Award Ceremony as Part of "it-sa 2025"

IT Security Awards 2025: SentinelOne, CrowdStrike, Darktrace and MetricStream Honored

IT Security Award 2025
Facebook
X
LinkedIn
Reddit
WhatsApp

The winners of the IT Security Awards 2025 have been announced. In the 19th edition, outstanding solutions in the categories of Cloud Security, IAM, Internet/Web Security, and Management Security were honored. The ceremony took place at the IT security trade fair it-sa in Nuremberg.

The Winners 2025:

  • Cloud Security: SentinelOne Purple AI
  • IAM: CrowdStrike Falcon Identity Protection
  • Internet/Web Security: Darktrace ActiveAI Security Platform
  • Management Security: MetricStream

The awards were personally accepted by: Aris Koios, Principal Field Tech Strategist, and Ingo Marienfeld, SVP Central Europe, from CrowdStrike; Ulrich Parthier, Publisher of IT Security; Erhan Oezmen, Vice President, SentinelOne; Marco di Meo, VP Sales, Darktrace; Marko Kirschner, SentinelOne (see photo from left to right).

Ad

Since 2007, IT Verlag has been presenting the IT Security Awards annually, honoring innovation and excellence in the field of IT security.

IT Security Awards 2025: The Winner Solutions at a Glance

  • SentinelOne Purple AI impressed with a conversational AI interface integrated directly into the workflow of security analysts. Employees interact with security data in natural language – the solution correlates data in seconds, creates attack storylines, and reduces the Mean Time to Respond from hours to minutes.
  • CrowdStrike Falcon Identity Protection extends endpoint protection to include Identity Threat Detection and Response (ITDR) and views identity as a critical attack vector. The solution monitors Active Directory in real time for suspicious activity, correlates identity events with endpoint telemetry data, and detects compromised logins that remain invisible to traditional IAM solutions.
  • Darktrace relies on self-learning AI with its ActiveAI Security Platform, which learns directly from the company’s individual business data. Instead of relying on known attack patterns, the solution understands the specific “normal behavior” of the IT environment and identifies high-risk anomalies as well as novel AI-driven cyberattacks across domains.
  • MetricStream offers an AI-powered platform for proactive risk management that goes beyond classic GRC tools. The solution automatically converts risk data into actionable insights: AI-driven risk assessments accelerate decisions, audits automate verification work, and in the cyber GRC area, IT risks are identified in real time.

„The year 2025 shows many innovations in the field of IT security and they are certainly AI-driven, at least in the background. Too much AI posturing, however, does anything but good for the industry.“ — Ulrich Parthier, Publisher of it security


Cloud Security: SentinelOne Purple AI

SentinelOne Purple AI won this year’s IT Security Award in the “Cloud Security” category. The jury thus honored a technology that is not just another tool, but embodies a fundamentally new approach to cybersecurity: the application of generative AI as a proactive partner for security analysts.

Ad

The Innovation: From Tool to Colleague

The winner differs fundamentally from conventional security platforms. While these often only generate alerts and collect data, Purple AI steps in a stage earlier: at human expertise.

The innovation lies in a conversational, generative AI interface that is integrated directly into the analyst’s investigation workflow.

This unique selling point allows users to interact with security data in natural language. Instead of painstakingly writing manual queries in search languages, an employee can simply ask: „Investigate suspicious activity from this IP address over the last 24 hours and summarize the results for my manager.“

Purple AI completes the work in seconds – it correlates data from various sources, creates a comprehensible „storyline“ of the course of the attack, and even generates a finished report for management.

The Tangible Added Value: Hours Become Seconds

For users, this means a drastic increase in efficiency and effectiveness:

  • Force Multiplier for the Team: The solution acts as a force multiplier: it multiplies the effectiveness and productivity of every single SOC employee.
  • Bridging the Skills Shortage: Teams can process a multiple of incidents with existing resources. The entry barrier for new analysts drops significantly.
  • Radical Reduction in Response Times: The Mean Time to Respond (MTTR) is reduced from hours to minutes, minimizing damage in an emergency.
  • Proactive Instead of Reactive Work: Analysts are freed from the burden of the alert flood and finally have capacity for strategic threat hunting.

