware® 

solution permits the detection, classification of 


–––––––––––––––––––––––––––––––––––––––– 

http://amicosecurity.com 


–––––––––––––––––––––––––––––––––––––––– 

AMICO - Multi-Layered Defence System 

https://www.youtube.com/watch?v=jq5Nc8D3oeU 

AMIGUARD Perimeter System - Installation Video 

https://www.youtube.com/watch?v=-LHaF3T8pZA 


–––––––––––––––––––––––––––––––––––––––– 

Fred Mayer, Manager of Specification 

office: 205.783.6224 


–––––––––––––––––––––––––––––––––––––––– 

fmayer@gibraltar1.com 


–––––––––––––––––––––––––––––––––––––––– 

AMICO 

3245 Fayette Avenue 

Birmingham, AL 35208 

76 77

2017 



CohuHD Costar 



–––––––––––––––––––––––––––––––––––––––– 

http://www.cohuhd.com 


–––––––––––––––––––––––––––––––––––––––– 

http://www.cohuhd.com/Product-Detail/rise-ruggedip/rise-4290hd-daynight-positioner 


–––––––––––––––––––––––––––––––––––––––– 

Derek Gabriel, Product Marketing Manager 

Office: 858-391-1712 


–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

CohuHD Costar’s RISE 4290HD Series dual 

spectrum positioning system is the latest addition 

to CohuHD Costar’s RISE family of products and 

has been awarded the 2017 GSN Airport, Seaport, 

Border Security Award for Best Long Range/ 

High Res Camera by Government Security News. 

The RISE 4290HD Series combines crystal clear 

HD visible spectrum imaging along with standard 

resolution LWIR night vision imaging and delivers 

unmatched performance at an affordable price. 

The RISE 4290HD visible spectrum camera 

provides full 1080p imaging with 30x optical 

zoom, delivering full frame rate HD images over 

the entire zoom range for very cost-effective, longrange 

surveillance applications. 

True day/night technology using a removable 

IR cut filter produces exceptional low light sensitivity 

down to 0.00025fc. The visible camera pro- 

vides defog/dehaze image processing, enhancing 

video performance in foggy and hazy conditions 

encountered in outdoor surveillance and traffic 

monitoring applications. 

The RISE 4290HD night vision camera offers a 

choice of uncooled VOx 640x480 LWIR FPA detector 

with continuous zoom or fixed focal length 

hard carbon coated lenses. The RISE 4290HD 

thermal imaging delivers high-quality video, even 

in extreme conditions such as total darkness, 

smoke, atmospheric haze or dust, rain, light foliage, 

and most types of fog. 

“The addition of the 4290HD positioning 

system to our RISE portfolio addresses what we 

see as a significant gap in the market for a cost-effective, 

rugged, long-range, day/night video solution 

that provides simultaneous streaming of both 

visible and thermal camera images,” stated Doug 

Means, Senior VP & GM of CohuHD Costar. 

The RISE 4290HD is designed to operate in 

harsh weather with its purged and pressurized 

IP67 enclosure protection to eliminate the effects 

of water intrusion, pollutants and corrosives. The 

ultra-rugged design of all CohuHD RISE products 

allows the company to offer a lifetime warranty 

against water ingress. 


–––––––––––––––––––––––––––––––––––––––– 

dgabriel@cohuhd.com 


–––––––––––––––––––––––––––––––––––––––– 

CohuHD Costar 

7330 Trade Street 

San Diego, CA 92121 USA 

78 79

2017 



FLIR Systems 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Civilian and military responders face scenarios ranging 

from intentional chemical attacks and accidental 

hazardous material (HAZMAT) releases to natural 

disasters and environmental monitoring or remediation 

efforts. Responders step on-scene with a diverse 

toolkit – sometimes small and other times extensive. 

It is critical to stay familiar with the equipment in 

the kit, because no single chemical detection tool 

can provide answers for every scenario. 

While some detectors only indicate the presence 

of a chemical, others specifically identify what 

and how much of the threat is present, like a gas 

chromatograph mass spectrometer (GC/MS). GC/ 

MS is an incredibly sensitive and highly specific tool 

commonly used in laboratory environments. It can 

sense trace level chemicals other equipment can’t, 

while also providing the ability to positively identify 

the chemical. But chemical emergencies don’t just 

happen in laboratories – they can happen anywhere. 

Real-time chemical detection and identification 

in the field is critical to the CBRNE or HAZMAT 

response mission. Confirmatory chemical identification 

enables responders to mitigate a threat and 

protect people and the environment from harm. 

Knowing the exact identity of a chemical can provide 

evidence for law enforcement or intelligence 

that can lead to further discoveries, like finding the 

source of drugs not just the dealer. Or the bombmaker 

not just the terrorist deploying the bomb. 

Chemical identification missions require devices 

with enhanced operability and chemical detection 

performance. The FLIR Griffin G510 portable 

GC/MS chemical identifier meets these needs. It 

equips responders with the ability to analyze va- 

por, liquid, and solid samples with minimal sample 

preparation and delivers enhanced confidence using 

quadrupole mass analyzer technology and the NIST 

MS Database for chemical identification. 

Chemical response scenarios are complex, harsh 

environments. The G510 is completely self-contained 

in a 36-pound device, including batteries, 

carrier gas, vacuum system, injector, touchscreen, 

and heated sample probe. It is also the first IP65- 

rated (dust-tight and spray-resistant) portable GC/ 

MS, adding flexibility to decontamination procedures. 

There is no 40-pound external service 

module like other portable GC/MS systems and 

no 20-pound external pump under the bench like 

those seen in a laboratory. Batteries last up to four 

hours and are hot swappable. While the G510 easily 

adapts for operation in a variety of vehicle platforms, 

the G510 is truly designed from the ground 

up to operate in the hot zone. 

Hazmat technicians will find that it delivers 

lab-quality analysis. First on-scene operators will appreciate 

that they don’t need a Ph.D. to use it. Basic 

operator training is completed in only two 

hours, while expert training can be completed 

in a single day. The user interface truly sets it apart 

from other portable GC/MS systems. It’s stream- 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/ 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/detection 


–––––––––––––––––––––––––––––––––––––––– 

Haley Ellison, FLIR PR Manager 

Office: 503-919-0696 


–––––––––––––––––––––––––––––––––––––––– 

Haley.Ellison@FLIR.com 


–––––––––––––––––––––––––––––––––––––––– 

FLIR Systems, Inc. 

27700 SW Parkway Ave 

Wilsonville OR 97070 

lined design and guided controls help the user select 

the mode of operation. First responders must perform 

quickly and with limited dexterity when wearing 

required personal protective equipment (PPE). 

They are responsible for sample and data collection, 

and in some cases, real-time decision-making. The 

G510 alerts the operator with visual alarm confirmation 

both on the handheld probe, as well as the 

on-board, 9” touchscreen. The large touchscreen can 

be operated by a responder while wearing full PPE. 

For over 15 years, FLIR has been focused on 

taking GC/MS out of the lab and into the field. 

Our existing Griffin G400-series GC/MS product 

line provides a robust platform for vehicle-mounted 

chemical reconnaissance, sensitive site exploitation, 

80 81

on the Army Enterprise Architecture/LandWarNet 

(LWN). 

CyberArk is trusted by more than 3,450 customers, 

including more than 50 percent of the Fortune 100. In the 

past year, CyberArk strengthened its presence at global 

governments with more than 100 percent vertical growth, 

accounting for 15 percent of the total business in Q1 2017. 

As of Q3 2017, CyberArk had contracts across more than 

22 distinct departments or agencies in all three branches of 

the U.S. federal government. 







(CDM) program; NERC-CIP requirements related to 

privileged access control, remote access management and 

access revocation; and HSPD-12 requirements. 

82 83


2017 


FLIR Systems 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

grammable preset tour and alarm functions, and 

autonomous PT tracking. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/security 

Headquartered in Wilsonville, Oregon, FLIR 

Systems offers integrated security solutions, 

specializing in thermal imaging security cameras. 

Since its inception in 1978, FLIR has been 

the global leader in thermal imaging technologies 

and was a pioneer in establishing thermal 

solutions in the security industry several years 

ago. FLIR’s new PT-Series HD demonstrates 

why FLIR’s thermal technology is the industry 

standard for long-range detection and 24-hour 

perimeter monitoring, as well as why FLIR deserves 

to win this award. 

The FLIR PT-Series HD is an advanced dualsensor 

security system, combining a cooled or 

uncooled 640x480 resolution thermal sensor, a 

1080p high-definition visible-light imaging sensor, 

and a high speed, precision pan/tilt system 

for perimeter surveillance. The PT-Series HD 

employs the most advanced thermal technology 

available in the commercial market. The robust 

camera includes a cooled camera option with 

a 14x continuous optical zoom, an uncooled 

camera with a 4X continuous optical zoom, 

and five uncooled variants with fixed thermal 

lenses. Additionally, the PT-Series HD features 

a visible-light imaging sensor that comes with 

30X optical zoom with auto-focus and .01lx 

low-light capabilities. The dual sensor camera offers 

deeper and broader integration with FLIR’s 

United VMS and other leading third-party video 

management systems. This gives users a full set 

of viewing and control options, including the 

all-new, dual-sensor viewing mode, fully pro- 

The FLIR PT-Series HD’s simultaneous IP 

and analog video outputs – thermal and visiblelight 

– along with IP and serial control interfaces 

make for easy integration into IP or analog 

systems. When controlled using FLIR United 

VMS, the PT-Series HD offers enhanced capabilities, 

including picture-in-picture (PiP), automated 

PTZ tracking, and fixed camera-target 

hand off. The motorized pan/tilt unit provides 

smooth, programmable operation, with radar 

and alarm slew-to-cue. Lastly, the camera series’ 

weather-resistant housing includes deicing and 

de-fogging capabilities, plus a changeable thermal 

payload cassette that significantly reduces 

maintenance time. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/security/pt-series-hd 


–––––––––––––––––––––––––––––––––––––––– 


Office: (503) 919-0696 


–––––––––––––––––––––––––––––––––––––––– 

Haley.Ellison@FLIR.com 


–––––––––––––––––––––––––––––––––––––––– 




84 85

2017 



FLIR Systems 



–––––––––––––––––––––––––––––––––––––––– 

Best Nuclear/Radiation Detection Solution 


–––––––––––––––––––––––––––––––––––––––– 

Through 30 years of working closely with our customers, FLIR 

has learned that no single radiation security product can meet 

all the various applications for handheld systems. Different applications 

require different detector sizes and sensitivities. Some 

applications require smaller, more rugged devices while at other 

times, increased sensitivity outweighs the importance of deploying 

a compact, lightweight instrument. 

A radionuclide identification device (RID) is most often 

used as a secondary verification tool at the site of a radiological 

event, but can also be deployed on the frontline as needed. They 

are the best all-purpose survey tool for gamma and/or neutron 

radiation and generate the spectroscopic information needed to 

identify the specific nuclide. ANSI N42.34 defines the standard 

for RIDs. 

The new FLIR identiFINDER R440 is a lightweight, 

sourceless RID that delivers sensitive detection and fast results 

for routine survey or secondary screening response missions. 

