Client Excellence Awards

Recognizing our clients' proactive efforts to secure their networks

Our Client Recognition Award Program

As part of Fortra’s Digital Defense Client Recognition Award Program, we present awards on an annual basis to those clients who display outstanding network security practices throughout the previous year as compared to their peers. The program was started in 2007 as a way to ensure organizations receive recognition for their proactive efforts in securing their internal and external networks.

Awards are generally sent to someone in the highest level of the client’s management chain to provide visibility into the significance of the effort put forth by the information security team. There is absolutely no “sales bias” in these awards or consideration of the asset size/revenue of the organization, how much revenue a client provides us, when the client’s contract is up for renewal, etc. The award is determined objectively in order to recognize outstanding security practices and the people behind the execution of those practices.

Who is Eligible for an Award?

The following are eligibility requirements for the Client Recognition Award Program:

Organizations must be a recurring Digital Defense client in good standing on December 31st of the award year
Clients must have been contracted for and conducted recurring full internal and external vulnerability scanning on at least a quarterly basis for the entire award year
Clients must have full scan data for all four quarters of the award year
The client network must be a ‘traditional’ network, i.e. it must be comprised of a variety of typical device types one would observe on a typical network, such as servers, workstations, printers, etc.
The client Active View™ must contain an average minimum of at least 50 live devices throughout the year

The client Active View must contain at least one live external device during each quarterly scoring cycle
A client must not be intentionally or unintentionally abusing built in features of the Fortra Vulnerability Manager (Fortra VM) system, such as marking valid vulnerabilities as ‘false positive’, excluding a large number of hosts and/or ports from scanning or hiding hosts within Active View that may artificially inflate their Security GPA
- In cases where this is detected, the client may be disqualified or have its quarterly Security GPA recalculated based on the final full vulnerability scan of each quarter or historical Active View data, which will include any ‘hidden’ hosts and/or vulnerabilities

As necessary, the program coordinator will independently assess any additional factors not identified above within a client’s scanning program in order to ensure common sense, integrity, consistency and fairness are applied in confirming eligibility and identifying the winning organizations.

How Are the Awards Determined?

Once eligible clients are identified, award winners are determined by compiling a security metric Digital Defense has developed called Security GPA®. Security GPA is an easy-to-understand security metric that is compiled from a combination of individual host risk ratings based on results of recurring vulnerability assessment and penetration testing (if applicable) and standardized system criticality ratings. Security GPA scores are pulled for all clients on a quarterly basis throughout the award year and are based upon vulnerabilities discovered only via non-authenticated methods. This allows our clients who are more proactive in running recurring authenticated scans (thereby finding more vulnerabilities and causing a lower Security GPA) to have an apples-to-apples Security GPA comparison against clients who choose not to run authenticated scans.

The quarterly Security GPA scores are then averaged for the year utilizing a weighting system based on the recency of the Security GPA scores, with the more recent scores weighing heavier into the final average. In order to qualify for an award, the average of the ‘annualized’ internal and external Security GPA scores must be at least 3.75. Once qualifiers have been identified, small adjustments/bonuses are applied based on the following criteria:

Network Size (+0.01 per 100 hosts internally / +0.01 per 10 hosts externally – up to +0.10 points for each network location
Penetration Testing conducted by Digital Defense (+0.10 for internal and external penetration testing – up to +0.10 points for each network location score)
Managed Services (+0.0125 per quarter in which contracted, applied both internally and externally)
Contracted Frequency of Scanning (+0.0125 internally and externally per quarter for on-demand and monthly scanning)
Authenticated Scanning (+0.025 internally during each quarter that at least one network-wide authenticated vulnerability scan(s) was executed or multiple smaller authenticated scans that are the equivalent to a full network scan)

After the above adjustments/bonuses are applied to the ’annualized’ internal and external Security GPA scores, the internal and external Security GPA scores are averaged, and this score is used to rank the qualifiers to determine the awards.

What Are the Awards?

Best Overall Network Security Program

A trophy is awarded to the client with the highest composite Security GPA (the average of internal and external annualized Security GPAs after bonus/adjustment added) of all Digital Defense clients within its category. The three categories for this award are:

Large Network (1000+ live hosts)
Midsize Network (250-999 live hosts)
Small Network (50-249 live hosts)

These awards are generally delivered via FedEx and may include an optional remote or onsite trophy presentation by Fortra’s Managing Director of Infrastructure Protection or his designee, depending on timing and availability.

Excellence in Network Security Award

Awarded to qualifying clients who place within the top 30 of all of Digital Defense's recurring vulnerability scanning clients, regardless of their network size category. These clients are awarded a plaque and receive a congratulatory letter from Fortra’s Managing Director of Infrastructure Protection. These awards are typically shipped via FedEx or U.S. Mail, although they are awarded in person in some instances.

Questions?

If you have any questions or comments regarding the Digital Defense Client Recognition Program, please reach out to your client advocate or contact us.