The Difference: Why This Product in Particular?

Many platforms rely on AI for anomaly detection or automation. Purple AI goes a decisive step further. It is not just a feature, but this force multiplier for the entire team.

  • Other platforms deliver the raw data and alerts (the „what“).
  • Purple AI delivers the analysis, the correlation, the summary, and the recommendation for action (the „so what“ and „what’s next“).

It empowers the human in the decision loop instead of replacing them. It is precisely this human-centric application of AI, which delivers a real, quantifiable added value for overburdened security teams, that convinced the jury and makes SentinelOne Purple AI a more than worthy winner of the IT Security Award.

image 8 scaled 1
Automated triage: As soon as alerts are received, Purple AI steps in to perform automated triage. Rather than overwhelming analysts with every single incident, Purple evaluates incoming signals in context. (Image: SentinelONE)

Automatic Triage: As soon as alerts arrive, Purple AI intervenes in the automatic triage. Instead of overwhelming analysts with every single event, Purple evaluates incoming signals in context.

SentinelOne Purple AI is primarily a cloud-native solution (SaaS), but it was developed to seamlessly protect a hybrid environment. This means:

1. Deployment Model:

  • Primary: Software-as-a-Service (SaaS). The Purple AI platform is operated and managed by SentinelOne in the cloud. Customers interact with the interface via a web browser. No separate on-premise hardware infrastructure is required.
  • Data Sources: The crucial point for cloud security is that the platform can ingest and analyze data from all environments:
    • Cloud environments: AWS, Azure, Google Cloud Platform etc.
    • On-Premise environments: Servers, workstations, endpoints.
    • Containers & Kubernetes: No matter where they run.

The AI analysis takes place centrally in the SentinelOne cloud, but the agents required to collect the data (for endpoints, servers, cloud workloads) can be deployed anywhere.

2. Availability Also as a Managed Service:

Many SentinelOne partners (MSSPs – Managed Security Service Providers) and SentinelOne itself offer to take over the operation of the entire platform, including monitoring and response by their SOC analysts, as a Managed Detection and Response (MDR) service. In this case, the customer „rents“ the expertise and the service, not just the software.

Purple AI therefore wins the award not because it exclusively protects cloud resources, but because it is a modern, cloud-native platform that leverages the agility, scalability, and computing power of the cloud to deliver security for all environments – including cloud, hybrid, and on-premise. This exactly matches the reality of most companies today. Thus, it is clearly a cloud-based security platform (SaaS) for protecting hybrid environments and is available as a managed service.

https://de.sentinelone.com

IAM: CrowdStrike Falcon Identity Protection

Identity Threat Protection is currently one of the most important innovations in the field of IAM.

CrowdStrike is primarily a cybersecurity company specializing in Endpoint Protection (EPP) and Endpoint Detection and Response (EDR). Their core competence lies in detecting and stopping threats on endpoints (laptops, servers, etc.).

IAM (Identity and Access Management) is traditionally a separate field that deals with managing user identities, access rights, and authentication (such as tools like Okta, Microsoft Entra ID/Azure AD, Ping Identity).

The User as the New „Endpoint“

But CrowdStrike is moving strongly into the area of Identity Threat Protection. This means they view „identity“ (the user) as the new „endpoint“. If an attacker steals a user’s credentials, the legitimate account becomes the gateway. Traditional IAM solutions often do not detect this because the login looks technically „correct“.