The 2x2 inch NaI (sodium iodide) detector responds to radiological 

threats from farther away, behind heavier shielding, and 

with better resolution than similarly-sized RIDs. The extended 

energy range provides neutron indication. Its light weight makes 

single-handed operation easy on extended operations, while 

the IP67-rated enclosure is built to survive rigorous missions. 

The bold, easy-to-read interface with 360° EasyFinder mode 

expedites decision-making to keep personnel and the community 

safe. 

There’s a reason FLIR offers more than one instrument in 

each classification - one size does not fit all scenarios. Different 

types and sizes of detectors complement one another during a 

radiological event and provide a greater level of safety. Resolution 

is a key consideration for achieving the desired operational 

performance and is the main reason FLIR offers different detector 

materials in the identiFINDER R-series – to provide differing 

levels of performance that are right-sized for the mission. 

Physics determines that the sensitivity of a given instrument is 

fundamentally decided by the amount and efficiency of detecting 

material that is present. 

The R440 is the smallest, lightest RID with a 2x2 inch NaI 

detector. It delivers accurate identification and is fast to alarm. 

It is three and a half times more sensitive with up to ten percent 

better resolution than comparatively sized RIDs. The high dose 

rate range provides stability and accuracy even in high dose 

rate environments. The R440 is offered in two models. One 

is a gamma only device with extended range that also delivers 

neutron indication. The other model delivers both gamma and 

neutron detection and measurement. The R440 is a sourceless 

RID, offering stabilization for improved data collection and 

reduced false positives in field scenarios. 

Built to survive fast-paced, rigorous missions, the identi- 

FINDER R440 is the only RID in its class with an IP67-rated 

enclosure. This means it is protected from total dust ingress and 

water immersion (rain, splashing and accidental submersion) 

up to one meter in depth for up to 30 minutes. It is also the 

only RID in its class that is fully compliant with both the ANSI 

N42.42 and ANSI N42.34 standards and has been drop-tested 

up to one meter. The completely enclosed crystal provides enhanced 

ruggedization for field operations. 

The identiFINDER R440 is packed with state-of-the-art 

user features that deliver clear results and enhanced communications 

to keep responders and the community safe. The 

new 360° EasyFinder mode collects and interprets data and 

then pinpoints the exact location of the source so the operator 

can quickly secure the threat. It has built-in wireless capability 

and delivers the communications necessary for interagency 

standardization. The identiFINDER R-series of products share 

a field-proven, common user interface and easy-to-read data. 

With over 20,000 identiFINDER units deployed globally, the 

familiar interface design of the identiFINDER R440 allows for 

quick integration with existing operational protocols while also 

reducing training time and costs. 

The new level of sensitivity and resolution of the FLIR 

identiFINDER R440 provides the ability to perform quick 

situational assessment during radiological emergencies. Its compact 

size enables responders to use it with one hand, making 

the R440 a practical product for their mission. The new FLIR 

identiFINDER® R440 lets responders scan for radiological 

threats faster and from farther away to help keep them and their 

communities safe. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/detection 


–––––––––––––––––––––––––––––––––––––––– 

www.flir.com/R440 


–––––––––––––––––––––––––––––––––––––––– 


Office: 53-919-0696 


–––––––––––––––––––––––––––––––––––––––– 

Haley.Ellison@flir.com 


–––––––––––––––––––––––––––––––––––––––– 



Wilsonville, OR 97070 

86 87


2017 


FLIR Systems 



–––––––––––––––––––––––––––––––––––––––– 

Best Perimeter Protection, Intrusion Detection System 


–––––––––––––––––––––––––––––––––––––––– 

Through 30 years of working closely with our customers, 

FLIR has learned that no single radiation 

security product can meet all the various applications 

for handheld systems. Different applications 

require different detector sizes and sensitivities. 

Some applications require smaller, more rugged 

devices while at other times, increased sensitivity 

outweighs the importance of deploying a compact, 

lightweight instrument. 

Based in Wilsonville, Oregon, FLIR Systems 

offers an array of integrated security solutions that 

provide multiple layers of advanced perimeter protection. 

FLIR’s state-of-the-art technology truly 

delivers unmatched intrusion detection, target 

tracking and perimeter defense. An overview of 

FLIR’s solution, Cameleon Tactical, demonstrates 

why FLIR’s technology stands out from other 

manufacturers and why FLIR deserves this award. 

FLIR Systems’ Cameleon Tactical is a windows-based 

command and control software 

platform that brings together several security 

solutions from FLIR and third-party providers to 

create a unified perimeter surveillance and intrusion 

detection solution for mission critical sites 

and large enterprises. Cameleon Tactical seamlessly 

integrates radar, drones, dual-sensor thermal 

and visible cameras, HD PTZ tracking cameras, 

fixed thermal fence line cameras with edge analytics, 

monitors, switchers, DVRs and third-party 

devices. 

The strength of Cameleon Tactical lies in its 

ability to control virtually any number and combination 

of devices and systems from different 

manufacturers with point and click simplicity. 

Another defining characteristic of Cameleon Tactical 

is its ability to provide a map-based presentation 

of known (GPS, AIS) or unknown (radar, 

video analytics) targets, enabling security operators 

to upload multiple maps and hotlink them 

together to provide a complete picture of their 

site for superior surveillance, target tracking and 

detection beyond the perimeter fence line. 

Cameleon Tactical’s highly customizable and 

user-friendly client interface provides operators 

with access to external monitors and monitor 

walls through simple drag-and drop actions, while 

the powerful server environment provides many 

control features including device prioritization, 

system security and granular permissions control. 

Alarm management, archived video storage and 

retrieval and advanced automation are configurable 

using a robust scripting language. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/security 


–––––––––––––––––––––––––––––––––––––––– 

http://www.flir.com/security/display/?id=83606 


–––––––––––––––––––––––––––––––––––––––– 


Office: 503-919-0696 


–––––––––––––––––––––––––––––––––––––––– 

Haley.Ellison@flir.com 


–––––––––––––––––––––––––––––––––––––––– 




88 89

2017 



LRAD Corporation 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 

Best Interoperable First Responder Communications 


–––––––––––––––––––––––––––––––––––––––– 

FEATURES 

• Complete mass notification kit (emitter head, 

power amplifier, control module, push-to-talk mic) 

• Lightweight & compact form factor 

• Low power consumption for hours of continuous 

audio broadcasts 

• Unparalleled vocal clarity and intelligibility 

• Operator volume & range control 

DIRECTIONALITY, POWER EFFICIENCY & 

RANGE 

• 360° uniform sound coverage 

• Highly intelligible voice communications over 2.0 

sq. km. area 

• Broadcasts heard and understood over background 

noise 


–––––––––––––––––––––––––––––––––––––––– 

www.LRAD.com 


–––––––––––––––––––––––––––––––––––––––– 

https://www.lradx.com/lrad_products/lrad-360xl-mid-mobilekit/ 


–––––––––––––––––––––––––––––––––––––––– 

Robert Putnam, Sr. Marketing Manager 


office: 858-676-0520 


–––––––––––––––––––––––––––––––––––––––– 

rputnam@lradx.com 


–––––––––––––––––––––––––––––––––––––––– 


16990 Goldentop Road, Ste. A 

San Diego, CA 92127 

The LRAD 360XL-MID Mobile Kit provides 

first responders a rapidly deployable, totally selfcontained 

mass notification system for on-scene 

communication, crowd control and incident management. 

Delivering uniform 360° mass notification coverage 

over 2 sq. km., the LRAD 360XL-MID Mobile 

Kit broadcasts audible messages with LRAD’s 

industry-leading vocal intelligibility. The rugged 

Mobile Kit is lightweight, compact and provides 

hours of continuous first responder communication. 

Comprised of an LRAD 360XL-MID emitter, 

ruggedized carrying case power amplifier, hardened 

control module, all weather push-to-talk mic, tripod 

and other accessories, the LRAD 360XL-MID 

Mobile Kit provides a completely self-contained 

solution for applications requiring advanced mobile 

mass notification. 

Featuring the mass notification industry’s highest 

Speech Transmission Index (STI) measurement, the 

LRAD 360XL-MID Mobile Kit broadcasts voice 

messages with exceptional vocal clarity in uniform 

360° coverage over 2 sq. km. The rugged Mobile 

Kit is lightweight, compact and provides hours of 

continuous mass notification broadcasts. Rapidly 

deployable, the LRAD 360XL-MID Mobile Kit is 

ideal for defense, homeland security, public safety 

and law enforcement mass notification applications. 

90 91

2017 



Logos Technologies 



–––––––––––––––––––––––––––––––––––––––– 

Best City-Wide Video Surveillance 


–––––––––––––––––––––––––––––––––––––––– 

Mounted on a helicopter or plane and flown in 

shifts, Logos Technologies’ Redkite WAMI sensor 

can cover a city-sized area for hours and days at 

a time. In the air, Redkite can acquire and maintain 

the location of hundreds of individuals and 

vehicles, automatically indexing the data through 

tracking algorithms, watchboxes, and tripwires. 

The imagery collected by Redkite can then 

be analyzed for insights into criminal patterns 

of behavior, giving agencies valuable context to 

criminal and policing activities, including insight 

into the environmental factors that encourage, 

facilitate, reinforce, and sustain crime. 

Law enforcement will be able to identify likely 

hot spots, gathering places of gangs, and locations 

of drug or money drop-offs. With this analysis 

in hand, officers can develop tailored strategies 

to reduce crime in specific areas, saving time and 

resources. 

“We are honored to be recognized by a leading 

homeland security publication for our work on 

Redkite,” said John Marion, president of Logos 

Technologies. “At Logos, we are constantly pushing 

at the edge of what’s possible for WAMI sensors 

in terms of size and capabilities.” 

Redkite weighs less than 30 lbs. Yet, like heavier 

airborne WAMI sensors, Redkite can image in 

real time a city-sized area (over 12 square kilometers) 

at once—detecting and recording all significant 

movers within the scene. 

While it is in the air, the lightweight wide-area 

sensor also records, stores and archives up to eight 

hours of this data for forensic analysis. Users on 

the ground can access this imagery, selecting up 

to 10 different real-time and recorded video feeds, 

or “chip-outs,” and view them on their mobile 

devices. 

This allows security personnel to track suspects 

over a wide area, and even back in time, uncovering 

safe houses, confederates and other subjects of 

interest otherwise missed by narrow-field cameras. 

“Besides its military use for the tactical commander, 

Redkite is ideal for major event security, 

port security and border security,” Marion said. 

“It can also support emergency crews during 

disaster relief missions by surveilling damaged 

properties, roads and bridges, and the movement 

of displaced people.” 

