Top cybersecurity product news of the week
- by nlqip
Upwind adds API security to its cloud security platform
March 13: The Upwind Cloud Security Platform can now detect and respond to API threats in real time at the runtime level, according to the company. The API Security solution catalogs and maps an enterprise’s APIs using real-time traffic analysis and extended Berkeley Packet Filter (eBPF) for better performance and visibility into the API catalog. Upwind also claims that the runtime context that eBPF provides cuts the number of alerts by 95% by filtering out noise.
Nightfall AI adds SaaS security posture management, other features to its generative AI DLP platform
March 11: Nightfall AI has enhanced its generative AI data loss prevention (DLP) platform with several new capabilities. SaaS security posture management provides real-time insights into SaaS security along with automated response capabilities. The DLP platform also offers client-side, content-aware encryption for SaaS apps via a browser plug-in. Data exfiltration prevention capabilities help ensure compliance with SOC 2, PCI-DSS, and other standards using a risk-based approach. Finally Nightfall now provides AI-powered data protection for sensitive customer and enterprise information through SaaS and email monitoring.
Ionix adds exposure validation to attack surface management platform
March 6: Ionix has introduced an automated exposure validation extension to its attack surface management (ASM) platform. The extension was designed to enable continuous exploitability testing on production environments without disruption. Some of its other features include attack surface validation, exploitable risk identification, automated validation and also promises to reduce the need for extensive manual testing.
Sweet Security updates its Cloud Runtime Security Suite
March 6: Sweet Security has added two new components to its Cloud Runtime Security Suite. Non-human identity (NHI) management is designed to help discover and manage the risks of non-human entities in an environment. According to Sweet, NHI management understands the context of non-human attempts to access assets and identity what activity is legitimate. Runtime posture management helps to prioritize cloud security posture management (CSPM) by providing information on the consequences of specific hardening tactics. It does so by identifying where roles and secrets are in use down to the microservice level. It then identifies the asset or service that was the destination of the microservice, which Sweet refers to as monitoring secrets in transit.
F5 adds automated reconnaissance and pentesting to cloud services
March 5: F5 has added automated reconnaissance and penetration testing capabilities into F5 Distributed Cloud Services as a result of the acquisition of Denmark-based Heyhack, announced without further details at AppWorld 2024. F5 Distributed Cloud Services customers can now scan for and discover vulnerabilities impacting their web applications across multicloud environments, which will be completed with recommend web application firewall rules and other appropriate remediations.
Pentera launches automated cloud penetration testing product
March 5: Security validation firm Pentera has announced its Pentera Cloud product. The automated cloud penetration testing tool offers on-demand testing and resilience assessment of corporate cloud accounts against native cloud attacks. The company claims the new product will help guard against attacks originating from anywhere on the attack surface, including on-premises, external sources, and the cloud. Features include automated cloud attack emulation, cross attack surface testing, and evidence-based remediation. Pentera Cloud is part of the company’s security validation platform.
Network Perception adds zone-to-zone segmentation verification with NP-View 5.0 release
March 5: OT network cybersecurity audit and compliance solution provider Network Perception has rolled out a new version of its platform, NP-View 5.0. Its Zone Matrix feature now provides a view of communication among user-created topology zones and subnet and services information. The Interface Connectivity Matrix shows interface interconnectivity on network-connected devices and communication among security zones defined for each device. The company also claims enhanced reporting capabilities for devices and topology with three new tables: network device interface, routes on network devices, and Network Address Translation (NAT) table.
Cobalt launches dynamic application security testing scanner
March 5: Cobalt has launched a dynamic application security testing (DAST) scanner designed to continuously test web applications and APIs for security. This is helped by the integration with Cobalt’s pentest as-a-service platform. The DAST scanner promises to identify vulnerabilities that might get introduced in between manual pentests. It enables the creation of detailed reports that prioritize vulnerabilities for remediation and aid in compliance with regulatory requirements. DAST can be integrated into the software development lifecycle and DevOps pipelines.
Sentra announces generative AI assistant for cloud data security
March 5: Sentra has launched Jagger, a large language model assistant for cloud data security that helps analyze and respond to security threats. Users of Sentra’s Data Security Posture Management (DSPM) and Data Detection and Response (DDR) platform will benefit from Jagger’s insights and recommendations in plain language suitable to all levels of expertise. Sentra claims Jagger reduces up to 80% of the time required to accomplish tasks such as policy implementation and data store reporting.
Cohesity launches AI-powered enterprise search assistant
February 28: Cohesity has launched Gaia an AI-powered enterprise search assistant that brings retrieval augmented generation (RAG) AI and large language models (LLMs) to backup data within Cohesity. With current agreements to integrate Cohesity Gaia with AWS, Google Cloud and Microsoft Azure, users can ask questions and receive answers based on their enterprise data. By adding Gaia’s AI capabilities within the backup environment Cohesity claims to help organizations assess their level of cybersecurity, perform financial and compliance audit checks, answer complex legal questions and to serve as a knowledge base to train new employees.
VulnCheck gives community access to catalog of known exploited vulnerabilities
February 27: Exploit intelligence company VulnCheck has launched a catalog of known exploited vulnerabilities for those joining the VulnCheck Community. The company claims to track 81% more vulnerabilities exploited in the wild than CISA, and alerts customers before missing exploits are added to the CISA KEV catalog an average of 27 days earlier.
Radiant Logic updates its identity data platform, adds AI
February 27: Radiant Logic has released an update to its RadiantOne Identity Data Platform which connects and correlates data from any source, providing insight and visibility across diverse identity stores, including legacy systems. The update comes with a new user experience and introduces RadiantOne AI, an engine that uses LLMs augmented with advanced data visualization capabilities to deliver AI-driven analytics and decision making assisted by its GenAI chatbot AI Data Assistant.
Next DLP adds functionality to tackle shadow SaaS
February 27: Next DLP has added Reveal SaaS Access Security to its Reveal Platform to address shadow SaaS challenges. This new functionality offers a centralized dashboard and inventory with detailed insights into SaaS app usage, continuous monitoring of data transfers within SaaS applications, Real-time controls, including employee education, and a SaaS app inventory.
Entro adds new functionality to its secrets management platform
February 27: Entro has added Machine Identity Lifecycle Management to its context-based secrets management platform. The addition promises to provide security teams with tools to manage, actively monitor and control the entire lifecycle of a secret from creation to retirement. Entro announced new integrations of its platform with CIFS/SMB File Shares and Microsoft SharePoint to enable organizations that have been primarily on-premises and are shifting to the cloud to use the Entro platform to scan and monitor secrets in documents on traditional file shares or on-premises SharePoint.
Palo Alto Networks protects private 5G networks
February 26: Palo Alto Networks has announced partnerships with Celona, Druid, Ataya, Netscout, Nvidia, and NTT Data to help protect data travelling across private 5G networks. The security vendor is combining its enterprise grade 5G Security with its partners products.
Organizations building new private 5G networks with Celona, Druid, Ataya can secure radio networks through integrations with Palo Alto Networks 5G Security. Netscout’s pervasive, packet-level network visibility will combine at scale with Palo Alto Networks 5G Security, helping security teams gain deep visibility to make intelligent policy decisions. Nvidia’s scalable 5G security ensures that AI-powered applications are optimized for speed, security, traffic accuracy, and data isolation to maintain data sovereignty and achieve multi-terabit, cost-effective security for mobile networks. NTT Data’s complete technology stack, network infrastructure capabilities, and IT consulting and system integration services will help customers to deploy, manage, and secure their private 5G networks.
