20 Hottest Cybersecurity Products At RSAC 2023
At RSA Conference 2023 this week, vendors are showcasing new products in categories including XDR, email security, vulnerability management and application security.
RSAC 2023 Heats Up
For anyone looking to scope out the latest products from cybersecurity vendors, the industry’s annual RSA Conference is a must-attend, with hundreds of cybersecurity companies showcasing their latest offerings for cyber defense (and offense). RSAC 2023, which began Monday, is proving to be no exception. The Moscone Center in San Francisco drew massive crowds looking to find out more about the newest products from cybersecurity startups and industry giants alike. Many of those products are brand-new and timed to coincide with RSAC. Top cybersecurity vendors that are showcasing new or recently unveiled products at RSAC 2023 include CrowdStrike, Microsoft, Palo Alto Networks and Cisco Systems.
Key segments for the RSAC 2023 product announcements have included email security, vulnerability management, cloud and application security, endpoint protection, extended detection and response (XDR) and security information and event management (SIEM).
A major focus area has been on generative AI and its potential application to improving the productivity of security operations, with vendors including SentinelOne and Google Cloud unveiling new products for security analysts powered by large language models. Other vendors, such as Veracode, have applied generative AI to areas such as code security. Meanwhile, a number of newly unveiled products have focused on expanding the capabilities of core cybersecurity tools, such as email security and endpoint protection. CRN is on hand at RSAC 2023 and following the product announcements as they come out, and we’ve collected 20 cybersecurity products at the conference that have caught our eye.
What follows are 20 of the hottest cybersecurity products being showcased at RSA Conference 2023.
Abnormal Security For Collaboration Apps
At RSAC Tuesday, email security company Abnormal Security unveiled three new products that represent the expansion of the company’s security platform—based on behavioral AI capabilities—to cover major collaboration apps. The new products are focused on providing threat detection for Microsoft Teams, Slack and Zoom, in recognition of the fact that “multi-channel attacks” are growing rapidly, the company said in a news release. The new products are Email-Like Messaging Security, which monitors the three collaboration apps for suspicious activity and allows admins to take action; Email-Like Account Takeover Protection, which monitors authentication in the three apps and sends alerts about suspicious log-ins; and Email-Like Security Posture Management, which provides a “complete view” of changes to user privileges in the three collaboration apps, according to Abnormal Security.
In addition, the company said it is extending its security platform to offer improved modeling of identity behavior through ingesting data from more sources—among them CrowdStrike, Okta, Teams, Zoom and Slack.
CrowdStrike Falcon Complete XDR
Ahead of RSAC 2023, CrowdStrike last week unveiled Falcon Complete XDR, a new managed XDR (extended detection and response) offering that aims to make the technology applicable to more customers and partners than it has been to date. As a managed XDR offering, Falcon Complete XDR follows the model of CrowdStrike’s popular managed detection and response (MDR) service. CrowdStrike’s MDR offering has provided 24/7 management of the vendor’s EDR technology to customers that lack the resources to do so themselves. In the same way, the CrowdStrike MXDR aims to offer around-the-clock management of the vendor’s XDR platform.
CrowdStrike’s managed XDR offering also integrates tools from vendors in the CrowdXDR Alliance in key segments such as security service edge (Cloudflare, Netskope, Zscaler, Skyhigh Security, Menlo Security); identity security (Okta, ForgeRock, Microsoft Azure Active Directory, Ping Identity); email security (Mimecast, Proofpoint, Microsoft 365, Cisco Secure Email, Abnormal Security); network detection and response (Corelight, ExtraHop, Vectra); and firewalls (all the major firewall vendors, Bernard said, including Palo Alto Networks and Cisco).
In addition to 24/7 management of the XDR platform, the MXDR service also includes threat hunting, monitoring and remediation, CrowdStrike said.
Securonix Unified Defense SIEM
In advance of RSAC, Securonix last week unveiled a new SIEM (security information and event management) platform that works with data feeds from Snowflake’s data lake, with the aim of better accommodating the massive volumes of security-relevant data that modern enterprises generate through a cloud-native approach. The Securonix Unified Defense SIEM can leverage 365 days worth of “hot” searchable data from the Snowflake Data Cloud, providing enhanced visibility into potential threats, and also offers a single-tier storage model that can support large-scale searches while eliminating many of the data management issues associated with a standard tiered-storage model, Securonix said.