Logos offers two versions of Redkite: 

A platform-agnostic pod that can be mounted 

externally to a wide variety of planes, helicopters, 

and unmanned aerial systems (UAS), and an integrated 

system for the payload bay of those Group 

3 UAS without hard points on their wings. Such 

as the Insitu Integrator, being small and lightweight, 

yet also powerful and versatile. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.logostech.net 


–––––––––––––––––––––––––––––––––––––––– 

Redkite:: 

https://www.logostech.net/products-services/redkite-wide-area-motion-imagery/ 

ISR Sensors and Services: 

https://www.logostech.net/markets/defense-isrsensors-and-services/ 


–––––––––––––––––––––––––––––––––––––––– 

Susan Kerin, Director of Communications 

Office: (703) 237-6550 


–––––––––––––––––––––––––––––––––––––––– 

skerin@logos-technologies.com 


–––––––––––––––––––––––––––––––––––––––– 

Logos Technologies LLC 

2701 Prosperity Avenue, Suite 400 

Fairfax, Virginia 2203 

92 93

2017 



PureTech Systems 



–––––––––––––––––––––––––––––––––––––––– 

http://www.PureTechSystems.com 


–––––––––––––––––––––––––––––––––––––––– 

PureActiv Brochure 

http://www.puretechsystems.com/pureactiv.html 

Video Analytics 

http://www.puretechsystems.com/video-analytics.htm 

Critical Facilities White Paper 

http://www.puretechsystems.com/docs/White- 

Paper-Critical-Infrastructure-PureTech.pdf 


–––––––––––––––––––––––––––––––––––––––– 




–––––––––––––––––––––––––––––––––––––––– 

We would like to nominate the PureTech Systems’ 

geospatial (map-based) video management 

command and control, combined with the PureActiv® 

long range patented video analytics for 

the GSN “Best Perimeter Protection” award. The 

solution provides security professionals with accurate, 

real-time alarms and video of suspicious 

activity in outdoor and remote environments 

while minimizing nuisance alarms. The PureActiv 

video analytics feature set far exceeds any other 

solution on the market. Additionally, it leads the 

industry benchmarks in probability of detection 

(PD) and false alarm rate (FAR), as supported 

through feedback from customers’ competitive 

testing. 

Key perimeter protection features that set this 

product apart from all others in the field and 

make it deserving of this award, include: 

Software-based Video stabilization 

Effects of camera shake on the video due to winds 

or structural vibration is virtually eliminated with 

the PureActiv software stabilization feature. 

Patented Multi-modal background modeling 

Video scenes are dynamic due to changing lighting 

and weather conditions. Likewise, cameras 

mounted on a moving platform (land vehicles, 

watercraft and airborne vehicles) have scenes 

that change continuously. PureActiv’s patented 

multi-modal adaptive background scheme adapts 

to both transient and longer-term background 

changes to discern changes in the background 

image rather than moving targets in the foreground. 

Shadow/highlight filtering 

Once objects are detected, an analysis is made 

to isolate and eliminate shadows cast by moving 

objects. This enables PureActiv to establish a more 

accurate representation of the object size, shape, 

location and target track. 

Object Classification 

PureActiv video analytics include object classification, 

whereby the software assigns objects to classes 

of interest such as person, car, truck, or other. Once 

assigned to classes, this information is available for 

detection rules, as well as, display enhancements 

through assigned “class icons.” 

Geo-Intelligence 

Unique to PureActiv is the ability to analyze the 

video and understand a target’s location in real 

space (altitude, longitude and elevation). This 

understanding provides other geo-intelligence 

(GEOINT) including real target size, real location, 

video track, map-based track, real speed, etc. These 

parameters cannot be determined in image space 

alone. They aid tracking and threat assessment by 

helping to establish target identity and kinematics. 

Situational Awareness with PTZ Auto Follow (Narrated Video) 

http://www.puretechsystems.com/videos/ptzfollow-narrated.html 


–––––––––––––––––––––––––––––––––––––––– 

Eric Olson, Vice President Marketing 

Office: (602) 424-9842 


–––––––––––––––––––––––––––––––––––––––– 

Eric.Olson@PureTechSystems.com 


–––––––––––––––––––––––––––––––––––––––– 

PureTech Systems 

2038 W Lone Cactus Dr 

Phoenix, AZ 85027 

PTZ Camera Control Analytics 

Video Analytics is no longer constrained to fixed 

cameras. The PureActiv software includes several 

analytics that control movement of PTZ cameras. 

These include: 

Camera Auto Follow – The algorithm enables 

PTZ cameras to track a target autonomously, 

controlling pan, tilt and zoom to keep the target 

94 

95

within the field of view, without the assistance of 

any other sensor or operator control. 

Slew-to-Cue – This is the ability to accept a cue 

from another security sensor (e.g fixed camera 

with video analytics, intelligent fence, RADAR, 

LIDAR, or GPS) that includes position data (e.g. 

latitude/longitude, range/distance, etc). PureActiv 

video analytics translates the positional data 

into a pan, tilt and zoom command to steer one, 

or multiple, cameras to the target location for 

visual verification, followed by manual or automatic 

tracking. 

Scan-to-Target – For very long-range applications, 

or for applications where the target may be 

moving fast, a slew-to-cue command may result 

in a camera view that does not include the target. 

In this case, PureActiv includes a scan-to-target 

video analytic feature, where it commands the 

camera to execute a search pattern to locate the 

target. 

Detection Sensor Integration – Although video 

analytics alone is a very accurate and robust 

security solution, the PureTech Systems’ solution 

understands that more is better, integrating 

a vast amount of security sensors into its platform 

to increase detection, aid in classification, 

optimize sensor control and provide increased 

situation awareness. Sensors which has been integrated 

into the platform for increased perimeter 

protection include: Access control, GPS, 

AIS, LIDAR, radar, UGS, laser range finders, 

intelligent fence, proximity sensors, gunshot 

detection, loud hailers, covert laser, illuminator/dazzlers, 

drones/UAVs. 

With its robust surveillance feature set and high 

performance standards, we believe PureActiv® 

Geospatial Video Analytics is deserving of the 

GSN’s 2017 Cyber Security and Homeland 

Security Award for OTHER PRODUCTS - 

Best Perimeter Protection, Intrusion Detection 

System. 

96 97


2017 


Rapiscan Systems 



–––––––––––––––––––––––––––––––––––––––– 

Best Explosives Detection Product or Solution 


–––––––––––––––––––––––––––––––––––––––– 

Every day security experts around the world 

identify new threats to public safety, making 

it increasingly challenging for government 

agencies, like U.S. TSA, to secure borders 

and checkpoints. 

For many years our airports have been 

protected by the use of x-ray machines, in 

the case of checked baggage by a technology 

called Computed Tomography (CT). However, 

this now aging technology limits the 

amount of views that can be captured and 

used for both automated and manual detection 

of explosives. Naturally, this increases 

the risk for an overall security infrastructure. 

Security agencies are starting to leverage the 

best available technology, enabling them to 

not only capture better images, but to identify 

a wider range of explosives and potentially 

dangerous materials more quickly. 

In accordance with U.S. TSA, European 

Union and ECAC regulations, and incorporating 

the most innovative explosive detection 

technology on the market today, 

Rapiscan® Systems developed, patented and 

manufactures high speed baggage and parcel 

X-ray scanners which use Real Time Tomography 

(RTT). With a unique combination 

of speed, automation and superior scanning 

technology, this system is unparalleled as 

a defense against explosives and dangerous 

goods. 

Unlike other EDS solutions, RTT110 

has a unique stationary gantry, which supports 

higher-quality 2D and 3D imaging. As 

a result of this advanced technology, 98% of 

level 1 decisions are made before the baggage 

or parcel exits the system during the screening 

process. 

RTT110 is also making the parcel industry 

safer. With the exponential growth 

of on-line shopping, millions are parcels are 

shipped each year. In addition to explosives 

detection the system is able to screen for 

dangerous goods, which if allowed on to the 

plane would pose a serious safety hazard. 

The RTT110 has the capability to face 

current threats, and a modular design that 

enables flexibility to meet security needs of 

the future. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.rapiscansystems.com 


–––––––––––––––––––––––––––––––––––––––– 

https://www.rapiscansystems.com/en/products/ 

hbs/rapiscan_rtt 

https://www.youtube.com/watch?v=rurJtSe_y0w 


–––––––––––––––––––––––––––––––––––––––– 

Hooman Shakouri, Senior Director of Global Marketing 

Office: 310.355.2812 


–––––––––––––––––––––––––––––––––––––––– 

HShakouri@rapiscansystems.com 


–––––––––––––––––––––––––––––––––––––––– 


2805 Columbia St. 

Torrance, CA 90503 

98 

99

2017 






–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

The arsenal of explosives used by terrorists has 

expanded far beyond substances that are easily 

detected by traditional, single-mode Ion Mobility 

Spectrometry (ITMS) technology. It’s critical 

that defense agencies implement measures 

that will combat these evolving threats – and 

Rapsican Systems Itemiser® 4DX is making a 

significant impact. 

The portable, desktop solution is a superior 

defense against these threats, wherever they 

arise, because of its unique composition which 

includes a non-radioactive ionization source and 

simultaneous dual-mode detection technology. 

These features enable unparalleled identification 

of a broad range of current market threat 

explosives and narcotics. The advanced patented 

technology used to identify these trace substances 

delivers outstanding detection accuracy 

and rapid results in as little as eight seconds. 

To promote enhanced usability, the system 

comes equipped with Remote Connect, enabling 

users to securely command and monitor 

several Itemiser® 4DX systems from a centralized 

network location. This software application 

also provides real-time analysis of system 

health and seamless storing and retrieval of 

data. 

Itemiser® 4DX fills a massive need in the 

homeland security industry, as evidenced by 

exceeding more than 2,500 units sold since 

the introduction of the system in 2015. In 

2017, in response to the Personal Electronics 

Devices (PED) screening mandate, 80% of the 

available market chose the system to bolster 

their security infrastructure. Not only does the 

Itemiser® 4DX improve security with unparalleled 

detection capabilities, it also saves agencies 

like U.S. TSA significant time and resources 

by eliminating expensive certification, 

licensing, inspection, testing and transportation 

requirements. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.rapiscansystems.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Product information: 

https://www.rapiscansystems.com/en/products/ 

trace_detection/itemiser_4dx 


–––––––––––––––––––––––––––––––––––––––– 

Hooman Shakouri, Senior Director of Global Marketing 

office: 310.355.2812 


–––––––––––––––––––––––––––––––––––––––– 

HShakouri@rapiscansystems.com 


–––––––––––––––––––––––––––––––––––––––– 


2805 Columbia St. 

Torrance, CA 90503 

100 

101

2017 



Sargent and Greenleaf 



–––––––––––––––––––––––––––––––––––––––– 

Best Access Control Hardware 


–––––––––––––––––––––––––––––––––––––––– 

The 2890B Alarm Integration Kit gives users 

the ability to monitor the complete status of the 

2890B Lock by integrating with existing security 

monitoring system. This kit includes sensors that 

monitor the movement of the six different functions 

of the 2890B, and includes combination 

dial rotation, combination lock position, main 

bolt position, access control bolt position, request 

to exit and cover tamper. The 2890B Alarm 

Integration Kit is fully customizable, giving users 

the ability to monitor any combination of lock 

positions, making it easier for companies to keep 

their employees and visitors safe. Installation is 

simple, this may occur during the initial installation 

or may be fitted into a previously installed 

2890B Locks. 

The 2890B Lock, the first in the industry to 

comply with Federal Specification FF-L-2890B, 

provides both secure entry and life safety in 

one integrated solution. Equipped with a highperformance 

Von Duprin panic bar or integrated 

lever, it incorporates the latest design advances 

to produce a single motion egress door lock for 

the highest level of security. Without leaving the 

secured space, occupants can quickly lock the 

GSA-approved combination dial from inside to 

prevent unwanted entry. This lock meets both 

the precise needs of NFPA 101 life safety and 

high-security requirements for government application. 