Cycode adds generative AI-based natural language queries to its Risk Intelligence Graph
February 21: Cycode has added new generative AI capabilities to the Risk Intelligence Graph (RIG) of its application security posture management (ASPM) platform. The enhancements allow security teams to use natural language queries to find answers to application security and development questions. The company claims this will help bridge gaps across AppSec siloes, allowing security and development teams to better predict and mitigate risks.
New Beyond Identity product shows security risk across devices
February 21: Passwordless MFA provider Beyond Identity has announced its Device360 product, a tool that the company claims will allow organizations to identify security risks such as vulnerabilities and misconfiguration in managed and unmanaged devices in real time. They can then remove suspect devices from the network. Device360 works without mobile device management or endpoint detection and response solutions. Other features include a centralized view of vulnerabilities and misconfigurations, real-time and scheduled device query, zero-trust access policy testing, and enforcement of device security compliance during authentication.
IndyKite looks to improve data trustworthiness with an identity-centric approach
February 21: IndyKite has announced a new version of its identity-powered AI enterprise data platform. The company claims its identity-centric approach improves trustworthiness of key data. An AI-driven risk score guides use of the data, and the platform also provides source and verification data for each data point. Real-time analytics and insight discovery features assist with decision making and threat detection and response, according to IndyKite.
Metomic adds “human firewall” features to scale data security workflows
February 20: Metomic has released new “human firewall” features to its data security platform. The features apply to SaaS applications such as Google, Slack, and Microsoft Teams and are designed to help security and compliance teams scale data security workflows for SaaS applications by involving employees in the risk remediation process. Sharing this task with employees will allow for a higher volume of potential violations to be reviewed and addresses, according to Metomic. The company also claims that the human firewall features will allow employees to report false positives to security teams or provide justification for sharing business data. The human firewall features are now available to all Metomic customers.
Vectra AI launches 24/7 managed extended detection and response service
February 15: Vectra AI has launched Vectra MXDR, a global managed extended detection and response service. Available 24/7, Vectra AI is designed to defend against attacks in hybrid and multi-cloud environments. It provides attack surface visibility across identity, public cloud, SaaS, data center, and cloud networks and endpoints by integrating with EDR vendors, according to Vectra AI. Features include AI-driven attack signal intelligence, remote response and remediation, managed security policy configuration, and end-to-end detection and response coverage. Vectra MXDR is available to current customers.
BigID adds access governance controls
February 15: BigID has announced new access governance controls for its cloud and hybrid data security and compliance platform. The new features allow customers to monitor and manage access across the cloud and on-premises environments. The company claims the new capabilities will allow organizations to automatically identify. investigate, and remediate access rights violations across structured and unstructured data. This will reduce the attack surface, mitigate insider risk, and enable a zero-trust approach, according to BigID.
Infoblox brings AI-powered security operations features to its BloxOne platform
February 15: Cloud networking and security services firm Infoblox has enhanced its BloxOne Threat Defense DNS detection and response solution with the AI-powered SOC Insights security operations solution. SOC Insights is designed to help security analysts better identify and investigate security events that matter and reduce response time. The company claims that SOC Insights consolidates individual alerts into insights that provide access to device, event, attacker infrastructure details, and Infoblox’s DNS intelligence data. SOC Insights is available now.
Eureka Security brings file-sharing product capabilities to its DSPM solution
February 15: Data security posture management vendor Eureka Software has announced that its DSPM solution has expanded to all major cloud services with the ability to address file-sharing applications such as Office 365, Google Drive, Box, and Dropbox. This allows the DSPM solution to provide visibility and insights into how users share, access, and us data across SaaS, IaaS, and PaaS solutions, the company claims.
Recorded Future releases generative AI assistant for threat intelligence
February 14: Intelligence company Recorded Future has released Recorded Future AI from beta. It is designed to aid human analysts in identifying global threats. Recorded Future AI is built on the company’s Intelligence Graph data model, and it is capable of monitoring and putting into context threats across cyber, physical, and influence operations domains. Recorded Future claims its AI assistant can help enterprises and governments define large, complex threat surfaces in both the physical and cyber worlds.
ReversingLabs Spectra Assure uses AI to detect software supply chain threats
February 13: Software and file security vendor ReversingLabs has released Spectra Assure, which uses AI with complex binary analysis to detect malicious code and malware embedded in software before it is deployed and without the need to have its source code. A build exam in the new tool identifies tampering and malware before deploying software across first-, second-, and third-party components, according to the company. Spectra Assure can report issues in large, complex software packages in minutes or hours, ReversingLabs claims.
February 13: Seal Security has announced its presence with an LLM-powered open-source vulnerability remediation solution. It provides access to security patches across five languages, and the company claims it is able to remediate 95% of critical and high-severity vulnerabilities identified in the last five years. The tool is designed to automate and scale vulnerability remediation with centralized control over the vulnerability patching process.
Legit Security add AI discovery to its ASPM platform
February 13: Legit Security has announced the addition of AI-powered discovery capabilities to its application security posture management (ASPM) platform. The new feature is designed to detect where software developers use AI code. The company claims this gives security leaders and application security teams visibility into AI-related risks from the infrastructure to application layers across the application development pipeline so they know where to put security controls. The new AI capabilities include security policy enforcement, real-time notifications of generative AI code, and alerts on LLM risks.
Cyberhaven aims to stop insider threats with Linea AI
February 9: Cyberhaven has launched Linea AI, which uses the company’s proprietary large lineage model (LLiM) to detect insider threats. That LLiM analyzes workflows and predicts the next likely action or behavior to occur, flagging deviations. Cyberhaven claims the LLiM can look at the entire workflow across time for every data item within the enterprise. Features include risk detection and prioritization, incident summary, smart remediation that recommends responses, and guided prevention for real-time intervention.
Qualys TotalCloud 2.0 adds SaaS protection, supply chain risk mitigation, and more
February 8: The Qualys TotalCloud 2.0 version of its AI-based CNAPP platform now offers a single view of cloud risk and extended protection to SaaS applications. TruRisk Insights provides a single prioritized view of cloud risks, which Qualys claims will streamline the identification of high-risk assets. TotalCloud 2.0 has also incorporated SaaS security posture management with the CNAPP platform. Other new features include supply chain risk management where TotalCloud 2.0 scans open-source software pre- and post-deployment, and operationalized risk reduction, which the company claims removes siloes between IT and security with ITSM integrations. TotalCloud 2.0 is available now.
SailPoint announces two products to help build identity programs
February 8: SailPoint Technologies has introduced two offerings to its identity management portfolio. The SailPoint Identity Security Cloud Standard suite is targeted to companies just starting identity security initiatives. It has a set of core capabilities that centralizes identity-related data, allowing organizations to govern access for all identities across the enterprise in a scalable way, according to Sailpoint. The new Customer Success Portfolio offers three tiers of training and support, including configuration support, adoption workshops, and program oversight, assessment, and guidance.
AppViewX, Fortanix partner to deliver secure digital identity management and code signing
February 7: Machine identity management firm AppViewX and data security company Fortanix are combining their solutions to deliver cloud-based secure digital identity management with code signing in one package. AppViewX’s Digital Trust Platform and Fortanix’s Data Security Manager (DSM) together address two security use cases: the management of machine identities across hybrid multi-cloud environments and simplified secure code signing for improved software supply chain security, according to a joint press release. The combined offering is available through either vendor, joint channel partners, or the AWS Marketplace.
