15 New Cybersecurity Products To Know: Q1 2023

For the first three months of the year, we’ve been following new product launches and updates in cloud security, XDR, SASE and more.

New Products To Know

An array of new cybersecurity product releases during the first quarter made for a busy start to 2023 in the security industry. Cybersecurity companies that announced major new products and feature updates during the first three months of the year included vendors such as CrowdStrike, Zscaler, Palo Alto Networks, Sophos and Microsoft.

Major themes of the cybersecurity product launches in Q1 included the use of AI and ML for improving cyberdefense, including the use of generative AI in a few cases. Key product segments that we tracked in the first quarter included cloud security, focused on protection of cloud environments such as AWS, Microsoft Azure and Google Cloud; secure access service edge (SASE) and zero trust network access (ZTNA) for protecting hybrid and remote workforce access to applications; and extended detection and response (XDR) for correlating security data across tools and prioritizing threats.

[Related: 10 Cybersecurity Companies Making Moves: March 2023]

As Q1 of 2023 came to a close, details about what could be one of the largest cyberattacks in recent memory came to light, as researchers from security vendors including CrowdStrike and SentinelOne disclosed that communications app maker 3CX — as well as an untold number of its end customers — had become the victim of a software supply chain attack reminiscent of the widely felt SolarWinds breach of 2020. The attack underscored the need for cybersecurity products that can pinpoint legitimate attacks amid the countless alerts produced by today’s threat detection tools, as well as the importance of protecting the software development process.

What follows are the key details on 15 new cybersecurity products to know from Q1 of 2023.

Palo Alto Networks Unveils SASE Update

Palo Alto Networks announced a forthcoming set of new features for its fast-growing secure access service edge platform, Prisma SASE, focused around AI and automation. The capabilities include AIOps that is natively integrated in order to bring greater automation to IT operations. The addition of AIOps — which uses AI-driven detection as well as predictive analytics — offers benefits such as proactive remediation of issues that could cause a service outage, according to the company. With proactive monitoring and diagnosing problems, Prisma SASE can now provide automated troubleshooting that reduces administrative overhead, said Kumar Ramachandran, senior vice president for SASE products at Palo Alto Networks.

“This is a huge release for us,” Ramachandran (pictured) told CRN in an interview. “Not only are we making massive advances in AI and ML, we’re also making the product more rapidly adoptable by customers.”

Other updates include several enhancements to SD-WAN, including improved visibility through the Prisma SD-WAN Command Center; integrated IoT security; and an on-premises controller for Prisma SD-WAN. With many buildings now having thousands of connected devices — from card readers to a variety of sensors — there’s a need to be able to automatically identify and classify the devices for security purposes, Ramachandran said. Prisma SASE can now do this while also making recommendations on how best to isolate devices in the event of a problem, he said. To do so, he said, “requires integration between SD-WAN and the security service, in our case Prisma Access. Being able to use ML in automatically classifying these devices is just very powerful. Otherwise, there’s such a large plethora of devices, administrators cannot manually identify and classify them.”

Check Point Adds Its Own SD-WAN

Check Point Software Technologies added a key piece to its SASE platform with the debut of its in-house SD-WAN offering in February. The SD-WAN “software blade” in the Check Point Quantum Gateways platform will enable both strong security as well as optimal performance for internet and network connections, according to the company.

Taking the time to develop its own SD-WAN in-house will ultimately pay off, thanks to the tight integration that Check Point is able to offer with the network gateway, Check Point co-founder and CEO Gil Shwed told CRN. “We worked on that for a long time,” Shwed said. “We really needed to make sure that the security and the [SD-WAN] actually work together very, very closely. We use the same engine to classify the traffic. We use all the same management to build that together. This is a really, really tight integration within the same gateway.”

CrowdStrike Enhances Falcon Identity Protection

CrowdStrike announced enhancements to its Falcon Identity Protection offering aimed at addressing three key use cases related to identity-based attacks.

A new honeytokens capability will enable security teams to lure adversaries from critical resources, CrowdStrike said. The update makes it “effortless” for teams to create honeytoken accounts, track the activities involving them and enforcing policies to protect resources. Notably, teams can “easily flag accounts as honeytokens in [Active Directory] without additional configuration or resource requirements,” the company said in a blog.

A second use case that CrowdStrike is targeting with the Falcon Identity Protection updates is around reducing vulnerabilities from duplicate passwords across accounts. The enhancements include a new feature that aims to make it simpler to detect reused passwords across Active Directory — enabling admins to “instantly identify these accounts without manual AD audits and enforce the use of unique passwords to defend against threats such as credential stuffing attacks,” CrowdStrike said.

Third, CrowdStrike said it has enhanced Falcon Identity Protection to allow for detections of authentications over the Server Message Block (SMB) protocol. As an example, the update means that security teams will now be able to “detect a suspicious protocol implementation using the CrackMapExec tool along with the SMB session setup activity that led to it,” CrowdStrike said.