Protected by a robust, five-year warranty, 

the 2890B features through-mounting with 

heavy-duty, adjustable standoffs for a strong, 

solid mount that cannot cause doors to collapse, 

and is fully configurable for left-hand and righthand 

metal, wood or composite doors. 

Flexible Design: Ships with one of the electromechanical 

combination locks that meet Federal 

Specification FF-L-2740B— S&G 2740B or 

X-10. 

Sturdy Instalation: Heavy-duty, adjustable 

mounting system provides a strong, solid install 

to prevent door collapse. 

Non-Handed: Designed to meet every need: 

right-hand, left-hand, in-swing and out-swing 

doors made of metal or wood. 

Smooth Operation: Heavy-duty, surface 

mounted strike with integral roller for secure, 

smooth operation. 

Pinch Proof Strikes: Multiple strike options 

available for in-swing, out-swing and double 

door applications. 

Lasting Durability: Levers tested to 1M cycles 

and panic bar to 500K cycles for reliability and 

longevity. 

Modular Design: All six configurations are 

based on the same modular platform, providing 

a faster, standardized installation in facilities 

with multiple openings. 

Highest Fire Rating: 3-hour UL fire rating that 

is highest on the market in this segment. 

Certifications: NFPA 101 Life Safety, UL 305, 

BHMA, UL Fire 10B and 10C. 

Warranty: The S&G 2890B Lock is backed by a 

5-year product warranty 

Active Shooter Protections: The only lock that 

allows you to shelter in place during an active 

shooter situation and meets Federal Specification 

FF-L-2890B*. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.sargentandgreenleaf.com 


–––––––––––––––––––––––––––––––––––––––– 

http://www.sargentandgreenleaf.com/products/ 

pedestrian-door-locking-system/2890b-500-series/ 

http://www.sargentandgreenleaf.com/ 

files/3214/8211/9010/SG2890-500series-Sell- 

Sheet.pdf 


–––––––––––––––––––––––––––––––––––––––– 

Bailey Sliger, Marketing Specialist 

Office: (317) 572-9945 


–––––––––––––––––––––––––––––––––––––––– 

bailey.sliger@sbdinc.com 


–––––––––––––––––––––––––––––––––––––––– 

Sargent and Greenleaf 

8350 Sunlight Drive 

Fishers, IN 46037 t 

102 103

2017 



Shooter Detection Systems LLC 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 

Best Active Shooter Gunshot Detection Solution 


–––––––––––––––––––––––––––––––––––––––– 

The sound of a gunshot can easily be mistaken for 

construction noise or a car backfiring and this uncertainty 

can trigger unnecessary fear and panic or 

worse, inaction. Shooter Detection Systems’ Guardian 

Indoor Active Shooter Detection System listens 

and looks for gunfire and then reports that a shot 

has occurred within one second. The system has 

zero false alerts and displays the shooter’s location 

on an easy to read floor plan that shows security 

and key personnel where the gunshot occurred. 

This allows officials to immediately and appropriately 

respond to 

a life-threatening 

event and save 

lives with accurate, 

real-time 

information. 

As recent FBI 

reports have 

104 

stated, Active Shooter incidents have been on the 

rise in the U. S. for the past several years. Effective 

response depends on the timely detection and 

reliable identification of an active shooter and the 

immediate communication of the incident details 

to at-risk personnel as well to emergency responders. 

A multi-mode (acoustic and IR based) gunshot 

detection sensor networked within a facility 

provides immediate and accurate detection of an 

Active Shooter within one second. The system also 

automates camera call up and initiates access control, 

therefore allowing security personnel to begin 

lockdown or evacuation procedures, and first responders 

to immediately address the threat. 

Shooter Detection Systems is comprised of a 

targeted team of business, tactical and multi-disciplinary 

systems engineering experts who collectively 

have over 40 years of experience with acoustic gunshot 

detection systems that were developed for military 

applications. While working at a major defense 

contractor, the SDS team was responsible for the 

successful production and delivery of over 10,000 

gunshot detection systems to Iraq and Afghanistan. 

As a result of sniper attacks on the U.S. power grid, 

these same systems have been deployed to protect 

critical infrastructure and prevent the effects of a 

crippling power loss by sniper attack. 

Understanding the immediate need for technology 

to address the Active Shooter threat, the team 

began investigating how their experience designing 

acoustic detection technology could be applied 

indoors, offering a solution to this difficult and 

emerging problem. With a nation in fear of the 

Active Shooter, false alerts would not be tolerated. 

The difficulties in applying acoustic technology in 

an indoor environment were examined, thoroughly 


–––––––––––––––––––––––––––––––––––––––– 

http://www.shooterdetectionsystems.com/ 

Link to full award submission report: 

–––––––––––––––––––––––––––––––––––––––– 

http://www.shooterdetectionsystems.com/wp-con- 

tent/uploads/2017/02/2016-GSN-Homeland-Security- 

Award-Best-Active-Shooter-Detection-System.pdf 


––––––––––––––––––––––––––––––––––– 

Kendra Noonan, Director of Communications 


Office: 1-844-SHOT911 


–––––––––––––––––––––––––––––––––––––––– 

knoonan@shooterdetectionsystems.com 


–––––––––––––––––––––––––––––––––––––––– 


300 Newburyport Turnpike 

Rowley, MA 01969 

tested, and found to have an unacceptable false 

alert rate. Though even the vehicle gunshot detection 

version uses an acoustic modality to detect 

shooters, it was found that in an indoor environment, 

an acoustics-only approach was insufficient. 

The result is the Guardian Indoor Active Shooter 

Detection System. 

The Guardian system is comprised of dual modality 

sensors strategically positioned within facilities 

that transmit gunshot alerts within one second. 

Guardian incorporates the world’s finest acoustic 

gunshot detection software and combines it with 

infrared sensor gunfire flash detection to produce 

the most accurate indoor gunshot detection system 

available. The sensor’s unique dual validation 


105

equirement provides the highest rate of detection 

while bringing the number of false alerts to zero. 

SDS is regularly chosen to participate in DHS 

Active Shooter and Terrorism scenario training 

drills involving multiple cooperating government 

agencies, a sampling is below: 

In August 2014, SDS was selected to participate 

in a DHS sponsored School Safety Mock Active 

Shooter Drill at a large school in Wayne, New Jersey. 

Over 100 role player participants were included in 

this exercise, including mock active shooters, shooting 

victims, and first responders. The active shooters 

in this scenario used high power rifles and handguns, 

and the Guardian sensors deployed throughout the 

facility provided 100% detection on all gunshots 

with zero false alerts. First responders were alerted 

via Situational Awareness Map and SMS messages, 

allowing immediate response and rapid takedown of 

the mock active shooter. In August 2015, SDS was 

chosen to participate in a DHS sponsored Mock 

Active Shooter/Terrorist Drill at a multilevel synagogue 

in West Orange, New Jersey. The mock active 

shooter in this scenario used a high-power rifle and 

20 Guardian sensors deployed throughout the synagogue. 

The system provided 100% detection on all 

gunshots with zero false alerts. 

In November 2015, SDS was chosen by DHS 

to participate in an Active Shooter scenario in a 

New York City subway setting. Coincidentally, 

this event followed a series of coordinated terrorist 

attacks in Paris, drawing high level visitors to this 

subway event. DHS Secretary Jeh Johnson, New 

York City Mayor Bill de Blasio, NYPD Commissioner 

William Bratton, FDNY Commissioner 

Daniel Nigro, and NYPD Police Chief James 

Waters could witness firsthand how the Guardian 

sensors deployed along the subway platform and 

in the subway car alerted at 100% detection with 

zero false alerts. The Guardian System’s Situational 

Awareness Map was broadcast inside NYPD Mobile 

Command Center and shot information was 

repeated to first responders, allowing swift takedown 

of the active shooter. 

In June 2016, SDS was chosen again by DHS 

to participate in an Active Shooter/Terrorist drill, 

this time in a professional sports stadium environment. 

The exercise took place at Fenway Park in 

Boston, MA, with over 500 role players participating 

in a simulated attack on a crowd at the 

entrance to the stadium. In cooperation with the 

Boston Police Department, SDS deployed sensors 

along the Gate D entrance and integrated with 

the building’s existing video surveillance system. In 

multiple scenarios, the Guardian system alerted on 

100% of the shots fired along the concourse. The 

system sent alerts to participating First Responders, 

Fenway Security Personnel, and provided instant 

camera views to the active shooter to the Fenway 

Security Operations Office. 

As of December 2016, SDS is installed nationwide 

with over 14 million hours of operation in 

real-world environments with zero false alerts. 

These installations include airports, Fortune 500 

corporations, court systems, utilities, healthcare 

facilities and high-rise office buildings, with upcoming 

installations in many more government and 

private buildings. Active Shooter Protocols are now 

a standard practice among all these industries. The 

Guardian Indoor Active Shooter Detection System 

is the missing link to activate these protocols with 

confidence, decreasing response time and saving 

lives in the event of an active shooter. 

With the FBI recently reporting that 2014-2015 

showed the most active shooter incidents ever in a 

two-year period, there is no better time or reason 

for SDS to win the GSN 2016 Homeland Security 

Award for Best Active Shooter Gunshot Detection 

System. 

For more information, please contact us at sales@ 

shooterdetectionsystems.com or call 1-844-SHOT911. 

106 107

2017 



TCP-Security Solutions 



–––––––––––––––––––––––––––––––––––––––– 

Best Crash Barriers (Fences, Gates, Barriers, Bollards) 


–––––––––––––––––––––––––––––––––––––––– 

From airports to supermarkets and Olympic events to holiday 

celebrations, there are perimeters and valuable national assets 

that are vulnerable to attack by terrorists and criminals whose 

main objective is to benefit from injury and chaos. 

Providing effective and economic solutions for both 

temporary and permanent applications has prompted TCP- 

Security Solutions [TCP-SS] to develop new and innovative 

solutions for HVM provision. By working with leading US 

and international manufacturers, we are able to offer comprehensive 

and fully integrated solutions, giving specifiers 

and end users the option of flexible, scalable systems which 

in most cases, can be easily upgraded should the assessed risk 

level escalate. 

These solutions – tested to the highest industry standards, 

lead the market in product innovation and provide some of 

the most dynamic and functional systems available. 

Our expertise ranges from the manufacture, supply and 

installation of US designed perimeter protection systems, to 

the supply, delivery and installation of US Dept. Of Transportation 

approved barrier systems. Across this very varied 

platform TCP-SS provides cutting edge solutions to meet our 

customer’s needs 

SecureGuard Anti-Vehicle Barriers 

Designed to protect the highest value targets.The extensive 

client list utilizing TCP products will attest to the security, 

quality & service that comes with installation. Prevent perimeter 

penetration by foot or vehicle with this state-of-the-art 

barrier system. 

SecureGuard Pedestrian Portal 

Offering both a portable & a permanent solution, the 

SecureGuard Portal allows access to your event or facility 

without compromising continuous perimeter security. The 

only crash test certified pedestrian portal available today. Every 

SecureGuard Portal is constructed in a modular form which 

allows single or multiple installations. 

