As part of its annual program to recognize clients who demonstrated the highest level of network security in the previous year, Digital Defense recently completed its notification and delivery of awards to clients who won a 2016 Client Recognition Award. If you were not one of the 49 Digital Defense clients who won an award for 2016 and/or are unaware of this program, don’t worry - the 2017 award year is underway and there is plenty of time for your organization to qualify!
Conducted every year since 2007, the Digital Defense Client Recognition Award Program recognizes organizations that displayed the highest level of network security throughout the previous calendar year based on their Frontline Vulnerability Manager (FVM) vulnerability and remediation data. Utilizing Digital Defense’s proprietary Security GPA® scoring algorithm, awards are presented to recurring vulnerability management clients that had the highest Security GPA scores among their peers on their external and internal networks. The following are the various criteria surrounding the award program for 2017.
Who is Eligible for an Award?
- Organizations must be a recurring DDI client in good standing on December 31st of the award year
- Clients must have been contracted for and conducted scheduled, recurring internal and external vulnerability scanning on at least a quarterly basis for the entire award year
- Clients must have full scan data in Active View™ for all four quarters of the award year
- The internal client network being scanned must be a ‘traditional’ network, i.e. it must be comprised of a variety of device types one would observe on a typical network, such as servers, workstations, printers, etc, and must contain an average of at least 50 live devices throughout the year
- The external client network being scanned must contain at least one live external device during each quarterly scoring cycle
- A client must not be intentionally or unintentionally abusing built in features of the FVM system, such as marking valid vulnerabilities as ‘false positive’, excluding a large number of hosts and/or ports from scanning and/or hiding hosts within Active View that may artificially inflate their Security GPA
- In cases where this is detected, the client may be disqualified and/or have its quarterly Security GPA recalculated based on the final full vulnerability scan of each quarter, that will include any ‘hidden’ hosts and/or vulnerabilities
- As necessary, the DDI EVP of Operations will independently and objectively assess any additional factors not identified above within a client’s scanning program in order to ensure common sense, consistency and fairness are applied in confirming eligibility and identifying winning organizations within the Client Recognition Award Program
How Are The Awards Determined?
Once eligible clients are identified, award winners are determined by compiling each eligible client’s annualized Security GPA scores. Security GPA is an easy to understand security metric that is compiled from a combination of individual host risk ratings based on results of recurring vulnerability assessment and penetration testing (if applicable) and standardized system criticality ratings. Internal and external Security GPA scores are pulled for all clients on a quarterly basis throughout the award year. In order to provide an apples-to-apples comparison, Security GPA scores are based upon vulnerabilities discovered via non-authenticated methods. This allows our clients who are more proactive by running recurring authenticated scans (and thereby finding more vulnerabilities) to be fairly compared against clients who choose not to run authenticated scans.
The quarterly Security GPA scores are then averaged utilizing a weighting system based on the recency of the Security GPA scores, with the more recent scores weighing heavier into the final average (i.e. the Q1 score is weighted once, the Q2 score is weighted twice, and so on). Once the ‘annualized’ Security GPA is determined for the internal and external networks, small adjustments/bonuses are applied based on the following criteria:
- Network Size Adjustment
- +0.01 per 100 hosts internally / +0.01 per 10 hosts externally (based on average host count for the award year), up to a maximum of 0.10 points for internal and external annualized Security GPAs
- Penetration Testing
- +0.10 internally and/or externally for at least one penetration test conducted by Digital Defense within the award year
- Recurring Authenticated Scanning
- +0.025 for each quarter in which authenticated scanning was accomplished across a majority of internal servers and workstations
- Managed Vulnerability Scanning Program
- +0.0125 for each quarter in which the client was contracted for a Digital Defense Managed Vulnerability Scanning service (VM-Pro/PCI-Pro)
- Contracted Frequency of Scanning
- +0.0125 for each quarter in which the client was contracted for on-demand or monthly vulnerability scanning
After adjustments/bonuses are applied to the annualized Security GPA, clients must have a score of at least 3.50 on their internal and external networks to qualify to receive an award. Once qualifying clients have been identified and vetted, the internal and external composite Security GPA scores are averaged and this score is used to rank the qualifiers to determine the awards.
What Are The Awards?
The following are the defined awards as part of the Client Recognition Award Program:
- Best Overall Network Security Program (Large/Medium/Small Network Categories) – Awarded to the client with the highest composite Security GPA of all DDI clients within its category. The DDI Chief Executive Officer or his designee travels to the client’s location, at no cost to the client, for a trophy presentation at a function of the client’s choosing.
- Excellence in Network Security Award - Awarded to clients who have a composite Security GPA of 3.50 or higher on their internal and external networks and the average of those Security GPAs places them within the 98th percentile of all of DDI’s recurring vulnerability scanning and penetration testing clients, regardless of their network size category. These clients are awarded a plaque and receive a congratulatory letter from the Digital Defense President & CEO. These awards are typically shipped via FedEx or U.S. Mail, although they are awarded in person in some instances.
- Honorable Mention – Clients with at least a 3.50 composite Security GPA internally and externally but do not place within the 98th percentile will receive an Honorable Mention certificate and a congratulatory letter from the Digital Defense President & CEO.
Where Can I Get More Information?
For more information on the Digital Defense Client Recognition Program, please contact your Client Advocate at 888-273-1412, Option #2 or [email protected].