F5 announces new AI capabilities to protect AI-powered applications
February 7: Multi-cloud security firm F5 has enhanced its Distributed Cloud Services solution with API code testing and telemetry analysis. The company also announced that it is implementing AI across its entire product portfolio. The company claims these enhancements provide “AI-ready” API and application security. The AI enhancements are from technology F5 recently acquired from Wib, and they enable vulnerability detection and observability during the application development process and before production. F5 claims it can now offer API discover, testing, posture management, and runtime protection in one platform.
Akamai’s Content Protector aims to stop scraping attacks
February 6: Akamai Technologies has announced the availability of its Content Protector tool, which the company claims stops malicious scraper bots without blocking legitimate traffic. It is able to detect and mitigate those malicious scrapers. Featuresinclude protocol fingering that checks how visitors connect to your site to determine if they are legitimate, evaluation of JavaScript code, the ability to distinguish between human and machine behavior, and risk classification for traffic based on anomalies found.
Teleport Policy centralizes policy management for infrastructure access
February 6: Teleport, which specializes in infrastructure access, has launched Teleport Policy, a tool designed to unify access control and policy across an organization’s infrastructure. The new product provides visibility into how engineers, users, and workloads access infrastructure and data. The company claims this allows their customers to identify issues such as inappropriate privileges and remove them. Another feature is intended to speed investigations and responses via a unified Access Graph view of access relationships. Teleport Policy is an extension of the company’s Teleport Access platform.
Metomic launches Metomic for ChatGPT
February 5: Data security firm Metomic has introduced Metomic for ChatGPT, which the company claims will help protect sensitive data while using OpenAI’s generative AI tool. The new solution provides visibility to what data is uploaded to ChatGPT. Metomic for ChatGPT is a browser plug-in, allowing it to identify when an employee logs into the ChatGPT website. It then scans the data going into the generative AI platform in real time. It then alerts the security team if sensitive data is being moved.
February 5: Critical infrastructure protection company OPSWAT has announces enhancements to its line of MetaDefender Kiosk products. Described as “peripheral media scanning stations,” MetaDefender Kiosk products are devices that scans removable media for threats. OPSWAT has added a Kiosk Mini form factor to the line that is intended to be more accessible, portable, and versatile. It can also support tabletop and rugged environments. MetaDefender Kiosk is also now integrated with OPSWAT’s MetaDefender Sandbox and Media Firewall products, enabling adaptive threat analysis for zero-day threat detection. Finally, MetaDefender Kiosk Stand supports VESA-mountable Kiosks and devices. The three-bay stand supports multiple removable media types and includes a hard disk drive bay.
Varonis introduces managed detection and response for the data level
February 5: Varonis Systems’ new Managed Data Detection and Response (MDDR) service aims to identify and stop threats at the data level as well as endpoints. Features of the 24/7 monitoring service include an AI analysis engine that automates investigations, a 30-minute response window for ransomware and 120-minute response for other alerts, and a deployment time measured in hours, according to the company. MDDR is delivered on top of Varonis’s Data Security Platform and is available now.
Secureworks Threat Score uses AI to prioritize alerts
February 1: Secureworks has introduced its AI-powered Threat Score, which is intended to help security analysts prioritize security alerts. The tool identifies which alerts are most likely to have a negative impact based on the organization’s operations. The company claims that by filtering out noise in the alerts, Threat Score can reduce security analyst workloads by about 50%. Threat Score is available as part of Secureworks Taegis XDR.
OX aims to eliminate manual application security practices with new ASPM platform
January 31: OX Security’s new application security posture management solution, Active ASPM Platform, unifies application security practices by providing visibility, traceability, prioritization, and automated no-code workflow-driven response, which the company refers to as an “active approach” to AppSec. OX claims this approach results in a continuous and more accurate targeting of critical threats, which reduces alert fatigue. The solution also provides attack path analysis, active context analysis, and pipeline bill of materials.
Vade uses AI to enhance spear-phishing detection
January 31: Threat detection and response vendor Vade has improved its spear-phishing detection engine with generative AI. The company claims the new technology will allow its engine to better defend against advanced threats, including those created by AI, and provide a greater degree of confidence of detection. The spear-phishing engine has been trained on traditional and AI-created spear-phishing email messages. The new spear-phishing engine is now implemented in its Vade for M365 email security suite.
SentinelOne enhances threat hunting capabilities of WatchTower and WatchTower Pro
January 30: Sentinel one has announced the general availability of new machine-learning and advanced behavioral threat-hunting capabilities for its WatchTower and WatchTower Pro managed threat hunting services. The new capabilities include anomalous and suspicious behavior detection, expanded coverage against known and emerging threats, 24/7 real-time threat hunting, and access to WatchTower’s in-house threat intelligence library. As before, the new capabilities are backed by human experts.
New connector gives Varonis wider database support
January 30: Varonis has enhanced its data security posture management capabilities with the addition of a universal database connector, which enables its platform to integrate with connected databases hosted on-premises or in the cloud. The company claims this integration will allow its customers to use Varonis’s library of classifiers and scalable architecture to centralize data classification. The Varonis platform works with structured, semi-structured, and unstructured data.
Keyfactor offers PKI integration with Quantinuum Quantum Origin
January 30: Identity security provider Keyfactor has partnered with quantum computing firm Quantinuum to offer a public key encryption (PKI) platform that integrates with Quantinuum’s Quantum Origin quantum entropy solution. With this integration, Keyfactor EJBCA can now provide stronger root of trust to provide certificates, according to Keyfactor, and provides protection against potential misuse of quantum computing technology.
Deep Instinct Prevention for Applications 3.0 enhances file upload, application storage protections
January 25: Deep Instinct has announced the 3.0 version of its Deep Instinct Prevention for Applications (DPA) AI-based deep-learning framework. DPA 3.0, agentless on-demand anti-malware solution, now has improved file upload protections and application storage security. The new deep-learning capabilities use neural networks to avoid shortcomings of other solutions such as inadequate scanning, challenges presented by adversarial AI, or inability to stop unknown malware, according to the company. Unlike other tools that require frequent cloud connections to stay up to date on threat intelligence, DPA 3.0 requires updates only once or twice a year. This in part makes it suitable for use in air-gapped environments.
Black Kite introduces monthly ransomware dashboard
January 24: Black Kite, a provider of third-party cyber risk intelligence, has launch a monthly ransomware dashboard that shows graphs, data, trends, and attack patterns. The company claims it analyzes the top ransomware indicators to identify common vulnerabilities that ransomware threat actors exploit. Black Kite has also developed its Ransomware Susceptibility Index (RSI) using data and machine learning to provide an overview of industry-specific risks, according to the company.
Zscaler launches Zero Trust SASE built with AI
January 23: Cloud security provider Zscaler has announced its Zero Trust SASE. Build with Zscaler’s Zero Trust AI, the new SASE is designed to reduce the cost and complexity of implementing zero-trust security across users, devices, and workloads, according the the company. Zscaler also announced that its Zero Trust SD-WAN is now generally available along with new plug-and-play appliances that the company claims will help its customers modernize secure connectivity for its various facilities.
Mitiga boosts incident response with Kroll partnership
January 23: Cloud and SaaS incident response firm Mitiga has partnered with Kroll, adding that company’s incident response and litigation services to the Mitiga Cloud and Incident Response Automation (CIRA) solution. The company claims that the integration of Kroll’s services will allow its customers to better comply with new US Securities and Exchange Commission (SEC) regulations for incident reporting. Mitiga will also offer its customers other Kroll services at a discount, including red team exercises, penetration testing, and virtual CISO.