SecureGuard Portal can be customized with a turnstile, 

gate, or continuous anti-personnel fencing to ensure a secure 

pedestrian entrance. Each Portal is galvanized to EN 

ISO1461:2001 stnadards 

Rapidly Deployable Fencing System (RDS) 

Ideal for crowd control during events, concerts or whenever 

protection of critical infrastructure is required. The RDS 

system offers a temporary rapidly deployable surface mount 

fencing soluton preventing vehicular or pedestrian penetration 

of your perimeter. Tested to PAS 68 at 3 different risk levels, 

this system can be upgraded to meet your threat assesment. 

• Rapidly Deployable 

• Surface Mounted-no sub surface foundations 

• Vertical height up to 8ft 

• Available with Hi Sec fence panels 

• Suitable for moderately unduling ground 

• RDS PAS68 systems have a range of performance 

to suit different risk levels 

• Ideal for urban sites and non linear alignments 

Bollards 

Tubular Steel Bollards offer a cost effective solution against 

vehicle attack, while allowing a free flow of pedestrian movement. 

The bollards have been successfully tested to withstand 

direct impact forces of 1185kj, and 1852kj, they are DOS K8, 

and K12 rated. 

108 109 


–––––––––––––––––––––––––––––––––––––––– 

http://www.tcp-ss.com 


–––––––––––––––––––––––––––––––––––––––– 

http://www.tcp-ss.com/products.html 


–––––––––––––––––––––––––––––––––––––––– 

Casey Wasielewski, Managing Director 

Office: (813) 446-4115 


–––––––––––––––––––––––––––––––––––––––– 

cwas@trafficcontrolproducts.org 


–––––––––––––––––––––––––––––––––––––––– 

TCP Security Solutions . 

5514 Carmack Rd 

Tampa, FL 33610 

Our new surface mounted bollard system can provide the 

same protection as permanent bollards. 

Bi-Steel Barges & Wall 

TSP Bi-Steel Barges This product is a proprietary, crash 

tested, combination concrete incased in fused steel . These 

products, are crash tested to the highest PAS68 Standards, 

and are available through TCP-SS . 

Concrete Barrier Wall 

TCP-SS has the largest inventory of FDOT approved, 

crash tested TL-3 concrete barrier wall in the State of Florida. 

Both new and used, we keep the wall strategically placed 

around the state of Florida to provide our customers with 

quick access when they need the wall.


2017 


Teknoscan Systems Inc. 



–––––––––––––––––––––––––––––––––––––––– 



–––––––––––––––––––––––––––––––––––––––– 

Teknoscan develops trace chemical detectors for the 

security market. One of the new development is their 

new opioid detector, which allows detection of Fentanyl 

and its analogues plus other opioid in the market. 

Sample acquisition is done to minimize exposure 

of first responders and their canine. It provides identification 

of the Fentanyl analogue in the presence of 

cutting agents, heroin and other diluents. 

The ongoing growth of Fentanyl importation and 

distribution puts community members at risk, as 

well as Service members who may be exposed in their 

work place. Many Services are wrestling with policies 

and procedures to mitigate the risk of officer exposure 

when hazardous materials like Fentanyl are identified. 

The inability of front line officers to effectively scan a 

substance often means that labour intensive processes 

must be put into place to manage the scene and mitigate 

the risk, drawing down on valuable resources. 

Teknoscan Systems has expanded the capability 

of its existing scanning system to include Fentanyl, 

and designed an easy, reliable and accurate scanning 

capability for front line police officers. 

Teknoscan system and Fentanyl screening 

The Teknoscan system provides a fast and easily 

managed scanning and analysis of minute traces of 

chemicals and provides an instant readout of their 

content, meaning that the Teknoscan can identify 

the incredibly small traces of Fentanyl that can be 

hazardous or fatal to front line officers. This includes 

the capacity to scan packages prior to opening, 

or to scan rooms prior to entry. The scanning 

system is so sensitive that it can be deployed to 

scan for Fentanyl instead of the use of a canine 

unit (which can be injured when exposed to trace 

elements of Fentanyl). 

Since Fentanyl is a manufactured chemical, it’s 

elements (or analogues) are constantly evolving, 

and to date over a dozen different forms of Fentanyl 

have been identified. The Teknoscan system 

evaluates each sample to determine the specific 

Fentanyl analogue to provide greater response information 

and intelligence to the Service. 

Fentanyl detection capabilities of the Teknoscan 

system can be expanded to include detection of 

explosives (including precursors and homemade 

explosives) as well as other drugs. 

We believe that this Canadian designed product 

represents the leading edge of scanning and evaluation 

and we believe that the Teknoscan system can 

support police officer safety current national Fentanyl 

crisis. 


–––––––––––––––––––––––––––––––––––––––– 

http://www.teknoscan.com 


–––––––––––––––––––––––––––––––––––––––– 

Teknoscan Systems Inc. 

East 50A Caldari Road 

Vaughan, Ontario L4K4N8 

110 111

2017 


Bellevue University 

2017 Winner 

Vendors of IT Security Products and Solutions 


–––––––––––––––––––––––––––––––––––––––– 

http://www.bellevue.edu/ 


–––––––––––––––––––––––––––––––––––––––– 

http://www.bellevue.edu/about/accreditation-awards/ 

major-awards-rankings 


–––––––––––––––––––––––––––––––––––––––– 

Greg Allen, Program Director of Security Management 

Programs 

office: 402-557-7581 


–––––––––––––––––––––––––––––––––––––––– 

Best College/University in Homeland Security 


–––––––––––––––––––––––––––––––––––––––– 

greg.allen@bellevue.edu 


–––––––––––––––––––––––––––––––––––––––– 

Over the years, this award has gone to the Security 

Management program has continued to set 

the pace. The Bellevue University Security Management 

degree prepares individuals for security 

and managerial positions in both the private and 

public sectors. Concepts from business, criminal 

justice, security, and emergency management are 

integrated to help ensure students are well prepared 

to plan and manage processes that protect 

against risk. 

When pursuing Bellevue University’s Security 

Management degree online or residential, student 

focus on five general areas of expertise that 

are considered to be critical to management and 

the security field. These areas are principles of 

homeland security; personnel management; organizational 

interaction; infrastructure security 

and threat assessment; and communication skills. 

Graduates are prepared to: 

• Analyze and apply basic security theories to 

Homeland Security with defined policies and 

activities. 

• Prepare, manage, and critique personnel involved 

in emergency response situations 

• Compare and integrate organizational standard 

operating procedures. 

• Analyze and construct risk analyses and threat 

assessment reports. 

• Assist and develop effective business continuity 

and emergency response plans. 

For over six years Bellevue University has been 

recognized by Government Security News and has 

been designated a National Center of Academic 

Excellence in information Assurance/Cybersecurity 

by the National Security Agency and the 

Department of Homeland Security. Officials 

lauded Bellevue University for offering innovative 

education programs that produce a well--trained 

and well-versed workforce to protect our nation’s 

on information infrastructure. The Designation 

remains in effect through the year 2021. 


–––––––––––––––––––––––––––––––––––––––– 

Bellevue University 

1000 Galvin Road, South 

Bellevue, NE 68005 

112 113

2017 



High Rise Escape Systems Inc. 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 

Best Disaster Preparedness, Recovery, Clean-up 


–––––––––––––––––––––––––––––––––––––––– 

These days it is irresponsible to believe that in times of 

danger emergency services will be obtainable, timely and 

equipped to provide rescue from multi-story buildings, 

ATC towers or other critical infrastructure environments. 

In fact, 99% of the world’s fire ladder trucks cannot reach 

above 75 feet (7 stories). We provide simple, reliable and 

inexpensive solutions for self-evacuation and rescue so that 

people can actually plan two ways out. 

Supplemental Evacuation is not limited solely to commercial, 

residential or industrial applications. These are diverse 

enough to play an important role on cruise ships and 

theme parks alike. Most recently, the United States Military 

has been utilizing the Guardian Escape Systems on Air 

Traffic Control Towers such as Vandenberg AFB, Edwards 

AFB, Tinker AFB, Maxwell AFB and Patrick AFB as well as 

Army and Air National Guard installations such as Alpena 

CRTC, Grayling Air Gunnery Range & Selfridge ANG. 

These are designed to mitigate means of egress for 

anyone living or working above the 2nd floor, including: 

Government Buildings, Embassies, Barracks, Hospitals, 

Disabled Individuals, Nursing Homes, Air Traffic Control 

Towers, Apartments, Condominiums, Hotels, Industrial, 

Job Sites, Theme Parks, Cranes, Oil Platforms, and Ships. 

We accomplish this by using a combination of several 

simple, low-tech devices. They require no power, are inexpensive, 

have a long shelf-life and are easy to use. 

We have developed permanent and portable Escape 

Systems to attach to a structure. 

Each System incorporates a Controlled Descent Device, 

commonly referred to as a “CDD”. The CDD works like 

a pulley. In operation, a user slides an Escape Harness over 

them, climbs over their balcony or out a window and the 

CDD slowly lowers them automatically at the rate of 3 feet 

per second. This speed can be compared to a slow elevator. 

As they descend, the opposite end of the cable automatically 

retracts and reloads the CDD for the next evacuee. Then 

the process repeats. Everyone gets out. Escape Harnesses are 

permanently attached at each end of the cable and full fireresistant 

Evacuation Suits are available. 

Each CDD incorporates a poly-steel cable with a neoprene 

inner lining and braided polyester jacket to protect 

it against abrasion, moisture and heat. Cable lengths are 

currently available up to 1000 feet (305 meters) or about 

100 floors. Other options are available for locations exceeding 

these heights. 

We have also developed Evacuation Suits for use with 

the CDD. Designed with senior citizens, mobility impaired 

and the disabled communities in mind, these suits 

are simple to put on and simple to put on others. They are 

oversized for adult and child together if necessary and made 

up of an Aluminized, Kevlar-style material that repels 95% 

of radiant heat. 

 


–––––––––––––––––––––––––––––––––––––––– 

http://hres.com 


–––––––––––––––––––––––––––––––––––––––– 

Ryan Alles, President 

407-466-0822 


–––––––––––––––––––––––––––––––––––––––– 

ryan@hres.com 


–––––––––––––––––––––––––––––––––––––––– 

High Rise Escape Systems 

801 Edgeforest Terrace 

Sanford, FL 32771 

114 115


Category #3: GSN 2017 Government Excellence Award 

Judging in this category is based on one or more of the following criteria: 

• Development of successful strategy and increase in public safety 

• Providing a notable solution to a recognized problem 

• Reduction in cost and/or major increase in efficiency and effectiveness 

• Decisive, successful action to respond to threat or emergency 

Special note on this year’s Government Awards: 

Rather than relying on predetermined categories, the judges decided instead 

to select five entries that would best represented the term Government Excellence. 