This is precisely where CrowdStrike Falcon Identity Protection comes in. It is a specialized module that applies the strengths of the CrowdStrike platform (EDR, Threat Intelligence) to identity threats. In doing so, the Active Directory environment is monitored in real time for suspicious activity (such as brute-force attacks, password spraying, kerberoasting, unusual access by administrators).

The platform correlates identity events with other telemetry data on the endpoint. So, if someone logs in from a compromised device, the software can immediately establish this connection and stop the incident.

Furthermore, it offers integration into traditional IAM solutions: The solution therefore does not compete directly with traditional, pure IAM providers. Instead, it integrates with them. For example, CrowdStrike can send risk signals (e.g., „this login is coming from an infected device“) to an IAM solution, which then enforces stronger authentication (MFA) or blocks access.

image 6
The architecture of the CrowdStrike platform. (Image: CrowdStrike)

In summary, it can be said: CrowdStrike is also active in the field of Identity Security / Identity Threat Detection and Response (ITDR). They view identity as a critical attack vector and use their platform to detect and combat identity-based attacks that are invisible to traditional IAM solutions.

In modern security architecture, traditional IAM solutions (which manage the doors) and solutions like CrowdStrike Falcon Identity Protection (which monitor whether someone has stolen the keys and is misusing the door) complement each other ideally.

https://www.crowdstrike.com/de-de

Internet/Web Security: Darktrace ActiveAI Security Platform

With the ActiveAI Security Platform, Darktrace offers a proactive approach to cyber resilience on a single platform. Companies get a clear overview of their current IT security situation at an early stage, allowing them to see potential vulnerabilities or unusual activities before they turn into a real attack or damage. The solution responds autonomously to known and unknown threats.

Learning Based on Individual Business Data

The solution differs fundamentally from others through its use of AI, as Darktrace applies its AI to the company’s data, no matter where it is located. It correlates threats across the entire enterprise. Instead of teaching an AI system what an „attack“ looks like and training it on large data lakes with thousands of corporate data sets, Darktrace AI learns from real, individual business data. In this way, the solution understands what is normal and can thus identify high-risk, anomalous activities for every asset across domains. This makes it possible to detect subtle deviations that indicate a threat, including novel and AI-driven cyberattacks.

Most AI cybersecurity solutions rely on transferring data from the company to large databases hosted in the cloud, where attack patterns are detected so that threats can be stopped if they occur again.

image 1024x645 1
The graphic illustrates the philosophy behind the Darktrace solution, with its “core” being the self-learning AI. (Image: Darktrace)

Attackers are now using AI-driven polymorphic malware, adversarial AI techniques, and stealthy lateral movements – meaning that novel attacks are becoming increasingly common. This renders traditional security models ineffective, and defenders need AI that can keep up. Instead of learning from past attacks, Darktrace combines multiple AI models to understand the „normal behavior“ of the respective company and uncover unusual behavior.

Darktrace’s self-learning AI is based on a multi-layered AI approach that strategically combines different AI methods, techniques, and capabilities. This allows the AI to predict behavior, detect threats, respond in real time, and analyze incidents. All with the goal of reducing cyber risk in organizations.

https://www.darktrace.com/de

Management Security: MetricStream

The solution is more than just a GRC tool. Behind it is an AI-powered platform for proactive risk management. In a world of constantly changing risks and regulations, it is no longer enough to just manage Governance, Risk, and Compliance (GRC). A competitive advantage is created when companies can turn risk information into concrete actions and increase their operational efficiency. This is exactly where MetricStream comes in. The SaaS provider sets itself apart from the competition through a consistently intelligent and integrated platform approach.