PQC Starter Kit from Thales and Quantinuum to help prepare for post-quantum cryptography
January 22: In collaboration with Quantinuum, Thales has launched the PQC Starter Kit, which is designed to help organizations prepare for post-quantum cryptography (PQC) challenges. The kit allows them to test quantum-hardened encryption keys and better understand the potential impact of PQC on the security of their infrastructure, according to Thales. PQC Starter Kit uses current NIST proposed algorithms that organizations can use to test security use cases such as PKI, code-signing, TLS, and internet of things (IoT). The first iteration of the kit incorporates Luna HSMs and Quantinuum’s quantum random number generator technology, which allows organizations to determine whether their keys are securely generated and stored while using PQC algorithms.
ArmorPoint announces cybersecurity program management solutions
January 20: ArmorPoint has expanded its cybersecurity services with a suite of cybersecurity program management solutions, called Managed Risk and Managed Strategy. The company said its goal was to provide a unified approach to cybersecurity by integrating risk management, strategic planning, and real-time threat detection. This allows organizations to take a “proactive and adaptive approach to cybersecurity,” according to the company.
VulnCheck IP Intelligence tracks attacker infrastructure and vulnerable IPs
January 18: Exploit intelligence company VulnCheck has launched its IP Intelligence feature set that tracks attacker infrastructure and vulnerable Internet Protocol (IP) addresses in real time. The new functionality cross-references internet-connected datasets against VulnCheck’s own exploit and vulnerability intelligence information, providing insight around those devices and attackers’ command-and-control infrastructure, according to the company. IP Intelligence provides a downloadable and searchable dataset to identify vulnerable internet-connected devices. It also generates lists of IP addresses for use in block lists.
Fortinet launches Wi-Fi 7-enabled secure networking solution
January 17: Network solutions provider Fortinet has announced what it claims to be the first secure networking solution integrated with Wi-Fi 7. Forti-AP 441K is a Wi-Fi 7 access point, and FortiSwitch T1024 supports Wi-Fi 7 bandwidth requirements with 10 gigabit Ethernet access and 90W Power over Ethernet (PoE) technology. Both are part of the Fortinet Secure Networking solution and integrate with AIOps and FortiGuard AI-Powered Security Services. Wi-Fi 7 is the latest wireless technology designed to support wireless devices running data-heavy applications.
Salt Security adds API posture governance to its API Protection Platform
January 17: API security firm Salt Security has enhanced its API Protection Platform, including the addition of an API posture governance engine, an API filtering and querying capabilities, and improved behavioral threat response capabilities. The API posture governance engine helps organizations to create corporate standards for API posture and assess compliance with those standards, industry best practices, and regulatory requirements. The company claims it will keep API lifecycle stakeholders in sync and ensure security standards are followed throughout the API lifecycle. New API filtering and querying capabilities allow for better API asset discovery and management while providing details about their purpose, usage patterns, and risks. Enhanced behavioral response will allow SecOps teams to better prioritize, triage, and analyze API-related security events, according to Salt. Other enhancements include better sharing of API intelligence and enterprise onboarding and operationalization improvements.
Living Security announces Unify Power Insights for risk operations
January 17: Human risk management firm Living Security has launched Unify Power Insights, which is intended to provide visibility into which employees are most vulnerable to risks such as phishing, account compromise, malware, or data loss. It does so by gathering intelligence data from multiple sources such as identity management and security tools. According to Living Security, Unify Power Insights allows security teams to observe grouping of user behavior and detect spikes in risky activities. The solution also provides suggestions to mitigate those risks.
Savvy launches Identity-First Security to manage IAM permissions
January 16: SaaS security platform provider Savvy has announced Identity-First Security, which is designed to discover risks associated with combinations of identity access management (IAM) permissions, user behavior, and business context. According to Savvy, Identity-First Security allows organizations to identify risks such as rogue administrators, compromised accounts, shadow identities, shared accounts, incomplete offboarding, and more. The solution also provides automated playbooks that set “security guardrails” that encourage users to mitigate risks before they become security incidents, the company claims.
GTT Communications brings Fortinet SASE to its MSSP offering
January 16: Managed network and security service provider GTT Communications now offers secure access service edge (SASE) capabilities powered by Fortinet. This includes Fortinet’s zero trust network access (ZTNA), firewall-as-a-service, cloud access secure broker (CASB), and secure web gateway (SWG) solutions, all working alongside GTT’s Managed SD-WAN offering. The Fortinet solutions are deployed within GTT’s network infrastructure and all traffic is maintained on the company’s global IP backbone. GTT claims this will reduce latency, jitter, and packet loss as well as improve availability.
Wiz AI-SPM now available for the OpenAI platform
January 11: CNAPP provider Wiz has announced an OpenAI SaaS connector that extends support for its AI-SPM AI security tool to the OpenAI API platform. The tool provides OpenAI developers with visibility into their OpenAI pipelines and allows them to better mitigate risks across the cloud and OpenAI via the Wiz Security Graph, the company claims. Security teams can now have visibility into new training jobs that AI developers create in a single view. AI-SPM also allows for attack path analysis to detect risks. The Wiz OpenAI SaaS connector for AI-SPM is available now.
Dasera adds Microsoft 365 to its data security posture management platform
January 10: Data security posture management (DSPM) firm Dasera has expanded its platform to include protections for Microsoft 365. This allows greater visibility of data across OneDrive, SharePoint, and Teams, according to the company, allowing organizations to better identify and manage sensitive data. With its DSPM platform, Dasera claims the enhancement will help optimize privacy processes using its policy engine as well as assess risk from files shared in Microsoft 365 apps.
Cohesity Cloud Services now supports Microsoft Azure workloads
January 9: Cohesity Cloud Services (CCS) has added support for Microsoft Azure workloads, specifically the backup and recovery of Azure virtual machines (VMs) and Azure SQL databases. The new Azure VM capabilities within CCS include backup and recovery of an entire VM in place or to an alternate location, region, or resource group, and support for Azure VM backup using private endpoints with a shared access signature. CCS Azure SQL database capabilities include full backups on a customizable schedule, automated backups, portability of SQL databases to and from the cloud, and immutable backups stored outside the tenant.
TitanHQ announces PhishTitan anti-phishing solution
January 9: Cloud-based email security solutions provider TitanHQ has launched PhishTitan Integrated Cloud Email Security (ICES). The solution works within Microsoft 365 to scan internal and external email messages. It has native and API-based integration with Exchange Online Protection (EOP) and Microsoft Defender. The company claims that PhishTitan ICES will block and remediate business email compromise, account takeover, VIP impersonation, and zero-day threats. The product is available now.
SpecterOps adds Active Directory Certificate Services protection to BloodHound Enterprise
January 9: SpecterOps has updated its BloodHound Enterprise (BHE) platform with new attack paths for Microsoft Active Directory Certificate Services (ADCS). The BHE platform is designed to remove identity attack paths in Microsoft Active Directory and Entra/Azure AD. The new ADCS attack paths focus on common misconfigurations that allow attackers to steal certificates, achieve account persistence, and gain control over Active Directory domains, according to the company.
LogRhythm releases updates to LogRhythm SIEM and LogRhythm Axon
January 4, 2024: LogRhythm has updated its self-hosted LogRhythm SIEM and cloud-native LogRhythm SaaS SIEM platforms. Enhancements to the former include more support for onboarding new Beats and Open Collectors from a single location, simplified Windows event log onboarding, improved analyst workflows while reviewing alarm notifications, and an expanded library of supported log sources. Enhancements to LogRhythm Axon include a new interactive single investigation screen that provides contextual case insights with drill-down of log sources and security analytics; an improved assisted search feature that suggests recent searches, search lists, and search queries; a new collector for Microsoft Office 365 Management API, and more efficient Axon Agent management for on-premises data collection.