2017 Government Excellence Entry 

selected by judges: 

Agency: Federal Emergency Management 

Agency (FEMA) 

Category: Most Notable Cybersecurity 

Program or Technology 

Product, Service or Program: Personal 

Identity Verification (PIV) and Single 

Sign On (SSO) enablement 



Agency: State of Montana 

Category: Most Notable State 

Government Program, Project or Initiative 

Program: State Information Technology 

Services Division (SITSD), State of 

Montana 









Agency: Department of Justice (DOJ), Office 

of Personnel Management (OPM) and the 

Securities and Exchange Commission (SEC) 

Category: Most Notable Law Enforcement 

Interdiction, Arrest, Counter Terrorism or Crime 

Protection Program – Federal, State or Local 

Product, Service or Program: Federal Risk Management 

Process Training Program (RMPTP) 

Agency: USDA Agricultural Research 

Service (USDA-ARS) 

Category: Most Notable Law Enforcement 

Interdiction, Arrest, Counter Terrorism or 

Crime Protection Program Federal, State 

or Local 

Product: BeyondTrust Powerbroker 

Agency: Department of Homeland 

Security, Office of Cybersecurity and 

Communications 

Category: Most Notable Cybersecurity 

Program or Technology 

Product: National Cybersecurity 

Assessments and Technical Services 

(NCATS) 

Agency: DOJ, OPM 

Category: Most Notable Government 

Security Program, Project of Initiative 

Product, Service or Program: Interagency 

Security Committee Risk Management 

Process (ISCRMP) Training Program 

116 117

2017 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Federal Government Security 

Program, Project of Initiative 

Name of Nominated Product, Service, 

or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Datacasting 


–––––––––––––––––––––––––––––––––––––––– 

GSN 2017 Government Excellence Award 

Department of Homeland Security Science 

and Technology Directorate 

Datacasting has the potential to provide First Responders a 

highly resilient, secure and efficient way of disseminating data 

to large numbers of first responders using licensed bandwidth. 

It may eventually enable first responders to widely disseminate 

information to the public. A pilot system, implemented 

for testing in Houston TX, has been used to support security 

operations during the NCAA Men’s Basketball Finals and Super 

Bowl LI and to enhance situational awareness at forward 

command centers following Hurricane Harvey. 

Creating More Public Safety Spectrum Options 

In an emergency, first responders need timely and relevant 

data to make informed decisions. Land Mobile Radio networks 

are intended for voice communication and do not have 

the capacity to transmit large amounts of data. Commercial 

cellular networks can become overloaded or fail completely, as 

the network becomes saturated by public use. This leaves public 

safety agencies competing for the same network resources 

when trying to transmit their mission-critical information, 

especially video. 

Although the First Responder Network Authority’s Nationwide 

Public Safety Broadband Network is planned for the 

future, new and more effective ways to utilize bandwidth currently 

available for public safety need to be identified. 

The Department of Homeland Security Science and Technology 

Directorate’s First Responders Group (FRG) explored 

new spectrum options for public safety use through the 

piloting of datacasting technology. Datacasting uses existing 

broadcast television signals to deliver encrypted data to 

targeted recipients. 

FRG; the Johns Hopkins University Applied Physics Lab; 

SpectraRep, an FRG commercial partner and several Public 

Broadcasting Service (PBS) television stations around the 

country led pilots to determine the benefits and limitations of 

datacasting technology for public safety use. 

Delivering Encrypted Incident Response Data and High 

Quality Video to Responders in the Field 

Sharing video and other data over existing public safety 

networks has been a challenge. When broadcast television 

transitioned from analog to digital broadcast transmissions, it 

created the opportunity to allocate television spectrum in new 

ways, including delivering encrypted and targetable computer 

data. This pilot takes advantage of a portion of the public 

broadcasting station’s bandwidth normally used for television 

programming. Public broadcasting networks are a unique 

television partner given their public service mission. Datacasting 

reallocates a portion of their spectrum for transmitting 

video, data files and other critical incident information (e.g., 

building blueprints and live security video) to specific first 

responders anywhere in the TV signal coverage area without 

relying on or overwhelming other communication channels. 

Safeguarding Data and Preventing Communications Overload 

Datacasting is a broadcasting mechanism capable of oneto-many 

content delivery. For example, an unlimited number 

of recipients can be targeted without running out of bandwidth). 

This not only reduces congestion on commercial cellular 

networks, but it complements existing systems. Further, 

it allows public safety agencies to transmit encrypted video 

and data that is invisible to the general public through the 


–––––––––––––––––––––––––––––––––––––––– 

https://www.dhs.gov/science-and-technology/voice-video-and-data-public-safety 


–––––––––––––––––––––––––––––––––––––––– 

william.nye@associates.hq.dhs.gov 


–––––––––––––––––––––––––––––––––––––––– 

Department of Homeland Security Science 

and Technology Directorate 

1120 Vermont Ave. NW 

Washington, DC 20005 

digital television signal. 

Once the hardware is set up at the television station to 

enable this capability, data recipients will need a datacast 

receiver connected to their computer in order to receive the 

information being broadcast from the PBS station. Datacasting’s 

software allows the owners of the video and other data 

to target individual users or groups of receivers to receive the 

video, files and notifications being transmitted. These owners 

remain in control and can be selective about who should 

see video feeds and other information, even across various 

agencies and political jurisdictions. They also have full control 

over the information transmission and can even delete their 

data on remote computers at any time if a security breach is 

suspected, or a receiver is stolen or misplaced. 

Next Steps 

S&T conducted three pilots of the datacasting technology 

with the cities of Houston and Chicago and released test 

reports with information on how it was used and what capability 

gaps it filled. The reports can be accessed on https:// 

www.dhs.gov/science-and-technology/frg- publications. The 

technology was used during several major events in Houston 

and will continue to be used to support day-to-day activities. 

S&T is looking to identify another public safety partner for 

fiscal year 2017. 

118 119

2017 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Law Enforcement Interdiction, 

Arrest, Counter Terrorism or Crime Protection 

Program – Federal, State or Local 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Federal Risk Management Process Training Program 

(RMPTP) 


–––––––––––––––––––––––––––––––––––––––– 


A collaborative effort between 

DOJ, OPM and the SEC 

The Federal Risk Management Process Training Program (RM- 

PTP) has conducted over 30 training sessions and trained 671 

federal security professionals across 68 agencies, grade ranges 

from General Schedule 6 through Senior Executive Service level 

on how to develop a federal facility risk assessment methodology 

and effectively conduct a federal facility risk assessment. The 

training program is based on The Risk Management Process for 

Federal Facilities: An Interagency Security Committee Standard, 

2nd Edition, November 2016 and is a collaborative effort 

between Department of Justice (DOJ), Office of Personnel 

Management (OPM) and the Securities and Exchange Commission 

(SEC). 

The Federal Risk Management Process Training Program 

is the only Interagency Security Committee (ISC) certified 

training course offered to federal audiences to train security 

professionals on the risk management criteria and processes 

defined in The Risk Management Process for Federal Facilities: 

An Interagency Security Committee Standard, 2nd Edition, 

November 2016. 

“This Standard defines the criteria and processes that those 

responsible for the security of a facility should use to determine 

its facility security level, and provides an integrated, single 

source of physical security countermeasures. The Standard also 

provides guidance for customization of the countermeasures for 

Federal facilities…It is intended to be applied to all buildings 

and facilities in the United States occupied by Federal employees 

for nonmilitary activities.” - Durkovich, C. (2016) The 

Risk Management Process for Federal Facilities: An Interagency 

Security Committee Standard, 2nd Edition, November 2016. 

The Federal Risk Management Process Training Program also 

incorporates The Risk Management Process for Federal Facilities: 

An Interagency Security Committee Standard Appendix 

A: The Design-Basis Threat (DBT) Report, June 2017, 11th 

Edition. The Design-Basis Threat Report defines an undesirable 

event as “An incident directed towards a Federal facility that 

adversely impacts the operation of the facility, the mission of the 

agency, or personnel.” The Design-Basis Threat Report identifies 

33 potential undesirable events that may occur. Facility Security 

practitioners must address the threat, consequence and vulnerability 

of all 33 undesirable events to deliver a comprehensive 

risk assessment of their federal facility. However, lack of expertise 

with the risk management criteria and processes often leave 

undesirable events unaddressed, facilities vulnerable to risk and 

exposed to unnecessary expense, and noncompliant with the 

Interagency Security Committee standards. 


educates the participants on the criteria and processes of 

determining a Facility Security Level, identifying a baseline 

Level of Protection, identifying and assessing risks, determining 

the Necessary or Highest Achievable Level of Protection 

and implementing Countermeasures. The program extrapolates 

essential knowledge from over 500 pages of documentation in 

the Interagency Security Committee Standard and Appendices 

into collaborative exercises, hands-on interactive training, with 

instruction by security and risk management subject matter experts. 

Course participants receive the first Interagency Security 

Committee certified and approved Risk Management Process 

Tool designed by the team to automate the process of calculating 

facility security levels and identifying the relevant countermeasures 

associated with the various types of threats saving 

those conducting risk assessments time and resources as well as 

providing a means of documenting outcomes. 

Most importantly, over the next 12 months federal facilities 

will be required to meet the compliance requirements set forth 

in Executive Order 12977. This order is the authority to ensure 

that agencies comply with federal facility security directives. It 

is the goal of the Federal Risk Management Process Training 

Program to provide federal facility risk assessment training to all 

agencies in order for the agencies to meet compliance requirements 

and establish timelines for phased compliance metrics. 


provides a means for federal security practitioners to understand 

the ISC Standard and Appendices and participate in real life 

exercises on risk assessments to successfully meet federal facility 

compliance requirements in a timely manner. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.opm.gov 


–––––––––––––––––––––––––––––––––––––––– 

Federal Risk Management Process Training Program: 

https://leadership.opm.gov/programs.aspx?c=180 

This is a team nomination. The Federal Risk 

Management Process Training Program consists of: 

Reid Hilliard, Lead and Master Instructor 

Assistant Director 

Justice Protective Services, Department of Justice DOJ 

Kevin McCombs, Tier 3 Instructor 

Director Security Services 

Facilities, Security, and Emergency Management, 

Office of Personnel Management OPM 

John Rossiter, Tier 2 Instructor 

Senior Security Specialist 

Office of Security Services 

Securities and Exchange Commission SEC 


–––––––––––––––––––––––––––––––––––––––– 

Pamela.wiggins@usdoj.gov 


–––––––––––––––––––––––––––––––––––––––– 

U.S. Department of Justice 

950 Pennsylvania Avenue, NW 

Washington, DC 20530-0001 

Comments by participants on the specific outcomes they 

hope to achieve as a result of applying the training include: 

• “Being able to select the correct counter measures” 

• “Implementing a proper RMP program at my agency” 

• “Make my facilities more secure” 

• “Be able to conduct assessments that are clear and concise 

based from ISC guidelines” 

• “Applying the ICS standards to my job” 

• Comments by participants on how the program reinforced 

their commitment to public service include: 

• “The Risk Management Process Training Program helped me 

assess risks facing Federal facilities and find ways to mitigate and 

share knowledge with my fellow employees” 

• “By showing you can save the public tax money by accepting risk” 

• “By applying the instruction to the risk management process 

and tools given by this course” 

120 121

2017 


State of Montana 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 

Most Notable State Government Security Program, 

Project or Initiative 


or Program: 

––––––––––––––––––––––––––––––––––––––– 

State Information Technology Services Division 

(SITSD), State of Montana 


–––––––––––––––––––––––––––––––––––––––– 

SITSD has been working to increase visibility in 

agencies across the state of Montana including 

Health & Human Services, the Department of 

Revenue, the Department of Administration and 

the Judicial Department, through the use of Splunk 

Enterprise and Splunk Enterprise Security. SITSD 

utilizes this platform to improve the security posture 

of the state, and is doing so through troubleshooting 

and other crucial capabilities. The SITSD 

team is also now able to monitor multiple security 

categories – including information across the network, 

directories, web filtering, DNS and virtual 

servers – as well as the security bandwidth of vari- 


ous agencies across the state. 