The AI-Driven Difference: From Analysis to Action

While many solutions collect data, MetricStream consistently relies on Artificial Intelligence (AI) to turn this data into actionable insights. The unique selling points lie in the automated, predictive intelligence „across the board“:

  • Intelligent Risk Insights: MetricStream simplifies risk management with AI-powered risk assessments and control testing. The platform goes beyond pure data collection by automatically summarizing and evaluating risk exposures. This accelerates decision-making through a smarter risk response and more efficient issue management.
  • Automated Compliance: Instead of manual gap analyses, an AI-oriented approach ensures continuous compliance. The software automatically integrates regulatory updates, maps the company’s compliance profile, analyzes the impact of new regulations, and simplifies overall policy management. This closes the gap between mandate and implementation almost in real time.
  • AI-Driven Audits: MetricStream transforms Internal Audit from an inspector into a proactive advisor. AI-powered audits automate on-site testing, highlight control gaps immediately, and automatically generate audit reports. This allows teams to focus entirely on remediation rather than getting bogged down in paperwork.
  • Proactive Cyber Resilience: In the area of Cyber GRC, the solution identifies and assesses IT and cyber risks in real time. This enables companies to build a proactive, intelligent cyber program that continuously validates controls, adheres to security frameworks, and enforces policies.
  • Resilient Supply Chains: Third-Party Risk Management automates the onboarding, monitoring, and AI-driven assessments of partners. Companies gain real-time insights into their entire ecosystem, effectively strengthening the resilience of their supply chain.
image 7 1024x528 1
MetricStream simplifies enterprise and operational risk management with AI-powered risk intelligence, assessments, and control effectiveness. It accelerates operational efficiency and decision-making through smarter risk responses and issue management. (Image: MetricStream)


The Benefits for Users: Agility and Resilience

Through this AI-powered integration, users achieve a fundamental shift:

  • Proactivity instead of Reactivity: Risks and compliance gaps are detected before they become critical issues.
  • Massive Efficiency Increase: The automation of manual tasks (assessments, reporting, regulatory tracking) frees up valuable resources.
  • Informed Decisions: Real-time insights and consolidated dashboards provide the foundation for smart, risk-aware decisions at all levels.
  • Proven Resilience: Business continuity is ensured through continuous assessments and automated response plans.

Challenge in the DACH Market

MetricStream does not maintain its own German subsidiary but operates through implementation partners such as Infosys and EPAM. This approach is a calculated unique selling point: customers receive the AI-powered platform combined with the deep local industry and compliance know-how (e.g., regarding BAIT, MaRisk, GDPR) of an experienced partner.

MetricStream does not position itself simply as another GRC software, but as an intelligent operations platform for resilience and efficiency. For companies that want to use risk management as a strategic lever for agility and competitive advantage, the solution is a compelling, top-tier option.

https://www.metricstream.com


Ulrich

Parthier

Herausgeber it management, it security

IT Verlag GmbH

Ad
Mobile Security, Samsung KNOX vulnerability, Samsung Galaxy security, CVE-2026-20971, Samsung KNOX vulnerability affecting Galaxy devices, samsung galaxy vulnerability, Samsung, Cyber Security
24. June 2026
Millions of Samsung Devices Exposed to Kernel Attacks
Hacker, AI cyberattack, Claude Code, OpenAI Codex, AI hacking, AI agent used to hack multiple companies, Claude Code and Codex cyberattack analysis, Codex, Claude, AI
24. June 2026
How a Non-Expert Hacker Compromised 14 Companies Using Claude and Codex
AI, Mythos, AI security, Claude Mythos NSA red team security test incident, mythos nsa, Anthropic AI, NSA breach, Anthropic, Claude Mythos, Artificial Intelligence
24. June 2026
Anthropic’s Claude Mythos Allegedly Breaches NSA Systems
Gitex Berlin
23. June 2026
GITEX AI Europe 2026: Berlin Takes Centre Stage in the Sovereignty Debate

Weitere Artikel

Forensic Readiness: How to Preserve Evidence After a Cyberattack
From Failed Backups to MFA Bypasses: Real Cybersecurity Lessons from IT Professionals
Gartner: Attackers Hold the Upper Hand in Four Critical AI Security Threats
Microsoft Defender: Is the free protection in Windows 11 enough?