Valimail launches Align to meet Google and Yahoo email authentication requirements
January 4, 2024: Valimail, a provider of DMARC, automated authentication, and anti-phishing solutions, has released Valimail Align, which is designed to validate compliance status for new sender authentication requirements from Google and Yahoo. Starting in February, Gmail and Yahoo bulk email senders will be required to authenticate outgoing mail or risk being blocked. Valimail claims that Align checks for alignment between the SPF and DKIM email protocols to meet the new requirements. Valimail’s automation suite can then be used to reach compliance in a matter of days, according to the company.
Mitiga announces Investigation Workbench to assess cloud and SaaS incidents
December 19: Mitiga has added Investigation Workbench to its line of cloud and SaaS incident response solutions. The company claims its new tool will provide more clarity on all multi-cloud and SaaS activities through a single view. Investigation Workbench, part of Mitiga’s IR2 cloud investigation and response automation (CIRA) platform, is designed to give security operation center teams visibility into chains of events across their cloud and SaaS environment. According to Mitiga, this allows for faster and simpler determination of materiality of a cyber event so that they can respond appropriately.
Kasada enhances it bot defense platform
December 19: Bot management firm Kasada has enhanced its bot defense platform and claims it can now better defend against the latest methods attackers use to evade detection. New features include randomized and dynamic defenses across its architecture to make them harder to bypass, machine language anomaly detection, integrity checks on client-side data collection, and attack analytics for classification, drill-down, and filtering. The new enhancements are available now to all Kasada customers.
AI-powered AskOmni bot designed to assist with SaaS security
December 19: SaaS security posture management (SSPM) firm AppOmni has introduced AskOmni, which it describes as an AI-powered SaaS security assistant. AskOmni works with the AppOmni SaaS security platform to allow natural language queries for common SaaS security decisions. Its generative AI technology helps security administrators to more quickly identify and remediate issues, the company claims. Other features include an context-sensitive chat interface and notifications, risk assessment, real-time threat intelligence, and automated code generation for issue resolution. AskOmni is now available as a tech preview and will be rolled out in phases during 2024
Safe Security adds module to assist in SEC Compliance
December 13: Safe Security has added a module to its platform to assist with achieving compliance with SEC reporting requirements. Safe Security, a specialist in AI-driven cyber risk management, said the SAFE Materiality Assessment Module will “enable security and risk leaders to achieve SEC compliance by estimating and tracking materiality of cyber incidents.”
The company said in a press release that the module is based on a tunable factor analysis of information risk (FAIR) materiality assessment model (MAM). “SAFE Materiality Assessment Module allows organizations to model estimated financial losses from top risk scenarios with FAIR-MAM to cost-effectively target security or cyber insurance investments,” said COO Pankaj Goyal. “This allows them to leverage the insights to prepare for the probable financial impact to follow. The SAFE Materiality Assessment Module is a game-changer for security and risk leaders.”
Telaeris announces RTLS emergency mustering system
December 13: Telaeris, a provider of handheld solutions for physical access control systems, has announced its XPressEntry Real-Time Location Systems (RTLS) Emergency Evacuation Mustering system. Powered by HID’d Bluetooth Low-Energy (BLE) beacons and gateways, the new product provides an automatic way to account for badged workers and visitors in emergency situations. Strategically placed BLE beacons keep track of badge locations, while gateways are placed at designated emergency assembly areas, so the system knows the location and identity of missing persons.
Google Cloud announces general availability of Duet AI in Security Operations
December 13: Google Cloud’s Duet AI in Security Operations is now generally available. Announced earlier this year at the RSA Conference, Duet AI in Security Operations can search through large data sets using natural-language queries, automatically generate summaries about case data and alerts, and provide context and recommendations for remediation.
Duet AI in Security Operations is included with Google Cloud’s Security Operations Enterprise and Enterprise Plus packages. Google Chronicle customers will have free access to Duet AI until March 5, 2024.
Perception Point launches security awareness training program
December 13: Threat prevention provider Perception Point said it has launched a new security awareness training program for its customers that will be integrated into its Advanced Email Security product. The program is intended to help organizations counter advanced social engineering attacks by focusing on employee behavior and tailoring cybersecurity training to specific needs, the company said in a press release. The training program leverage services from training services provider DCOYA and offers behavior-centric security awareness training to counter cyberattacks including advanced social engineering.
“The program leverages machine learning algorithms to seamlessly integrate best practices from behavioral psychology and marketing methods, automating training that is tailored to the specific needs of each employee,” the company said. “This reduces the likelihood of successful cyberattacks, data breaches, and other malicious activities.”
AI-powered analytics incorporated into Zscaler
December 12: Cloud security provider Zscaler has added Business Insights, an AI-driven analytics tool, to its Business portfolio. Business Insights will enable organizations to curtail SaaS sprawl and optimize office usage to improve workplace experience while saving money, the company claims.
The company said it has also incorporated enhancements to the wider portfolio include new AI-powered innovations within its Zscaler Risk360 and Zscaler Digital Experience Monitoring products. The additions were documented in a company blog.
Qmulos introduces real-time, data-driven compliance automation and auditing updates
December 12: Compliance, security, and risk management automation provider Qmulos has announced the general availability of its Q-Compliance V4.4.0 and Q-Audit V3.7.0 platforms. “The latest releases of both products add seamless workflow and ticketing capabilities to enable customizable processes for organization-specific security and compliance investigations, escalations, and approvals,” the company said in a press release.
Q-Compliance V4.4.0 introduces customizable system authorization workflows designed to provide organizations with streamlined authorization requests and approvals for their continuous authority to operate process, the company said. Q-Audit V3.7.0 includes alerting capabilities with ticketing workflows to provide real-time insights and actionable steps to fortify defenses against insider threats and other malicious activities. More information was made available on the company’s blog.
Censys adds threat-hunting tiers and enhancements
December 12: Threat-hunting intelligence platform Censys has added two new product tiers to its search tool, Censys Search Solo and Censys Search Teams. The additions are part of a series of strategic initiatives to enhance the security community, including the introduction of threat-hunting boot camps, the Censys Beta Workshop and significant upgrades to product infrastructure, the company said in a press release. Each tier is available month-by-month or on an annual basis, Censys said.
“Empowering the threat intelligence community is one of Censys’s biggest priorities, and with these two new product tiers, we can continue to help researchers enhance their threat hunting work, no matter the size of their team,” said Censys CEO Brad Brooks.
Descope Fine-Grained Authorization enables granular access control
December 12: Descope has launched an update to its authentication and user management software as a service platform by combining roles with relationships to create flexible access control.
With Descope’s SDKs and APIs, Fine-Grained Authorization (FGA) can define and assign permissions based on relationships between entities, enabling them to set up authorization systems that can match the nuances of their business. FGA allows organizations to add relationship-based access control (ReBAC) capabilities to their applications.
The new functionality allows organizations to define a schema listing out the types of entities and the possible relationships that exist within their app; store the schema so that it can be queried, managed, and updated as relationships evolve; build out relationships between specific entities based on the existing schema; and add checks within the app that can refer to the defined relationships before making authorization decisions.
Nedap launches Access AtWork SaaS access control system
December 11: Nedap has launched a software-as-a-service (SaaS) access control system called Access AtWork that the company claims will provide “companies looking to replace their outdated on-premises systems with modern and easy-to-use software that provides better insights with less effort and smaller investment.”