Within SITSD, security teams now have the 

ability to build and use threat intelligence dashboards, 

providing visibility into all threat intelligence 

activity across the network. Using these dashboards, 

the team automatically accesses datafrom 

agencies across the state within minutes to assess 

and mitigate potential threats. Prior to implementing 

the security platform, the team manually 

retrieved this information, which was very time 

consuming. Security personnel can now pull data 

from multiple sources into one pool for unified 

search discovery and troubleshooting. Examples 

are Firewall, Websense Filtering, Netscaler, Active 

Directory Auditing, DNS, and VM machine access. 

In addition to these new capabilities, teams 

within SITSD have begun to function in a proactive 

manner rather than in the reactive way they 

functioned prior to deploying the platform. They 

can now fully understand their threat environment 

and monitor all types of data, which has led 

to a major increase in efficiency and information 

sharing across Montana. The state no longer has to 

assess threats on a case-by-case basis, and can more 

efficiently and effectively protect the data of the 

state, and therefore its citizens. 

This program has become a critical tool for 

Montana’s network. “Any time we have network or 

content filtering issues, our go-to is Splunk. Previously, 

troubleshooting issues could take hours, and 

multiple people across different bureaus working 

together as the logs were from several sources,” said 

Randy Haefka, Enterprise Support Services Section 

Supervisor, Enterprise Technology Services Bureau, 

SITSD/Montana Department of Administration. 

The team now has all of its tools and information 

centralized on one platform, which further enables 

it to be proactive and maintain the integrity of the 

state’s network. 


–––––––––––––––––––––––––––––––––––––––– 

https://sitsd.mt.gov/ 


–––––––––––––––––––––––––––––––––––––––– 

The State Informational Technology Services Division is 

part of the Montana Department of Administration. The 

mission of the State Information Technology Services 

Division is to provide shared IT services to support the 

needs of the state and citizens of Montana: 

http://sitsd.mt.gov/Services-Support/Enterprise- 

Architecture 

Independent media coverage: 

http://sitsd.mt.gov/News-Events/PID/22417/evl/0/ 

CategoryID/125/CategoryName/Current-SITSD- 

News 


–––––––––––––––––––––––––––––––––––––––– 

Ron Baldwin, Chief Information Officer 


office: 406-444-2777 


–––––––––––––––––––––––––––––––––––––––– 

RBaldwin@mt.gov 


–––––––––––––––––––––––––––––––––––––––– 


Department of Administration 

125 N. Roberts 

Helena, MT 59620 

122 123

2017 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Cybersecurity Program or Technology 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

National Cybersecurity Assessments and Technical 

Services (NCATS) 


–––––––––––––––––––––––––––––––––––––––– 


Department of Homeland Security, 

Office of Cybersecurity and Communications 

2017 Winner 

within the DHS’s Office of Cybersecurity and 

Communication’s National Cybersecurity and 

Communications Integration Center (NCCIC). 

The NCATS team focuses on proactively engaging 

with its federal, state, local, tribal, territorial 

and critical infrastructure partners to improve their 

cybersecurity posture, limit their exposure to risks 

and threats, and reduce rates of exploitation. The 

NCATS team offers cybersecurity services such as 

red teaming, penetration testing, and vulnerability 

scanning at no cost. 

To date, the NCATS program has worked with 

over 386 organizations, delivered over 19,000 reports 

and helped resolve over 326,000 vulnerabilities. 

DHS’s Office of Cybersecurity and Communications 

Assistant Secretary Dr. Andy Ozment states, 

“NCATS is a lifeline to funding-constrained public 

and private sector partners, particularly among the 

critical infrastructure sectors. Their cybersecurity 

expertise in current and emerging threats provides 


–––––––––––––––––––––––––––––––––––––––– 

http://www.DHS.gov/cyber 


–––––––––––––––––––––––––––––––––––––––– 

https://www.us-cert.gov/ccubedvp/federal 

https://krebsonsecurity.com/2015/12/dhs-givingfirms-free-penetration-tests/ 


–––––––––––––––––––––––––––––––––––––––– 

Rob Karas, Director of National Cybersecurity 

Assessment & Technical Services (NCATS) 



Contact Bob Hopkins on his behalf: 703-235-5788 


–––––––––––––––––––––––––––––––––––––––– 

Robert.Hopkins@hq.dhs.gov 


–––––––––––––––––––––––––––––––––––––––– 



245 Murray Lane, SW 

Building 410, MS 645 

Washington, DC 20528 

In May 2015, the Department of Homeland Security 

(DHS) issued a first-of-its-kind binding operational 

directive (BOD) requiring all federal agencies 

to patch critical network vulnerabilities within 30 

days. The National Cybersecurity Assessments and 

Technical Services (NCATS) Cyber Hygiene program 

was responsible for identifying critical vulnerabilities 

in agency systems. They helped create 

the BOD Scorecard, BOD vulnerability tracker, 

real-time dashboard with graphs for real-time situational 

awareness, and programmed a hierarchical 

data structure to enhance the categorization of each 

stakeholder’s internet protocol (IP) space. These 

products have improved DHS’s ability to determine 

a federal department or agency’s network security 

status in real-time. 

The National Cybersecurity Assessments and 

Technical Services (NCATS) program is located 

Organizations participating in DHS’s “Cyber Hygiene” vulnerability 

scans. Source: DHS 

124 125

2017 



–––––––––––––––––––––––––––––––––––––––– 


Program, Project or Initiative 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

BeyondTrust Powerbroker 


–––––––––––––––––––––––––––––––––––––––– 

In June of 2015, the Office of Management and 

Budget (OMB) launched a 30-day Cybersecurity 

Sprint to assess and improve the health of all Federal 

assets and networks. Agencies were directed to 

protect Federal information systems, and improve 

the resilience of networks in both civilian and military 

organizations, then report on their successes 

and challenges. Organizations were instructed 

to immediately patch critical vulnerabilities and 

strictly limit the number of privileged users with 

access to authorized systems, while significantly 

accelerating the use of strong authentication for 

privileged users. The US Department of Agriculture, 

Agricultural Research Service (USDA-ARS), 

took the call to action seriously and set out to rap- 


USDA Agricultural Research Service (USDA-ARS) 

2017 Winner 

idly secure 11,000 privileged users in their windows 

environment. Deploying BeyondTrust Powerbroker 

for Windows in half the time expected for a deployment 

of this size, the USDA-ARS was able to 

secure and manage their privileged accounts quickly 

and efficiently. In many cases, achieving this well 

ahead of peer agencies. 

Legacy Software: Upgrades and Vulnerabilities 

The USDA-ARS began to see immediate benefits. 

“As we brought ARS sites from around the 

country into Enterprise Active Directory, under the 

agency domain, we found thousands of machines 

had older versions of software, such as Internet 

Explorer, Adobe, Java, etc. Many of these older 

versions of software were found to contain vulnerabilities 

and a mandate was generated to upgrade 

to the latest versions. With PBW, I was able to 

quickly and easily create rules that provided users 

the administrative privilege to uninstall old software 

and install new software without the need for 

administrative credentials,” said the project lead 

at the agency. In addition, this project allowed the 

agency to create a very large set of “canned” rules to 

allow background update services to install updates 

and patches. “We immediately began to see a drop 

in the number of vulnerabilities reported in these 

applications.” 

Elevating Specific Applications 

Like many of our government agencies, the US 

Department of Agriculture ARS has cases where 

one user, or several users, need to launch an application 

with administrator privileges on a specific 

machine or group of machines. However, they don’t 

need full-time administrator privileges or access to 

the username and password of a local administrator 

account as part of their day-to-day duties. This 

implementation allowed the agency to elevate the 

specific application to launch with administrative 

privileges without the user ever obtaining the 

username and password for a local administrator 

account. “Thus, the user is not able to login to the 

computer with an administrator account, thereby 

gaining administrator-level access to everything 

on the machine, nor do they have the ability to 

launch/install other applications using the built-in 

‘Run-As’ function,” said the agency project lead. 

The USDA-ARS is making the security of their 

information systems a priority, achieving least privilege 

quickly and effectively. Congratulations to the 

agency teams and leadership for a job well done. 


–––––––––––––––––––––––––––––––––––––––– 

https://www.beyondtrust.com/ 


–––––––––––––––––––––––––––––––––––––––– 

Description: 

http://www. 

Description: 

http://www. 

Description: 

http://www. 


–––––––––––––––––––––––––––––––––––––––– 

Mike Bradshaw, Partner 

Connect Marketing 

Office: 801-373-7888 


–––––––––––––––––––––––––––––––––––––––– 

mikeb@connectmarketing.com 


–––––––––––––––––––––––––––––––––––––––– 

Connect Marketing 

881 W. State Street 

Pleasant Grove, UT 84062 

126 127

2017 



–––––––––––––––––––––––––––––––––––––––– 

Most Notable Cybersecurity Program or Technology 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Personal Identity Verification (PIV) 

and Single Sign On (SSO) Enablement 


–––––––––––––––––––––––––––––––––––––––– 

In June of 2015, the Office of Personnel Management 

suffered a high-profile data breach which 

spurred action on cyber security across numerous 

agencies. Adrian Gardner, the Chief Information 

Officer (CIO) of the Federal Emergency 

Management Agency (FEMA), was determined 

to safeguard his agency’s information. He sought 

a comprehensive, rigorous solution rather than a 

“Band-Aid” approach, and had a very aggressive 

schedule to implement the solution in six months. 

Mr. Gardner requested that 76 high priority systems 

be Personal Identity Verification (PIV) Card 

and Single Sign On (SSO) enabled to ensure that 

industry leading security standards, aligning with 

FEMA’s Target Actionable Architecture, would be 


Federal Emergency Management Agency (FEMA) 

2017 Winner 

applied to systems containing user information. 

The FEMA PIV SSO project was kicked off on 

October 1, 2015, consisting of a joint FEMA-IBM 

initiative that incorporated efforts led by the Office 

of the Chief Information Officer (OCIO) and supported 

by various mission critical FEMA program 

areas. The scope of the effort included the implementation 

of an enterprise security infrastructure 

based on the IBM Security Access Manager (ISAM) 

Webseal, Federated Identity Manager (FIM) and 

Integrated Windows Authentication (IWA) technologies. 

FEMA’s systems leverage a wide variety 

of technologies, including Java, C++, .NET, PowerBuilder, 

and Mainframe. The PIV/SSO implementation 

approach varied depending upon the 

technology and existing authentication mechanism 

of the specific application. 

