10 Cool New Security Products Unveiled At Black Hat 2023
Top cybersecurity vendors including CrowdStrike, SentinelOne and Tenable—along with several up-and-coming startups—have unveiled notable new products and services at the Black Hat USA conference in Las Vegas.
Black Hat 2023
If there’s one takeaway from 2023 so far in the cybersecurity sphere, it’s that the cyberthreat landscape remains as dynamic as ever. Traditional ransomware has declined in popularity, according to a number of threat reports, while identity-based cyberattacks and data extortion have surged.
In short, hackers continue to change things up.
But as the threat landscape evolves, so do the cybersecurity products that defenders rely upon. This week in Las Vegas, top cybersecurity vendors are among those on hand for the Black Hat USA 2023 conference, and many are unveiling new products and services aimed at keeping up with—or ideally, ahead of—the changing threats. New security tools and service offerings from companies including CrowdStrike, SentinelOne and Tenable are among those unveiled this week so far. The product announcements at Black Hat 2023 have also included notable offerings from several up-and-coming cybersecurity startups—one of which emerged from stealth Wednesday.
The new security products unveiled at Black Hat span categories including vulnerability management, application security, extended detection and response (XDR), threat hunting and Security Operations Center (SOC) automation. For several of the announcements, utilizing generative AI technologies is a major emphasis—underscoring the fact that Large Language Models and ChatGPT-like functionality remain a key theme at Black Hat, as it was at the RSA Conference in April.
Black Hat 2023 takes place this week through Thursday, Aug. 10.
What follows are key details on 10 cool new security products unveiled at Black Hat 2023.
SentinelOne Singularity Ranger Insights
At Black Hat 2023 Wednesday, SentinelOne unveiled its expansion into the vulnerability management space with the debut of a new product for its Singularity Ranger network discovery offering. The tool, Singularity Ranger Insights, aims to offer a simplified way of prioritizing the most important software vulnerabilities that must be dealt with, according to Lana Knop, vice president of product management for endpoint and identity products at SentinelOne. Ranger Insights does this in part through putting vulnerabilities in the larger context of security issues and risks that a security analyst is assessing, using the same SentinelOne console and same software agent that is used to enable other key security tools such as endpoint detection and response, Knop said.
An analyst using Ranger Insights will therefore “see everything else that we provide to you through that same agent as well, [including] endpoint-based threats, and it’s side-by-side with all these vulnerabilities,” she told CRN. “So you can see a prioritized list of third-party application vulnerabilities, operating system vulnerabilities, as well as information that gives you context for any potential exploitation that can occur.” What this ultimately enables is “an overall streamlining of the process” of managing vulnerabilities, with the added benefit of no longer needing to rely on scheduled network scanning thanks to SentinelOne’s agent-based approach, Knop said.
Singularity Ranger Insights won’t initially offer patching directly through the tool, although that capability is on SentinelOne’s road map for the product, she said.
In addition, the introduction of vulnerability management on SentinelOne’s Singularity platform provides a greater consolidation opportunity for customers and partners that are looking to reduce the number of security vendors they are working with, she said. “The top thing that we’ve heard from customers is they are looking for simplification. They have been mandated with vendor consolidation,” Knop said. “They’re really looking for more from their existing vendors.”
Radiant Security SOC Co-Pilot
At Black Hat 2023, SOC automation startup Radiant Security announced its emergence from stealth and revealed details about its tool that aims to enhance productivity and threat detection for security analysts by leveraging AI. Key capabilities of Radiant Security’s SOC co-pilot offering include enabling dynamic reviews of all security alerts as well as investigation and root cause analysis for incidents, the startup said in a news release. The tool also offers enhanced containment and remediation for cyber incidents to expedite response times. “By deeply scrutinizing every alert, SOCs can find more true threats and get more out of their existing security investments,” said Shahar Ben-Hador, Radiant Security’s co-founder and CEO, in the release. Both Ben-Hador and Barry Shteiman, co-founder and CTO of Radiant Security, previously served in executive roles at Exabeam. Ben-Hador was previously vice president of product management at Exabeam, while Shteiman had been vice president of advanced research at the company.
Radiant Security’s SOC co-pilot works by automating the building of customized response plans for all malicious incidents that are detected, which identifies what the security issues, containment actions and remediation steps will be for that incident, the company said in the news release. A security analyst is then enabled to “rapidly respond to the incident via step-by-step remediation instructions, one-click remediation from the UI, or via fully automated response,” Radiant said in the release, resulting in “drastically reduced” incident response times.
CrowdStrike Identity Threat Hunting
In connection with Black Hat 2023 this week, CrowdStrike announced what the company is calling the first threat hunting service focused on identity-based attacks. Currently in the threat landscape, “identity threats are No. 1,” Adam Meyers, head of Counter Adversary Operations at CrowdStrike, said in an interview with CRN. “I think this is reflective of the fact that we’ve done a pretty good job on the endpoint side of things.”
Identity Threat Hunting is the first new offering from CrowdStrike’s newly formed Counter Adversary Operations unit, the company said Tuesday. The service is available now, at no cost, for users of the CrowdStrike Falcon OverWatch Elite offering. The service takes what CrowdStrike’s OverWatch team has been doing around threat hunting on the endpoint layer and brings that to identity-based threats, according to Meyers. The service is “using the same intelligence and know-how that we have developed on the threat hunting side to go after identity-based threats,” he said. Key focus areas of the service will include preventing lateral movement and earlier detection of credentials that have been compromised, according to CrowdStrike.
At Black Hat 2023, Tenable unveiled a set of new generative AI-powered capabilities Wednesday that aim to enhance its vulnerability and risk management platform, the Tenable One Exposure Management Platform. The new ExposureAI offering is focused on enabling proactive prevention of attacks using generative AI, Tenable said. The company said ExposureAI includes search capabilities—allowing users to analyze assets and potential exposures with natural language queries—while also providing guidance around mitigation. The offering also leverages generative AI to prioritize response actions based on the highest-risk exposures, according to Tenable. Meanwhile, Tenable introduced a second new product Wednesday as well, with the launch of the Tenable Exposure Graph data lake. Powered by Snowflake, the platform underpins ExposureAI with a repository of data on more than 1 trillion exposures, security findings such as vulnerabilities and IT assets, according to Tenable.
Sweet Security Cloud Runtime Security Suite
At Black Hat 2023 Wednesday, cloud security startup Sweet Security unveiled the launch of its tool along with a $12 million seed funding round. The company’s Cloud Runtime Security Suite offers detection and response as well as discovery and prevention in runtime, utilizing the startup’s rapidly deployable runtime sensor and capabilities for streaming app data and business logic to its servers, the company said in a news release. Sweet Security said in the release that it has developed “patent-pending” automatic learning technology along with a modern approach to attack detection, enabling “immediate delivery of critical, comprehensive attack findings that allow mitigation before, during and after attacks occur.” Ultimately, Sweet Security said the product can provide rapid visibility into cloud-native clusters, giving CISOs the “technical underpinnings needed to be accountable for cloud security.”
For its seed round, Tel Aviv-based Sweet Security said that Glilot Capital Partners led the funding while CyberArk Ventures and angel investors (including former Google CISO Gerhard Eschelbeck) participated.
Bionic Connector For ServiceNow
At Black Hat 2023, application security startup Bionic unveild three updates to its platform, led by increased support for ServiceNow. The Bionic Connector for ServiceNow Service Graph aims to enable faster and easier loading of third-party data into ServiceNow, while also reducing risk and enabling improved security and management for cloud apps, Bionic said in a news release. Using the capability—made possible through an integration between Bionic’s application security posture management platform and the ServiceNow Service Graph— users can benefit from having a “real-time accurate model of all their application dependencies,” Bionic said in the release.
Meanwhile, the startup also unveiled the launch of Bionic Events, which can show customers how their apps are changing as well as the associated risks of those changes. The capability enables searching, filtering and investigation of specific events, while the included Events Time Frame feature provides a visualization of how changes have impacted application security posture over time, according to Bionic.
Lastly, Bionic announced the debut of a new dashboard for its application security posture management platform, which provides a quick view of application services, deployed technologies and possible exposures—as well as newly added filters and “interactive widgets” for improved management of threats, the company said.
During Black Hat 2023, Ernst & Young launched its new Intelligent XDR (extended detection and response) service that utilizes technology from cybersecurity vendor Secureworks to provide 24x7 threat monitoring, detection and response. The EY Intelligent XDR offering is an “open” platform because it has the ability to collect and correlate data feeds from numerous third-party tools. The Intelligent XDR platform can then analyze the collected data together, in a unified way, as a way to help security teams prioritize the most-pressing threats to focus on, according to EY. Other key benefits of the XDR offering include faster response times to threats and accelerated containment, EY and Secureworks said in a news release. For Secureworks, whose majority owner is Dell Technologies, it’s another validation for its Taegis XDR technology, which was developed from the company’s experience of managing security for customers as an MSSP. Secureworks is in the midst of transitioning from an MSSP to a “partner-first” XDR vendor, Secureworks President and CEO Wendy Thomas told CRN in February.
Vectra AI Platform
Amid the Black Hat 2023 conference Tuesday, Vectra AI debuted its new attack detection and response platform that utilizes patented AI-powered technology—dubbed Attack Signal Intelligence—with the goal of arming security operations teams with enhanced prioritization of threats. Key capabilities of the Vectra AI Platform include analysis of attacker behavior across endpoints, public cloud, identity, SaaS and networks. Another patented technology, Privileged Access Analytics, assists with thwarting identity-based attacks by focusing on the accounts that hackers might look to exploit, Vectra AI said in a news release. Major benefits of the platform include learning of customer environments to help with eliminating 80 percent of alert noise, while also enabling SOC analysts to better prioritize their activities, saving more than three hours of alert triage per day, according to the company.
Newly added capabilities include Instant Investigations, which provides “quick start” guides to analysts to assist with investigating priority entities that are being attacked; Advanced Investigation, which allows for forensic analysis of logs from Azure Active Directory, Microsoft 365 and the AWS Control Plane “directly in the platform user interface;” and AI-Assisted Investigation, which utilizes Large Language Models to provide a simplified method for analysts to gather greater context on attacked entities, Vectra AI said in the release.
Ultimately, the new Vectra AI Platform delivers “the integrated signal enterprises need to make extended detection and response a reality,” the company said.
NetSPI ML/AI Pentesting
NetSPI, whose offerings include penetration testing services and attack surface management, said at Black Hat 2023 that it’s expanding to provide security for machine learning technologies—such as the Large Language Models used in generative AI apps. Calling the ML/AI Pentesting a “first-of-its-kind” offering, NetSPI said that key capabilities include identification, analysis and remediation for ML models such as LLMs. The company is also now providing “real-world” guidance on issues related to the securing of ML models, NetSPI said in a news release.
Abnormal Security CheckGPT
Among the other cybersecurity vendors debuting generative AI-related capabilities at Black Hat 2023 is Abnormal Security, which unveiled its new CheckGPT tool that focuses on detecting attacks that were created using Large Language Models. CheckGPT taps into multiple open-source LLMs to determine the likelihood that an email message was created with the help of generative AI, Abnormal Security said. The tool then leverages other AI detectors as well, providing a high-confidence determination that an attack was AI-generated, the company said.