Key capabilities include Threat Content-as-a-Service, which includes up-to-date content about the latest threats curated by Securonix, as well as a Threat Content Analyzer capability for helping to understand gaps in threat detection. The Unified Defense SIEM also enables proactive cyberdefense through capabilities such as Autonomous Threat Sweeper, which is the “industry’s first product to retroactively sweep” for indicators of compromise and adversary tactics, techniques and procedures, Securonix said in a news release. The new platform ultimately “redefines the future of the SIEM market,” Securonix CEO Nayaki Nayyar said in the release.
Cisco revealed at RSAC 2023 that it’s launching a new extended detection and response (XDR) platform that’s been built from the “ground up” and goes beyond the prior XDR capabilities that have been available in the tech giant’s SecureX offering, according to Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco. The new Cisco XDR platform fuses network detection and response (NDR) and endpoint detection and response (EDR), providing “cross-domain telemetry” in a way that no one else in the market is doing, Patel said. The offering also stands out from security information and event management (SIEM) products by being “near real-time” when it comes to delivering threat detection and prioritization, he said.
In addition, Cisco XDR is differentiated by providing “high-fidelity data” from across the company’s various first-party security tools, such as Cisco Secure Client (formerly AnyConnect) for endpoint, he said. The XDR platform integrates a significant number of major third-party security products as well. Those include EDR tools (Microsoft Defender, Cybereason, Palo Alto Networks Cortex XDR, SentinelOne Singularity and Trend Micro Vision One); email security (Microsoft Defender for Office, Proofpoint); next-generation firewall from Palo Alto Networks; SIEM from Microsoft Sentinel; and NDR from ExtraHop Reveal(x).
“This one is one of the biggest security product launches we’ve had in a while,” Patel said, and represents a major step on Cisco’s journey to fulfill its Security Cloud vision of providing a comprehensive, unified platform for modern security.
SentinelOne Threat Hunting Tool
During the first day of RSAC 2023, SentinelOne announced a new threat hunting tool for its Singularity platform that utilizes a large language model (LLM) in an effort to dramatically improve productivity for security analysts. SentinelOne is referring to the new generative AI-powered threat hunting tool as “Purple AI,” the company told CRN.
Analysts will be able to use the new generative AI interface in the Singularity Skylight platform to ask questions about threats in a customer’s environment—for instance, “Is a certain threat actor present in this environment?” or “Are there threat actors affiliated with China in my environment?” The ability to use natural language to query a system will offer massive time-savings to analysts and will allow security teams to respond to more alerts and catch more attacks, said Ric Smith, chief product and technology officer at SentinelOne.
Ultimately, a main goal of implementing generative AI technology in this way is around “making threat hunting more accessible,” he told CRN. With existing threat hunting platforms, “it’s pretty daunting” to use them, Smith said. With the addition of this generative AI technology, however, SentinelOne believes the technology can now enable security operations teams to scale up their threat-hunting activities, he said.
The large language model that’s helping to power the new threat hunting tool leverages both open-source and proprietary offerings in the space, Smith said. One of the LLMs being utilized by SentinelOne is OpenAI’s GPT-4, the company confirmed to CRN. SentinelOne is also training the model on its own data and is doing “quite a bit of fine-tuning” on the LLM to customize it for the security domain, Smith said.
The new SentinelOne threat hunting tool will initially be offered as an add-on to the Singularity Skylight platform and is now in limited preview. Details about wider availability are not being released yet.
Akamai Brand Protector
At RSAC 2023, Akamai Technologies debuted its new Brand Protector offering, which aims to disrupt websites used for phishing and brand impersonation. Brand Protector works by inspecting a massive quantity of digital activity and then taking a four-step approach to combating impersonation. Those steps include providing intelligence from Akamai’s analysis of web traffic, detection of malicious websites, visibility into the impersonation threats through a centralized dashboard and mitigation through takedown services.
Palo Alto Networks Prisma SASE Update
Palo Alto Networks recently unveiled a set of new features for its fast-growing secure access service edge platform, Prisma SASE, focused around AI and automation. The capabilities include AIOps that is natively integrated in order to bring greater automation to IT operations. The addition of AIOps—which uses AI-driven detection as well as predictive analytics—offers benefits such as proactive remediation of issues that could cause a service outage, according to the company. With proactive monitoring and diagnosing problems, Prisma SASE can now provide automated troubleshooting that reduces administrative overhead, said Kumar Ramachandran, senior vice president for SASE products at Palo Alto Networks.
