Initial Winners of the 2003 Information Security Leadership Awards Announced SANS Institute Names Microsoft, Red Hat, Cisco, and WorldCom for Industry-Leading Innovation In Making Effective Security Easier For Users

For more information on the awards:
Email awards@sans.org
Or call Alan Paller at 301-951-0102x108.

March 6, 2003

(San Diego) Four large vendors were named today for their leadership in making information security more effective and less painful for their clients.

The SANS Institute is sponsoring fifteen award categories- each representing an important innovation in security. (See www.sans.org/press/isla_cat.php)

Each award winner has set the standard for its industry. Awardees were named in six of the categories. Preliminary award winners are being announced toady at NIAL-4 (the Fifth National Information Assurance Leadership Conference) in San Diego. The final list of awards will be released, and the awards will be presented, at NIAL-5 in Washington, DC on July 22, 2003. SANS looks forward to identifying winners in additional categories the intervening months. Users may nominate their vendors by sending email to awards@sans.org. Simply provide two paragraphs about how the vendor sets the industry leading standard in one specific category. To be eligible, the vendor must have at least 5% market share in the operating system, database, or web server marketplaces.

Microsoft

Microsoft won three of the awards - demonstrating that its Trustworthy Computing Initiative is beginning to bear fruit:

1. The Award for Leadership In Automated Updates for Microsoft's automated patching service (for Windows XP and Windows 2000 SP3 and above) that helps protect users who are not security experts and for the Update Server that allows security experts inside organizations to test patches and then release them for automated patching of all systems managed by the Update Server both locally and remote.
2. The Award for Leadership in Security Training of Software Developers for Microsoft's nascent program of requiring all Microsoft software developers to become familiar with common security errors made by programmers and how to avoid them.
3. The Award for Leadership in Testing Software for Security Vulnerabilities for Microsoft's extensive automation of the software testing process.

Cisco

Cisco won one award:

1. The Award for Leadership In Building A Network of ISP Security Experts for Cisco's development and nurturing of NSPSec.

Red Hat

Red Hat shared (with Microsoft) the Award for Leadership In Automated Updates for Red Hat's automated patch notification service (for recent Red Hat versions). Although Red Hat does not offer an equivalent to Microsoft's Update Server, automated distribution under user expert control is feasible. In addition, although the award has not yet been finalized, Red Hat is leading the competition to be the first major software firm to deliver safe out of the box software that conforms to the "Gold Standard" consensus security configuration benchmarks developed by US government and commercial user organizations.

WorldCom

WorldCom won two awards:

1. The Award For Leadership In Mitigating Denial Of Service Attacks for WorldCom's (UUNET) development of techniques for identifying the source of, and blocking, spoofed denial of service attacks. The company gets extra credit for sharing the techniques with AT&T and other large ISPs, without cost, despite the fact that the others a competitors.
2. The Award for Leadership in Rapid Response To Worm Activity for its near instantaneous blocking of the china.com site that was collecting password files form tens of thousands of Solaris systems being abused by the Lion worm.

About The SANS Institute

SANS is a cooperative research and education organization for security, system, network, and auditing professionals. More than 16,000 people from 23 countries participated in week long, immersion training with SANS during 2002. SANS also provides numerous free services for security professionals ranging from the Internet's Early Warning System, the Top Twenty Internet Security Vulnerabilities, the annual salary survey, monthly free web broadcasts, and three weekly electronic updates on security news and security vulnerabilities. SANS, along with ISACA, IIA and ISC2, is a founding member of the Center for Internet Security.

About the National Information Assurance Leadership (NIAL) Conference:

NIAL is the conference for senior security managers in industry and government, It features the five highest rated speakers in the security field and several others who are nearly as good. Among it's many extraordinary sessions, one that stands out is SANS unique Internet Threat Update that provides unparalleled visibility into the new tools and techniques attackers are using, and what can be done to block those attacks.

More information on the awards: email awards@sans.org or call Alan Paller, SANS Director of Research, at 301-951-0102x108.