FEMA understood that no single solution would 

be able to address the authentication needs for all 

applications within an organization as large and 

complex as FEMA. Accordingly, the team created 

a standardized approach which took into consideration 

the systems’ technical platforms (Powerbuilder, 

Java, .NET, Custom-Off-The-Shelf) and 

other mitigating factors such as end user population 

types, need for mobility support, the production 

environment and other critical factors. Moreover, 

the integrated team took into consideration a user 

population that does not currently use PIV cards 

for access: namely state, local, tribal, and territorial 

(SLTT) users. The solution allowed them continued 

access to the systems through user name and password 

authentication as a temporary workaround 

until PIV-I would be rolled out. 

The system deployments were planned to minimize 

the impact to the mission of the organization. 

Application releases were grouped based on 

technology, authentication method and application 

dependency. The first group deployment, in mid- 

February 2016, included applications dependent 

on the mission-critical National Emergency Management 

Information System (NEMIS) system. 



–––––––––––––––––––––––––––––––––––––––– 

https://www.fema.gov/ 


–––––––––––––––––––––––––––––––––––––––– 

Given the nature of this project, there is limited publicly 

available information. What information can be found on 

the internet has been included here. 

This quick reference guide helps to demonstrate the 

proper use of the system. It helps to explain how the user 

interface changed to increase security without impacting 

current work products: 

http://floodmaps.fema.gov/tutorials/piv/MIP_PIV_ 

Quick_Reference_Guide.pdf 

Note from FEMA Chief Information Security Officer 

(CISO), Donna Bennett to employees describing the 

implementation of the single sign on system: 

https://www.fema.gov/media-library- 

data/1458661814326-bf98611bc38ad- 

8ba63241578a3e2c145/PIVRollout.txt 

Helps to describe the innovative nature of FEMA’s authentication 

program and its impact: 

https://gcn.com/articles/2016/10/06/dig-it-fema-authentication.aspx 


–––––––––––––––––––––––––––––––––––––––– 

Thomas Coleman, Partner 

IBM Global Business Services 

Office: 301-803-6689 

cell: 202-320-3280 


–––––––––––––––––––––––––––––––––––––––– 

thomas.coleman@us.ibm.com 


–––––––––––––––––––––––––––––––––––––––– 

IBM Corporation 

600 14th St, NW, Floor 2 

Washington, DC 20005-2012, US 

128 129

The second group of applications, mostly relying 

on the FEMA Integrated Security and Access Controls 

– FEMA Access Management System (ISAAC 

- FAMS) landing page, were deployed at the end 

of February. The last group of systems, primarily 

including Cloud based systems and systems outside 

of the FEMA Enterprise Network, were deployed 

at the end of March, meeting the initial six-month 

deadline through tight collaboration across all 

stakeholders. 

The completion of PIV/SSO enablement is a 

significant step in furthering FEMA’s cyber defenses 

and controls to better protect FEMA data, including 

information from disaster survivors and FEMA 

partners. The PIV/SSO effort not only introduced 

a scalable enterprise security platform but it also 

integrated all FEMA’s critical systems within the 

infrastructure to ensure the security of the organization’s 

applications and the data which it maintains. 

This was accomplished with minimal user interruption 

as the integrated FEMA-IBM team carefully 

planned the deployment of the systems taking into 

consideration FEMA restrictions of system changes 

during active disaster declarations. 

This project PIV enabled FEMA systems at the 

application level, allowing FEMA to attain the Level 

of Assurance 4, in accordance with the NIST SP 

800-63 requirements, for their high value systems. 

With this capability, the agency has transformed 

the way all users access their applications, simplifying 

and streaming their access to the applications 

while improving system security and reducing 

FEMA operational overhead of manually updating 

employee records. By creating a standardized solution 

approach across disparate identity architectures 

throughout different FEMA IT Systems, this 

project also reduces the effort for any new system 

to be integrated within FEMA’s enterprise security 

infrastructure in the future. The FEMA PIV/SSO 

effort applied industry-leading security standards 

and created a robust security layer, which enhances 

FEMA’s ability to both secure and control access 

to sensitive information. This implementation not 

only leveraged an architecture that conforms to 

various FICAM model objectives, but also helped 

FEMA reach its objective of meeting OMB and 

DHS mandates. 

Summary highlights of how the PIV/SSO initiative 

transformed FEMA’s security posture include: 

• Implementation of an architecture that conforms 

to goals for Federal Identity, Credential, and 

Access 

Management (FICAM) model. 

• FEMA attainment of Level of Assurance 4, in 

130 131

2017 


DOJ, OPM 

2017 Winner 


–––––––––––––––––––––––––––––––––––––––– 


Program, Project of Initiative 


or Program: 

–––––––––––––––––––––––––––––––––––––––– 

Interagency Security Committee Risk Management 

Process (ISC RMP) Training Program 


–––––––––––––––––––––––––––––––––––––––– 

Approximately 350,000 Federal facilities across the country 

require a comprehensive risk assessment methodology that 

addresses threat, consequence, and vulnerability of the 33 

undesirable events identified in the Department of Homeland 

Security (DHS), Interagency Security Committee 

(ISC) Standard Report. Often facility security practitioners 

do not always consider all the undesirable events 

when conducting risk assessments due to lack of expertise 

or available resources, leaving facilities vulnerable to risk, 

exposed to unnecessary expense, and non-compliant with 

the ISC standards. 

The ISC RMP Training Program was first established 

as a pilot course in May 2011 by the DOJ. After some 

refinement, the course documentation was submitted 


to the ISC and approved in December 2011 as the first 

official risk management process training program. At 

the end of 2012, DOJ reached out to OPM to establish 

a partnership to have the highly regarded program managed 

by OPM/EMDC, based on their 50 year history in 

delivering stellar leadership and management development 

programs. 

The DOJ/OPM partnership officially kicked off with 

the first open enrollment course delivered in Washington, 

DC in January 2014. The feedback from the participants 

in this first course reflected an overall success score of 4.93 

out a possible 5.0. 

The ISC RMP Training Program continues to reach 

new heights and achieve success. Most recently, the 

program recognized and celebrated the graduation of the 

500th participant. The program has been successfully 

delivered to over 540 graduates from 57 different agencies, 

with participants ranging from GS-6 to SES. The 

number of participants continues to grow substantially, 

with increasing numbers coming from the Department of 

Defense. The program has been delivered more than 29 

times to date, with additional single agency requested or 

ad hoc sessions being added to the training schedule each 

year. The program also continues to receive higher than 

industry average course evaluation scores. 

The success of the program is demonstrated in the 

significant increase in the number of security practitioners 

who effectively establish risk assessment methodologies for 

their facilities that comply with the ISC RMP standards. 

Participants who are responsible for securing their agencies 

facilities and practitioners who participate in the development 

of security countermeasures receive access to the first 

ISC certified and approved Risk Management Process Tool, 

designed to automate the process of calculating facility 

security levels and identifying the relevant countermeasures 

associated with various types of threats, consequences, and 

vulnerabilities of the 33 undesirable events. 

Graduates of the ISC RMP Training Program are able to: 

• Provide guidance to Facility Security Committees 

(FSCs) 

• Perform ISC-Compliant Risk Assessments 

• Determine Facility Security Levels (FSL) 

• Identify Necessary Levels of Protection (LOP) 

Establishing and executing a comprehensive risk assessment 

methodology is a challenge for many Federal facility 

security professionals across the country. The ISC RMP 

Training Program should be recognized by the Government 

Security News 2016 Homeland Security Awards Program 

for providing a blended learning solution for Federal agencies 

to address risk assessment challenges, reduce cost and 

inefficiencies of their security resources, and mitigate the 

impact of undesirable events at their facilities. 


–––––––––––––––––––––––––––––––––––––––– 

https://cldcentral.usalearning.net/ 


–––––––––––––––––––––––––––––––––––––––– 

The Department of Justice and Office of Personnel Management partnered 

to offer the ISC Risk Management Process Training Program. 

This course is designed to provide opportunities for individuals to 

become experienced with the ISC Risk Management Process. Participants 

learn how to accurately summarize the main features of the ISC 

Risk Management Process, identify how its implementation benefit 

their organization; and given the risk assessment, make informed, 

risk-based decisions. The training program consists of collaborative 

exercises, hands-on interactive training, and instruction from accomplished 

risk management professionals. This is the first and only ISC 

certified and approved training course offered to Federal audiences: 

https://leadership.opm.gov/programs.aspx?c=180 

Hilliard won the GSN’s federal trophy for his work documenting the 

Physical Security Criteria for Federal Facilities and the development 

of the Design Based Threat report. Note: This nomination is for the 

training that’s been implemented based on the 2010 work products: 

http://gsnmagazine.com/article/21986/everett_reid_hilliard_doj_and_interagency_security 

In 2010, Everett Reid 


–––––––––––––––––––––––––––––––––––––––– 

Reid Hilliard, Assistant Director 

Justice Protective Services, DOJ 

office: 202-598-1441 cell: 202-514-1441 

Janet White, Education Program Director 

Eastern Management Development Center, 

Center for Leadership Development, OPM 

office: 202-606-6531 cell: 202-731-8631 

Kevin McCombs 

Director Security Services Facilities, Security, and Emergency Management, 

OPM 

office: 202-418-0201 cell: 202-345-0025 


–––––––––––––––––––––––––––––––––––––––– 

Everett.R.Hilliard@usdoj.gov 


–––––––––––––––––––––––––––––––––––––––– 

U.S. Department of Justice 

950 Pennsylvania Avenue, NW 

Washington, DC 20530-0001 

132 133

The News Leader in Physical, IT and Homeland Security 

CEO/Editorial Director 

Chris Zawadzki 

chris@gsnmagazine.com 

Editor 

Steve Bittenbender 

502-552-1450 

tucker.pope@@gsnmagazine.com 

Senior Writer 

Karen Ferrick-Roman 

412-671-1456 

karenferrickroman@gmail.com 

Columnist 

Shawn Campbell 

Campbell on Crypto 

shawn.campbell@safenetat.com 

Columnist 

George Lane 

Hazmat Science & Public Policy 

georgelane@hotmail.com 

Contributing Author 

Lloyd McCoy Jr 

Immix Group 


Walter Ewing 


Wendy Feliz 


Joshua Breisblatt 


J. Michael Barrett 


Christopher Millar 

Gatekeeper Security 

Art Director 

Brenden Hitt 

Brenden.hitt@gsnmagazine.com 

Direct: 203-216-7798 

FREE 

SUBSCRIPTION 

SIGN-UP 

Monthly Digital Edition 

Airport/Seaport Newsletter 

Daily Insider Newsletter 

Cybersecurity Newsletter 

CLICK HERE 

GSN Magazine/Government Security News P.O. Box 7608 Greenwich, CT 06836 

94


Category #2: Vendors of Physical Security Products and Solutions 

Best Mass Notification System 

Rave Mobile Security 

finalist 

ravemobilesafety.com 

Best Asset Tracking with 

Pairing Technology 

Offsite Vision 

winner 

offsitevision.com 

Best Spherical Situational Awareness 

Imaging Technology 

IC Realtime 

winner 

icrealtime.com 

Best Disaster Preparedness, Recovery, 

Clean-up 

High Rise Escape Systems, Inc 

winner 

hres.com 

Best Explosives Detection Product 

or Solution 

FLIR Systems 

winner 

flir.com/fidox2

GSN_HSA2017_Yearbook

Create successful ePaper yourself

Delete template?

Save as template?