Other updates include several enhancements to SD-WAN, including improved visibility through the Prisma SD-WAN Command Center; integrated IoT security; and an on-premises controller for Prisma SD-WAN. With many buildings now having thousands of connected devices—from card readers to a variety of sensors—there’s a need to be able to automatically identify and classify the devices for security purposes, Ramachandran said. Prisma SASE can now do this while also making recommendations on how best to isolate devices in the event of a problem, he said. To do so, he said, “requires integration between SD-WAN and the security service, in our case Prisma Access. Being able to use ML in automatically classifying these devices is just very powerful. Otherwise, there’s such a large plethora of devices, administrators cannot manually identify and classify them.”
Google Cloud Security AI Workbench
In another generative AI announcement on Day One of RSAC 2023, Google Cloud unveiled its Security AI Workbench offering that’s powered by a new, security-specific large language model known as Sec-PaLM. The model utilizes Google Cloud’s security intelligence via Google’s broad visibility into threat data and Mandiant’s esteemed threat intel around vulnerabilities and malware, as well as threat actors and threat indicators, according to Google Cloud.
“We have a unique opportunity in Google where we actually have both the infrastructure to cost-effectively deliver next-generation AI, but also to infuse it with threat intel, and a lot of data to train our own large language model,” said Sunil Potti, vice president and general manager for Google Cloud’s security business. “So rather than just say we’re using a Google version of the large language model, we’ve actually built a new security LLM.” While Sec-PaLM is based on Google’s LLM, “it’s customized and purpose-built—custom-trained—using security-related data coming from all of our sources that we have currently,” Potti told CRN.
The Google Cloud Security AI Workbench is aimed at helping to reduce the overload from threat data and the large number of security tools in use, the company said. Customers will be able to provide their private data to the Security AI Workbench platform only at inference time to enhance privacy, Google Cloud said.
The first place Google Cloud will be implementing Security AI Workbench is with a new offering, VirusTotal Code Insight, that uses the technology to analyze potentially malicious scripts and explain their behavior, ultimately helping to improve the detection of which scripts are a real threat, Google Cloud said. The offering is now in preview. Other offerings using Security AI Workbench “will be available in preview more broadly this summer,” the company said in a post.
Recorded Future Intelligence Cloud Updates
Recorded Future used RSAC 2023 to unveil enhancements to its Intelligence Cloud platform aimed at providing better visibility into threats and more automating of processes for security teams. New capabilities in this update include AI-driven automation for improved detection, triage and analysis of threats; Collective Insights, which offers visibility into emerging threats based on an organization’s environment, industry and real-world incidents; improvements to Recorded Future’s Attack Surface Intelligence offering around visualization of exposed attack surfaces; and enhancements to the company’s Identity Intelligence tool that aim to provide better identification and remediation of compromised credentials.
IBM Security QRadar Suite
IBM used RSAC to launch a new product suite for security analysts, the IBM Security QRadar Suite. The suite is delivered via SaaS and includes re-architected threat detection and response offerings to improve the speed and efficiency for security teams, IBM said.
Main design upgrades include a unified analyst experience, simplified deployment through SaaS delivery and more than 900 integrations with third-party tools, according to IBM. Key capabilities include AI-powered features such as AI-driven alert triage, automated threat investigation and faster threat hunting, the company said.
The core products making up the new IBM Security QRadar Suite are QRadar Log Insights for cloud-native log management and security observability; QRadar EDR and XDR; QRadar SOAR; and QRadar SIEM. The QRadar Suite is ultimately “the culmination of years of IBM investment, acquisitions and innovations in threat detection and response,” IBM said in a news release.
Microsoft Security Copilot
Microsoft recently unveiled its first generative AI-powered tool for cybersecurity professionals, Security Copilot, that uses the latest version of the OpenAI large language model, GPT-4. Security Copilot is the “first and only generative AI security product that builds upon the full power of GPT-4 AI to defend organizations at machine speed and scale,” said Vasu Jakkal, corporate vice president for security, compliance, identity and management at Microsoft, during an online event to introduce the product in late March.
Microsoft Security Copilot tailors the generative AI technology toward cybersecurity by combining GPT-4 with Microsoft’s own security-focused AI model.
Microsoft Security Copilot features a prompt-based user interface akin to generative AI chatbots such as ChatGPT. For example, analysts can ask the system for help with information about incidents in their organization; summaries of a vulnerability (based on feeding in a file, URL or code snippet); or ask about alerts and incidents from third-party security tools, Jakkal said.
Cobalt Pentest Management Platform
Pentest-as-a-service provider Cobalt recently said that it’s making its own Pentest Management Platform available to external users such as service providers and in-house security teams. The platform helps to enable the data-sharing and communication that’s necessary for carrying out pentesting, and also connects to bug tracking systems such as GitHub and Jira, said Caroline Wong, chief strategy officer at Cobalt. In that way, vulnerabilities that are discovered can more easily be fixed by development teams, Wong said. The platform provides all of the vulnerability data and information about how to remediate the issues in one place, ultimately making it far easier for those performing manual pentests, she said.