Microsoft Unveils Security Copilot

Microsoft unveiled a new product for cybersecurity professionals, Security Copilot, that uses generative AI from GPT-4 — the latest version of the OpenAI large language model that is available in applications such as the massively popular ChatGPT chatbot.

Microsoft Security Copilot tailors the generative AI technology toward cybersecurity by combining GPT-4 with Microsoft’s own security-focused AI model.

Microsoft Security Copilot will feature a prompt-based user interface akin to generative AI chatbots such as ChatGPT. When a cybersecurity professional gives a prompt to the application, the response will leverage Microsoft’s security-focused AI model “to deploy skills and queries” that are relevant to the prompt, wrote Vasu Jakkal (pictured), corporate vice president for security, compliance, identity and management at Microsoft, in a blog post.

“This is unique to a security use-case,” Jakkal wrote. “Our cyber-trained model adds a learning system to create and tune new skills. Security Copilot then can help catch what other approaches might miss and augment an analyst’s work. In a typical incident, this boost translates into gains in the quality of detection, speed of response and ability to strengthen security posture.”

Orca Security Announces Data Security Posture Management

Cloud security platform Orca Security made several product announcements during the first quarter of the year, including the unveiling of what it called “comprehensive” data security posture management (DSPM) capabilities. The new DSPM tool, included in the Orca Cloud Security Platform, offers improved data discovery and data management for enhanced identification and mitigation of issues around at-risk sensitive data. Key issues addressed by the new technology — which utilizes Orca’s agentless SideScanning capabilities — can include “shadow data” as well as misplaced data, according to Orca.

Additionally during the first quarter, Orca Security became one of the first cloud security vendors to integrate OpenAI’s GPT-3 into its product. Orca announced that it’s been able to “improve the detail and accuracy” of its remediation steps for customers by utilizing GPT-3.

Cisco Enhances SASE Platform

During Q1, Cisco announced an extension of support on its SASE platform to additional parts of its portfolio. Cisco’s single-vendor SASE platform, Cisco Plus Secure Connect, had already been available with support for Meraki SD-WAN — but in February the company announced it’s now available with support for the Cisco SD-WAN (Viptela) solution.

“I think our partners will really appreciate understand [that] we’ve integrated web security controls into our Cisco Meraki solution,” said Tom Gillis (pictured), senior vice president and general manager of the Cisco Security Business Group. “That’s something our partners have enjoyed huge success with — taking that very deeply in our market. And so it’s super easy to add URL filtering, anti-malware capability, all from that Meraki dashboard, where it’s just easy to deploy this stuff, easy to consume … If you’re a Meraki customer, it’s just in your Meraki dashboard. If you’re a Viptela customer, you’ll get the same capability that’s cross-launched into your Viptela dashboard.”

Cloudflare Updates SASE, Email Security Platforms

In January, Cloudflare added another key piece to its its SASE platform, Cloudflare One, with the introduction of its Magic WAN Connector. The software-defined solution can be utilized for securely connecting businesses to the web, the company said. With the addition of Magic WAN Connector, “Cloudflare One is now a true integrated SASE security and networking solution,” the company said in a news release.

Meanwhile, Cloudflare also announced updates to its Area 1 email security product include automatic isolation for suspicious links and attachments; identification and blocking of data exfiltration; and rapid onboarding for new Microsoft 365 domains. In a release, Matthew Prince, co-founder and CEO of Cloudflare, called the product launch “the first set of deeply integrated solutions that bring together Cloudflare Area 1 email security and our zero trust platform.”

Zscaler Debuts Resilience Offering

On Feb. 1, Zscaler announced the launch of Zscaler Resilience, which provides new capabilities that aim to keep interconnections to apps intact even in the event of a major security incident. Such “black swan” events can include nation-state attacks, natural disasters and digital vandalism, Zscaler said in a news release, which have created a dire need for greater “cloud resilience” for organizations.

The Zscaler Resilience offering includes disaster recovery capabilities that allow customer operations to directly connect to Zscaler’s Private Service Edge in the event of a serious incident, allowing updated security policies to continue to be followed. Other capabilities include dynamic performance-based selection for rapid performance recovery after a brownout, as well as a customer-controlled data center exclusion to enable the setting of a temporary exclusion period for data centers that are having connectivity problems.

VMware Debuts Carbon Black XDR

In mid-March, VMware announced general availability for its Carbon Black XDR (extended detection and response) offering. The platform is “the only XDR solution that natively combines telemetry from endpoint detection and response (EDR) with network telemetry, intrusion detection system (IDS) observations, and identity intelligence,” Jason Rolleston, general manager of the VMware Security Business Unit, wrote in a blog post. Notably, the platform doesn’t require organizations to “rip and replace existing solutions or to add physical network taps to their infrastructure,” he wrote.

Key capabilities of VMware Carbon Black XDR include the “ability to activate and immediately gain network and identity intelligence, natively combined with endpoint telemetry,” Rolleston wrote. Existing Carbon Black Cloud customers can activate XDR without deploying additional hardware or software, he noted.