The new system will assist small to medium-size enterprises wanting in managing physical access across multiple sites, Nedap said in a post on its website. It operates on an authorization model that enables administrators to manage access based on hierarchical teams and zones. The solution is GDPR compliant and includes such security measures as redundant and secure hosting of data in certified datacentres within the European Union.
Fortinet adds Gen AI assistant to SIEM, SOAR platforms
December 11: Fortinet has added a generative AI assistant, Fortinet Advisor, to its FortiSIEM security information and event management solution and to FortiSOAR the security orchestration, automation, and response offering. According to Fortinet, Advisor is designed to help SecOps teams investigate and remediate threats faster.
Fortine Advisor features include interpreting security alerts and generating summaries, helps analysts by accepting natural language queries and returning useful results, suggests threat remediation plans and helps to generate playbook templates translating processes to actionable plans. The assistant will be continuously updated by Fortinet AI and product specialists with the latest threat information.
Nimbus-T Global introduces Nimbus-Key ID & Authentication System
December 11: Nimbus-T Global has added its Nimbus-Key ID & Authentication to the company’s line of identity and authentication products. It is an enterprise-level passwordless authentication solution that uses a dynamically encrypted Nimbus-Key ID. Each user gets their own global ID, which the system verifies using know-your-customer (KYC), AI, and biometrics methods.
Qrypt and Los Alamos National Labs develop quantum random number generator
December 7: Qrypt and Los Alamos National Labs (LANL) have developed Qrypt’s Quantum Random Number Generation (QRNG), which will be part of Qrypt’s cloud-based Quantum Entropy and Quantum Key Generation services by helping generate “true” quantum randomness. Qrypt and LANL use photon bunching to advance provable QRNG by meticulously filtering out classical noise, isolating the quantum effect essential for determining the system’s minimum entropy, according to Qrypt.
Netskope completes roll out of Localization Zones
December 7: Netskope has completed the rollout of Localization Zones to its NewEdge security private cloud, first introduced in February 2023. It provides a localized experience for over 220 countries and territories. The localization zones enable better digital experience as if going direct-to-net. It also provides native language and localized content support for websites, as well as access to geo-fenced content and applications, even if there is no in-country data center.
Coro 3.0 combines EDR, SASE, and email security into a single platform
December 6: Coro has launched its 3.0 version of its modular cybersecurity platform. Aimed at midmarket companies, Coro 3.0 has 14 integrated modules including endpoint detection and response (EDR), secure access service edge (SASE), email security, data governance, next-generation firewall (NGFW), and DNS filtering.
The company claims its new platform protects six key enterprise domains: cloud apps, endpoints, email, sensitive data, network, and users. All the modules can be managed and monitored through a single dashboard. Communication among the modules is handled by an AI-driven data engine that, according to Coro, automatically remediates threats and surfaces only the most critical events.
Coro sells each module individually or in bundles. Each module starts at $4 per user, per month. The cost for all 14 modules starts at less than $18 per user, per month.
Genetec announces new version of Security Center
December 5: Unified security, public safety, operations, and business intelligence provider Genetec has released a new version of its flagship Security Center platform, moving it to a continuous delivery approach.
The update adds new features including mapping enhancements, including a new map widget for dashboards and improved zoom behavior and configuration enhancements for authentication services. The company said it plans to release more features for Security Center throughout 2024 to enable advanced workflow activities.
Application security training provider Security Journey adds industry standard support
December 5: Coding and AppSec training provider Security Journey has added industry standard support capabilities to its platform. The company says it’s platform now includes support for Web Content Accessibility Guidelines (WCAG), System for Cross-Domain Identity Management (SCIM) and continued compliance with SOC2 Type 2.
“The new capabilities mean large enterprises can now provide application security education to their development teams from a platform that meets security, global accessibility, and automated user provisioning requirements,” Security Journey said in a press release.
These features ensure that in-depth training programs are provided to all learners including those who are sight and hearing-impaired, streamline user access and lifecycle management, and provide additional assurances on the rigorous security of the platform.
Cloudbrink adds firewall-as-service to zero-trust access platform
December 5: Cloudbrink has added firewall-as-a-service (FWaaS) to its zero-trust access solution that it says enables admins to set granular controls according to static and dynamic properties of end-users and their devices.
The company, which provides zero-trust application connectivity for hybrid workforces, claims that offloading remote-user security functions improves the stability of existing firewalls and the network performance experienced by remote users.
“Existing firewalls were never designed with a large work-from-anywhere workforce in mind,” Cloudbrink CEO Prakash Mana said in a press release. “Our FWaaS takes care of the remote users, leaving the existing firewall to do the jobs it was intended for — such as Layer 3 protection against DDoS attacks. If you’re only using a firewall to protect a remote workforce, the Cloudbrink service can replace it altogether.”
Cloudbrink’s FWaaS static properties include rules about what resources or applications can be accessed by individuals and the company said it plans to release dynamic properties covering device compliance as well as extended reporting capabilities enabling security and networking teams to spot anomalies based on user behavior and opportunities to tune application performance.
Varonis launches automated security for data in multi-cloud environments
December 5: Varonis has updated its cloud-native platform to help customers continuously discover regulated data, remediate misconfigurations and excessive access, and stop attacks on data in services such as Azure Blob and AWS S3, RDS, and unmanaged databases in EC2.
The update was designed to improve users’ access to a centralized overview of data and cloud security posture. It also aims to help discover and classify sensitive data stored in Azure Blob and AWS databases; identify and remediate exposure risk through excessive access, misconfiguration, and third-party applications; and monitor activity to detect and investigate threats across the cloud ecosystem.
Databarracks launches cloud-based recovery landing zone
November 30: Databarracks launched Jump-Start, a preconfigured, cloud-based disaster recovery landing zone. By using infrastructure as code, resources, networking, security, and governance can be activated for recovery.
Databarracks claims that deploying the disaster recovery in the cloud through infrastructure as code means it’s isolated, secure and unaffected by issues to production. “Recovery is accelerated because we bring the backups and the recovery environment together,” Databarracks MD James Watts said in a statement.
The benefit, according to the company, is that there is no need for alternative hardware available or a recovery site.
Uptycs announces Cross-Cloud Anomaly Detection Engine
November 29: Uptycs announced its Cross-Cloud Anomaly Detection Engine, which is, according to the company, capable of analyzing billions of events in near-real time. The tool helps identify potential breaches on workloads running on AWS and hybrid multi-cloud environments.
Uptycs uses machine learning techniques and correlates anomalies with MITRE Engenuity’s ATT&CK Evaluations: Enterprise detections to minimize the time to detect threat behavior.
Piiano launches code analyzer
November 29: Piiano has launched code analyzer Flows. The tool is designed to continuously analyze source code during the development process and to track when, where and how sensitive data is being used and stored. Piiano claims the tool finds potential data leaks inside source code and ensures that sensitive information is protected before the code reaches production.
A trial, limited version of Flows will be available for free until the end of 2023. After that the pricing model will depend on the number of scans and number of code repositories.
Skyhawk adds AI-based, autonomous purple teaming to platform
November 28: Skyhawk Security has introduced an AI-based, autonomous purple team to its platform to provide adaptive cloud threat detection and response.
The addition of its Continuous Proactive Protection feature to Skyhawk’s cloud threat detection and response Synthesis Security Platform continuously enhances the protection of a customer’s cloud, the company said in a press release.
According to Skyhawk, the new offering continuously analyzes customer cloud infrastructure, proactively runs attack simulations against it and uses the results to prepare verified detections, validated automated responses and remediation recommendations to ensure the cloud has the most up to date security defenses in place.