Just ahead of RSAC, Veracode unveiled a new product that utilizes generative AI to provide remediation suggestions for application security flaws, including flaws in both code and open-source dependencies. The new product is designed to help developers and security teams identify and fix vulnerabilities more quickly and effectively, the company said. Veracode Fix uses GPT technology—“the same transformer architecture on which ChatGPT is built”—and is trained on the company’s proprietary dataset that includes more than “85 million fixes over nearly two decades,” the company said in a blog post. Ultimately, the product “dramatically reduces the work and time needed to remediate flaws,” Veracode’s Devin Maguire, senior product marketing manager, said in the blog.
Lacework Vulnerability Risk Management
Cloud security company Lacework recently released vulnerability risk management capabilities for its cloud-native application protection platform (CNAPP), with the aim of helping to prioritize and manage security risks in the cloud. The technology is designed to automatically identify and prioritize vulnerabilities for fixing, based on their potential impact on an organization’s cloud infrastructure and applications, according to Lacework. Notably, the new capabilities seek to provide visibility into security risks across multiple cloud providers and environments.
Tenable One Hybrid/On-Premises Support
Tenable recently unveiled a new integration with Tenable Security Center 6.1 that allows its Tenable One Exposure Management Platform to support implementations with on-premises and hybrid infrastructure. The move makes Tenable “the only vendor to offer exposure management for both on-premises and hybrid deployment models,” the company said in a news release. The added support enables organizations to leverage “advanced” exposure management capabilities such as Lumin Exposure View (for quantifying overall risk exposure) as well as Attack Path Analysis and Asset Inventory analytics.
Trellix Endpoint Security Suite
In connection with RSAC 2023, Trellix unveiled Monday the debut of what it’s calling its “comprehensive” endpoint security offering. The Trellix Endpoint Security Suite aims to serve as a “complete end-to-end security solution,” the company said in a news release—consisting of Trellix Endpoint Security, Trellix Endpoint Detection and Response and Trellix Endpoint Forensics. The suite aims to provide enhanced control and visibility to Security Operations Center teams in a centralized platform, enabling proactive security for an organization’s endpoints, the company said. The suite supports both on-premises and cloud-based implementations.
Apiiro Risk Graph Explorer
Apiiro, a startup focused on providing robust security capabilities for cloud-native applications, said Tuesday at RSAC that it has launched a new capability for improved identification of gaps in the application attack surface. The new Risk Graph Explorer is a “first-of-its-kind” security feature in that it “enables limitless visibility into applications not possible before,” Apiiro said in a news release. The new capability is built on the company’s Risk Graph engine and provides a simple-to-use interface for rapidly answering questions about potentially vulnerable software components, APIs, secrets, repositories and infrastructure-as-code modules, Apiiro said.
Proofpoint Threat Protection Updates
At the start of RSAC 2023, Proofpoint unveiled new capabilities for its Aegis Threat Protection platform that aim to help with thwarting attacks based on account takeovers. The new capabilities include Supplier Threat Protection, which detects compromised supplier accounts and enables simplified investigation into the issues. A second major new capability is Targeted Attack Prevention Account Takeover, which provides improved visibility into email account takeover attacks and accelerates remediation of accounts, mailbox rule changes, app manipulations and data exfiltration, Proofpoint said.
Expel Vulnerability Prioritization
Expel last week unveiled its new Vulnerability Prioritization tool that aims to determine the highest-risk vulnerabilities for prioritized response. The offering is powered by the Expel Workbench security operations platform and integrates with third-party vulnerability management tools. The product works by assessing exploitability and intent, while correlating data with the customer’s business, Expel said. The company’s analysts further investigate escalated vulnerabilities to determine the issues that need an immediate response, ultimately providing customers with a list of prioritized vulnerabilities as well as recommendations, according to Expel.
Salt Security API Protection Updates
Salt Security said just ahead of RSAC 2023 that it has added “advanced” threat detection capabilities, as well as improved API discovery, to its API Protection Platform. The company said it utilizes “the industry’s only patented AI algorithms for API security” to offer enhanced user intent detection along with enhanced analytics for API threat severity evaluation. The updates also enable faster investigation with the aim of reducing the amount of time before an API attack is addressed, Salt Security said. Meanwhile, the company said that its API discovery process has been strengthened to provide greater accuracy with its API endpoint mapping.