Sophos Debuts New Endpoint Capabilities

Since transitioning its managed threat response offering to a managed detection and response (MDR) service at the end of November, Sophos has seen strong demand that’s not expected to be slowing down anytime soon, Sophos CTO Joe Levy (pictured) told CRN. The cybersecurity giant disclosed a suite of new endpoint security capabilities in March that will help feed into the MDR service — as well as the underlying extended detection and response (XDR) platform that helps to power the MDR.

The updates include new account health check capabilities, through which Sophos can inform endpoint customers “if something bad has happened to their configuration, whether it was intentional or accidental,” Levy said. “We just notify them very clearly [and] we give them the information necessary to be able to remediate it.”

Another new capability is “adaptive active adversary protection.” The feature puts Sophos’ endpoint security product into what the company calls “breach mode” when it appears that a customer is under attack, Levy said. The product can then prevent an executable from running, for instance, or can prohibit a connection to a particular endpoint. The capability ultimately offers the ability to disrupt attacks that are in progress and “buy more time for responders,” Levy said.

Splunk Enhances Mission Control And Observability Cloud

In March, Splunk announced enhancements to Splunk Mission Control and Splunk Observability Cloud aimed at helping organizations to create “safer and more resilient digital enterprises,” the company said in a news release.

The company disclosed that Splunk Mission Control has been updated to enable security operations teams to handle threats from a single, unified platform, bringing together security analytics via Splunk Enterprise Security; automation and orchestration from Splunk SOAR; and threat intelligence.

Updates to Splunk Observability Cloud, meanwhile, aim to help security teams “troubleshoot faster with increased visibility and a more unified approach to incident response,” the company said, including through Splunk Incident Intelligence (for proactively diagnosing and remediating services) and new capabilities from Splunk APM around autodetection and improved alert accuracy.

ForgeRock Launches New Passwordless Platform

For digital identity provider ForgeRock, offering an enterprise platform positioned at the intersection of identity, security and digital transformation “continues to be a strong driver of the business,” ForgeRock CEO Fran Rosch (pictured) told CRN. The company is continuing to expand its platform, as well, in a bid to make it even more appealing to businesses seeking to consolidate their identity management and security tools, Rosch said.

In March, ForgeRock announced product updates that aim to help bring passwordless authentication to a greater number of enterprises. The ForgeRock Enterprise Connect Passwordless offering aims to make it easier to implement passwordless log-ins and access, ultimately with the goal to “strongly encourage” customers that “the time is now to go passwordless,” Rosch said.

“We’ve taken a lot of time to understand all the different protocols and application types that companies use to authenticate into their complex infrastructure. And we made sure that we can cover all of those different types on the workforce side,” he said. “You have to break down these workforce applications and build something for each one of these different types. And that’s really what we’ve built. And we built it to be very easy for customers to onboard through a visual interface, all the different types of applications that they’re looking for that single sign-on service for.”

Enterprise Connect Passwordless is expected to be available in the second quarter.

Sonatype Expands To The Cloud

Code security platform Sonatype announced the expansion of its Nexus Lifecycle platform, for finding and fixing open-source vulnerabilities, and its Nexus Firewall tool, for intercepting malicious code before it can be downloaded, into the cloud. The cloud offering joins existing versions of the platforms for use in on-premises environments and in disconnected environments.

Sonatype now stands out by providing these three options for using its platform, which can be used to help secure software supply chains, executives told CRN. At Sonatype, “we don’t want to force our architectural preferences” onto customers, CEO Wayne Jackson (pictured) said. Major financial institutions, for instance, can be expected to keep a lot of their software development work in on-premises environments well into the future, and they “don’t want to be forced” to move that into the cloud, he said.

Veza Unveils GitHub Integration

Veza, which aims to offer a modernized approach around governing access to data, in February announced that it has integrated its platform with GitHub in an effort to protect critical IP from malicious actors. For customers whose GitHub repositories “contain the crown jewels of the company,” Veza is “giving them the power to find and fix inappropriate access,” Co-Founder and CEO Tarun Thakur said in a news release.

The integration offers the ability to carry out reviews of access for any GitHub repository and remediate any issues; view a visualization of access for both internal and external users; implement controls to ensure least-privilege access; eliminate inactive accounts on GitHub; and set up alerts to notify when permissions changes are made infrastructure-as-code repositories and other highly sensitive repositories.

OpenText Discloses DNS Protection Updates

OpenText disclosed to CRN that it’s making DNS (domain name system) protection available separately from its Webroot endpoint security platform, enabling the DNS protection offering to become relevant to a broader set of customers. The move allows customers to standardize their DNS protection “without installing two [antivirus] solutions, which they’ve never really liked to do,” said Jonathan Barnett, a senior product manager in network solutions at OpenText. “It’s something which we’ve been asked for a lot.”

One of those who’d requested a standalone DNS protection offering from OpenText is John Hart, a consultant with IT services firm Nerds On Site who’s based in Newfoundland and Labrador, Canada. Given that it’s common for customers to have existing licenses with other endpoint security vendors, but still have a need for DNS protection, it’s a welcome move that OpenText is planning to offer standalone DNS protection, Hart said.