This process includes learning and automated adaptation of threat detection to enable security teams to take proactive and adaptive approaches to security strategy. The feature runs an AI-based red team against an AI-based blue team to discover least-resistance paths, simulating attacks against them and using the results to improve security.
Lacework launched gen AI assistant to support alert response
November 28: Lacework launched a generative AI assistant to help security teams respond to alerts from the Lacework platform. Assistive AI is designed to help teams understand why they should look at a particular alert and also offers guidance on how to investigate and address the issue.
The assistant combines the insights generated from Lacework Polygraph machine learning with the assistive technology from LLM’s. Lacework also uses generative AI model services from Amazon Bedrock, experimenting with different models.
Immuta integrates Data Security Platform with Amazon S3
November 27: Data security firm Immuta has introduced native integration between its Immuta Data Security Platform and Amazon’s Simple Storage Service (Amazon S3) object storage service. This integration provides customers with streamlined data access control and security across storage and compute platforms using Amazon S3 Access Grants, a new Amazon S3 access control feature that enables customers to manage data permissions at scale for user identities managed by corporate directories.
“Immuta helps simplify data access and security for data stored in Amazon S3 so users can more safely leverage that data for their analytics and AI initiatives. This, paired with Immuta’s ‘write once, apply everywhere’ policy approach, helps customers democratize and increase data usage while still adhering to global regulations,” CTO Steve Touw said in a press release.
Amazon S3 stores more than 350 trillion objects with over 100 million requests per second to process a multitude of workloads including artificial intelligence and data analytics. The recently added AWS Access Grants feature maps identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3, helping to manage data permissions at scale by granting S3 access to end-users based on their corporate identity.
Trend Micro launches AI assistant
November 27: Trend Micro launched Trend Companion a generative AI tool designed to help analysts save time on manual risk assessment. The company claims the tool explains and contextualizes alerts, triages and recommends customized response actions, decodes and explains complex scripts and command lines, helps analysts develop and execute sophisticated threat hunting queries, and helps incident responders develop OSQuery queries in the IR and forensics module.
The combination of adaptive, model-driven threat alerts in Trend Vision One and Companion’s gen AI capabilities can accelerate incident response times by 30%, reduce incident reporting by up to two hours per report, and drive more complete attack containment, according to Trend Micro.
Sumo Logic adds new features to its platform to better integrate with AWS services
November 27: SaaS analytics platform Sumo Logic has added new features and updates to its platform to expand and accelerate troubleshooting and security across AWS environments.
The new features include Sumo Logic Log Analytics for AWS, which “delivers a curated view and a single pane of glass for monitoring and troubleshooting AWS services easily and effectively,” the company said in a press release. “The zero-configuration solution automatically collects logs and metrics data from 12 core AWS services including EC2, Lambda, ECS, RDS, DynamoDB, API GW, and Load Balancers, in one single step.”
Sumo has also added Cloud Infrastructure Security for AWS, designed to provide insight into active threats, non-compliant security controls, and suspicious activity across complex AWS environments.
The company said it has added several new features to its artificial intelligence and machine language models:
- AI-Driven Alerting uses advanced anomaly detection, machine learning, and intelligent playbooks to reduce the noise of daily alerts and false alarms by highlighting the most critical issues that require immediate attention.
- Global Intelligence for AWS CloudTrail DevOps gives insight into AWS performance and configuration.
- Global Intelligence for AWS CloudTrail SecOps enables the detection of potentially malicious configuration changes in AWS accounts by using a machine-learning model to compare CloudTrail events against a cohort of AWS customers.
November 27: Data security firm Fortanix has launched the Key insight as an included capability in its Fortanix Data Security Manager platform. Key insight is designed to discover, assess, and remediate risk and compliance gaps across hybrid multi-cloud environments.
Key Insight provides consolidated insights and control of all cryptographic keys to protect critical data services, the company said in a press release. “Security, cloud and developer teams can collaborate to assess risk posture and remediate compliance gaps consistent with policies, regulatory mandates, or industry standards (NIST, GDPR, PCI, etc.),” Fortanix said.
Wiz brings native AI security capabilities to its CNAPP
November 16: CNAPP vendor Wiz has introduced Wiz for AI Security, which adds native AI security capabilities to its cloud-native application protection platform. It has four main components: AI Security Posture Management (AI-SPM), an AI security dashboard, and AI extensions for Wiz’s Data Security Posture Management (DSPM) and Attack Path Analysis capabilities.
AI-SPM is designed to mitigate the risk of shadow AI by providing visibility into all resources and technology in an organization’s AI pipeline. The company claims it can detect AI services across cloud services, SDKs, and AI technologies such as AWS SageMaker, GCP Vertex AI, and Azure Cognitive Research.
By extending DSPM to AI, Wiz aims to identify and protect AI training data in the cloud by providing out-of-the-box controls. Attack paths that risk data leakage or poisoning can then be removed.
Attack Path Analysis can now assess AI pipeline risk across vulnerabilities, identities, data, misconfigurations, and more. Those risks can then be correlated on the Wiz Security Graph and potential attack paths can be removed.
Wiz’s new AI security dashboard is intended to help AI developers understand their AI security posture. It provides a prioritized list of risks as well as an AI inventory and known AI SDK vulnerabilities.
IONIX adds exposure management features to its attack surface management platform
November 16: IONIX has announced the launch of Threat Exposure Radar, which the company calls the first threat exposure management capability. IONIX will integrate the new technology with its attack surface management (ASM) platform. IONIX claims that Threat Exposure Radar provides a unified view of exposure to threats across the enterprise including cloud, on-premises, SaaS, and third-party systems.
The new solution consolidates security findings into a single view with two options: a radar-like visualization and a summary table from which users can drill down for more explanation or instructions for mitigating the exposed assets. Data is color-coded to highlight urgent items needing attention.
Living Security announces Human Risk Operations Center
November 15: Living Security has announced the Human Risk Operations Center (HROC), a combination of the security operations center (SOC) security awareness and training, and governance, risk, and compliance (GRC) teams. HROC is powered by the company’s Unify platform and aggregates and correlates employee behaviors using data from an organization’s existing security tools.
The company claims it offers one pane of glass with real-time visibility into a company’s riskiest people, departments, and programs. This helps SOC and GRC teams plan next actions and measures the impact of improving policies and behaviors. It supports API integrations for some of the most popular security tools including CrowdStrike, Microsoft, Proofpoint, and Zscaler.
HROC is available now and can be deployed in existing Security Operations Centers or as a standalone offering worldwide, and it is priced based on the size of the organization.
SecureAuth announces new release of Arculix access management and authentication platform
November 15: SecureAuth has released a new version of its Arculix access management and authentication platform. The new release includes enhancements to its Orchestration Engine and improved integration with some Citrix applications and Microsoft Entra ID (formerly Azure). Orchestration Engine improvements include a no-code, drag-and-drop environment to more easily integrate and deploy identity services. Administrators can customize the end-user identity lifecycle including registration, verification, authentication, and post-authorization. Orchestration Engine is available to customers who use the premium version of Arculix, which is sold on a per-user/monthly active user basis.
By integrating with Citrix through its Device Trust solution, Arculix can provide what SecureAuth promises to be a “frictionless login experience.” Arculix can now authenticate users directly against Microsoft Entra ID, allowing for pass-through authentication.
Sophos adds three new threat detection and response solutions
November 14: Cybersecurity-as-a-service vendor Sophos has announced three new solutions and capabilities designed to protect against active threats. Sophos Firewall v20 software with Active Threat Response will identify, stop, and block attacks without the need to add firewall rules, according to the company. The new version also integrates with Sophos’s Zero-Trust Network Access (ZTNA) gateway, which allows secure remote access to applications behind the firewall. The company has also enhanced the network scalability of Sophos Firewall to support distributed environments, and it has improved ease-of-use management.
Sophos Extended Detection and Response (XDR) and Managed Detection and Response (MDR) customers now have access to Sophos Network Detection and Response (NDR) with XDR. Sophos NDR scans network activity for potentially malicious traffic patterns.
Finally, Sophos has enhanced its XDR solution with more third-party integrations to connect security data across multiple sources for faster detection and response, according to the company. Security operations and analyst workflow and case management features have also been improved to better filter alerts and provide visibility from a single console.
OneSpan adds passwordless authentication to its DigiPass Authenticator line
November 14: Digital agreements security company OneSpan has announced an enhancement to its Digipass Authenticators line. DIGIPASS FX1 BIO enables passwordless authentication via a physical passkey and fingerprint scan. The company claims this combination of biometric authentication and public-key cryptography will help companies meet compliance requirements, reduce phishing and other social engineering attacks, and improve the user experience. DIGIPASS FX1 BIO is based on the FIDO standard.
Stream Security announces Cloud Twin cloudsecops platform
November 14: Stream Security (formerly Lightlytics) has announced three new features for its Cloud Twin engine, a cloud security operations (cloudsecops) platform that can help detect and investigate threats and exposures in their cloud environments. The company claims it can now map cloud dependencies in real-time rather than periodically, allowing security and operations teams to better cooperate to address security gaps.
The new features, which will be automatically available to existing customers, are:
- Azure integration: Cloud Twin now supports Microsoft Azure, which Stream Security claims allows it to model all the possible paths and traffic between different cloud platforms.
- Vulnerability correlation: The platform can help security teams prioritize efforts by correlating vulnerabilities with their exploitability level.
- Threat anomaly detection: Cloud Twin now has threat anomaly detection capabilities to identify malicious behavior and unauthorized access.
Kasada launches KasadaIQ attack prediction services
November 14: Threat detection and management firm Kasada has launched a new attack prediction platform designed to counter bot fraud. The KasadaIQ suite debuted with its first service, KasadaIQ for Fraud, with plans to add more capabilities in the future.
KasadaIQ for Fraud is designed to provide businesses with insight into how bots target digital channels and customer data by offering visibility into non-traditional data sources and adversary communities through the “capability to detect attacks before they happen and confirm threats that would otherwise go undetected,” the company said.
Core functions of KasadaIQ for Fraud include:
Unconventional sourcing: Kasada monitors activity within non-traditional sources — including resale marketplaces, fraud groups, proxy providers, account generation groups, and hosting providers.
Early warnings: Kasada’s analysts first identify and vet current and emerging threats within its data system, then send out advance alerts.
Bot acquisition and analysis: Kasada secretly purchases bots in circulation and extensively analyzes how they work.
Stolen credential analysis: Kasada purchases and evaluates stolen credential sets from criminal marketplaces to help the customer remedy security gaps and online fraud.
Dedicated analyst hours: Customers receive a set amount of analyst hours for Kasada to investigate what’s most relevant to their needs, such as intel on fraud groups or reverse-engineering attacks.
Professional services: Kasada will scope custom requirements and provide expert guidance on how to best achieve the desired outcomes.
Cycode debuts ConnectorX with application security posture management capability
November 14: Application security posture management (ASPM) provider Cycode has launched its click-and-consume third-party ASPM connector platform ConnectorX and announced significant enhancements to its risk intelligence graph (RIG) for risk-based prioritization. The platform aims to foster improved collaboration between security and development teams. It includes more than 40 software development lifecycle integrations, including the introduction of support for Wiz and Black Duck.
The Cycode platform provides companies with the choice to use its native ASPM tools or maximize investments in their existing AppSec tools. Companies can plug in any AppSec solution and “within minutes,” gain accurate, real-time visibility into their security posture, according to the company.
DirectDefense ThreatAdvisor 3.0 aims to streamline security operations with SOAR technology
November 14: Information security services company DirectDefense has launched ThreatAdvisor 3.0, a major update to its proprietary security orchestration, automation, and response (SOAR) platform. ThreatAdvisor 3.0 is designed to improve the speed, efficiency, and accuracy of DirectDefense’s Security Operations Center (SOC), the company said in a press release.
The platform offers customized continuous security monitoring and management, automates manual processes, and includes an extensive knowledge base for compliance, security events and mitigation techniques. ThreatAdvisor 3.0 integrates with other solutions to provide a single interface for threat management with more data and better context, the company claims. The platform collects and processes vulnerability and asset data from several sources and compiles them into a holistic view of an organization’s security posture, supporting penetration testing, operational technology (OT) and industrial control systems (ICS) assessments, vulnerability management, managed detection and response (MDR), compliance assessments, and enterprise risk management.
Lacework Code Security expands coverage to full application lifecycle
November 14: Cloud security firm Lacework has added the Code Security product to its infrastructure-as-code (IaC) suite to unify code and cloud security with the aim of allowing enterprises to innovate and deliver secure cloud-native applications with increased speed.
Lacework Code Security introduces two forms of static program analysis — software composition analysis (SCA) targeted at third-party code in customers’ repositories, and static application security testing (SAST) targeting first-party code. The Lacework platform now encompasses code as it is written, infrastructure as code, containers, identity and entitlement management, and runtime across clouds.
Lacework added that customers will have access to always-up-to-date software bills of materials (SBOMs) for every application and continual visibility into their software supply chain, as well as an understanding of open-source license risk.
Palo Alto Networks updates Cortex XSIAM
November 13: Palo Alto Networks has announced Cortex XSIAM 2.0, an updated version of its existing product that now has a command center, MITRE ATT&CK Coverage Dashboard and bring your own ML (BYOML) among other updates.
The new features are:
- XSIAM Command Center: With a more user-friendly design, XSIAM Command Center offers a comprehensive overview of SOC operations, including visibility into all data sources being consumed by XSIAM, security alerts and incident information, such as the number of resolved or open security incidents.
- MITRE ATT&CK Coverage Dashboard: This is designed to allow mapping coverage directly to MITRE ATT&CK, providing detailed visibility of detection and prevention coverage across tactics and techniques into the MITRE ATT&CK framework.
- Bring your own ML: For organizations that want to build their own custom ML model, XSIAM ingests complete security data across hundreds of supported sources to enable better out-of-the-box AI/ML analytics. SOCs can use this to create and customize ML models as well as integrate their own models.
- Contextual in-product help assistant: Access to product help and documentation without the need to navigate out of the product.
- New security protection: Improve detection and protection coverage capabilities with new modules for early detection of threats targeting macOS ransomware, Kubernetes(K8s) and master boot records (MBRs).
- Network detection (NDR) coverage: Expand the network coverage of the endpoints with over 50 new detectors covering generic and specific protocol-based threat detection.
- Advanced Local Analysis for macOS and Linux: Provides enhanced coverage for local analysis of macOS and Linux file systems, leveraging ML models to provide accurate and adaptive responses to evolving threats.
- Free text search: A simplified search that enables analysts to query the entire security data set, without the need to craft specific XQL queries.
- New attack surface management (ASM) policies: New ASM policies added to the existing library of over 700 policies.
Source link
lol
Upwind adds API security to its cloud security platform March 13: The Upwind Cloud Security Platform can now detect and respond to API threats in real time at the runtime level, according to the company. The API Security solution catalogs and maps an enterprise’s APIs using real-time traffic analysis and extended Berkeley Packet Filter (eBPF)…
Recent Posts
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs