20 Hottest New Cybersecurity Tools At Black Hat 2023

At Black Hat 2023 this week, vendors are showcasing new products in segments including XDR, application security, vulnerability management and cloud security.

New Security Tools To Know

During the Black Hat 2023 conference this week in Las Vegas, just about every top security vendor is in attendance, and many of them have new cybersecurity tools to showcase. Out on the floor at the Mandalay Bay Convention Center, hundreds of cybersecurity companies have been touting products in key focus areas of the moment—such as XDR (extended detection and response), zero trust security and SASE (secure access service edge), cloud and application security, vulnerability management and threat intelligence. Prominent cybersecurity vendors that are showcasing new or recently unveiled products at Black Hat 2023 include Palo Alto Networks, Cisco Systems, Fortinet and SentinelOne.

Other cybersecurity product companies that have made a splash at Black Hat 2023 with the launch of new tools have included Tenable, Qualys, Aqua Security and Expel.

Unsurprisingly, generative AI remains a key enabler for a number of new cybersecurity tools that have debuted at Black Hat. There’s also been an increased push by many vendors to offer capabilities for securing the use of the underlying Large Language Models (LLMs) themselves—or to protect against attacks created with the help of generative AI apps such as OpenAI’s ChatGPT.

CRN has been on hand at Black Hat 2023, and we’ve been tracking the cybersecurity tools unveiled by a wide array of vendors—both this week and in the weeks leading up to the conference. We’ve collected details on 20 of these new cybersecurity tools that’ve caught our eye.

What follows are 20 of the hottest new cybersecurity tools at Black Hat 2023.

Menlo Security HEAT Shield And HEAT Visibility

Menlo Security unveiled new capabilities for preventing threats that are especially evasive to security controls with the debut of its HEAT Shield and HEAT Visibility products. The new products aim to thwart highly evasive, browser-based threats with the help of AI/ML advancements, Poornima DeBolle, co-founder and chief product officer at Menlo Security, told CRN.

HEAT Shield is focused on detecting and blocking phishing threats prior to their infiltration into a corporate network, according to the company. The product offers high efficacy and massively reduced false positives in part through using computer vision to spot fake brand logos on websites, which is a likely indicator that the sites are being used for phishing, Menlo Security said. The company is the “first in the industry” to use computer vision capabilities in this way, ultimately protecting organizations against “zero hour phishing” threats, DeBolle said. The product can detect threats even when “nobody in world knows this is a phishing link,” she said.

Meanwhile, the new HEAT Visibility product works in parallel by continually analyzing web traffic and applying classifiers—powered by AI/ML—that can detect instances of a highly evasive attack, according to Menlo Security.

Cisco XDR Updates

Cisco unveiled a major update to its recently introduced XDR (extended detection and response) platform with the addition of recovery capabilities. The newly added capabilities bring “near-real-time recovery for business operations” following a ransomware attack, the company said in a news release. Cisco also disclosed the first third-party data backup and recovery integration, through an integration with Cohesity. The integration, with Cohesity’s DataProtect and DataHawk offerings, “will enable customers to benefit from accelerated response for data protection and automated recovery,” Cisco said.

Qualys Risk Management Platform Update

Qualys unveiled a significant update to its risk management platform with the newly added option for application security teams to bring detections of their own to use on the platform. The capability will enable AppSec teams to “assess, prioritize and remediate the risk associated with first-party software and its embedded open-source components,” Qualys said in a news release. AppSec teams will be able to bring detection and remediation scripts—which were created using PowerShell, Python and other widely used languages—as Qualys IDs to the company’s vulnerability management, detection and response platform, the company said. The Qualys technology can then detect and prioritize the findings “in the same workflow and reporting as used for the third-party software findings,” according to the company.

SentinelOne Singularity Ranger Insights

SentinelOne expanded into the vulnerability management space with the debut of a new product for its Singularity Ranger network discovery offering. The tool, Singularity Ranger Insights, aims to offer a simplified way of prioritizing the most important software vulnerabilities that must be dealt with, according to Lana Knop, vice president of product management for endpoint and identity products at SentinelOne. Ranger Insights does this in part through putting vulnerabilities in the larger context of security issues and risks that a security analyst is assessing, using the same SentinelOne console and same software agent that is used to enable other key security tools such as endpoint detection and response, Knop said.

An analyst using Ranger Insights will therefore “see everything else that we provide to you through that same agent as well, [including] endpoint-based threats, and it’s side-by-side with all these vulnerabilities,” she told CRN. “So you can see a prioritized list of third-party application vulnerabilities, operating system vulnerabilities, as well as information that gives you context for any potential exploitation that can occur.”

Fortinet FortiGate 90G

Fortinet unveiled the first firewall that will ship with its fifth-generation security processing unit technology, the SP5 ASIC, for enhanced performance. The FortiGate 90G next-generation firewall delivers “enterprise-grade secure networking capabilities” that include hybrid mesh firewall, SD-WAN and software-defined branch, Fortinet said in a news release. With the inclusion of the SP5 ASIC, the next-gen firewall brings “the ability to accelerate and concurrently run 2X more applications,” the company said in the release.

Palo Alto Networks CI/CD Security

Palo Alto Networks recently unveiled a CI/CD Security module to its Prisma Cloud CNAPP (cloud-native application protection platform). The new capability—based on technology from the acquisition of Cider Security in late 2022—will provide partners and customers with “integrated software delivery pipeline security,” the cybersecurity giant said in a news release.

One key benefit of the CI/CD Security module is that it offers unified visibility “across the engineering ecosystem,” including code repositories and contributors as well as any technologies and pipelines that are utilized, the company said in a blog post. The visibility is available through the newly added Application Security dashboard in Prisma Cloud.

Other benefits include enhanced protection against the 10 biggest CI/CD risks—as determined by the Open Worldwide Application Security Project—as well as posture management capabilities for delivery pipelines and attack path analysis, Palo Alto Networks said. Attack path analysis is available through the new Prisma Cloud Application Graph and enables improved understanding and analysis of the environment as well as “relationships between all artifacts from code to deployment,” the company said in the post.

Torq Socrates

Torq, a startup whose technology offers a no-code method for automating security operations, unveiled a new generative AI-powered tool that it says can autonomously address the vast majority of Tier-1 tickets. The new tool on the startup’s Hyperautomation Platform, Torq Socrates, is the cybersecurity industry’s “first Tier-1 analysis AI agent,” the company said in a news release. Torq Socrates works by using Large Language Models (LLMs) to analyze each organization’s specific Security Operations Center playbook, the startup said. However, human analysts are still in control, Torq noted, with human approval “required in order to perform potentially disruptive actions such as quarantining an executive’s laptop or blocking entire network segments.”

Akamai API Security

Akamai Technologies debuted its new API Security product, which brings capabilities for thwarting API attacks and business logic manipulation. The product, which is based on Akamai’s recent acquisition of Neosec, also provides discovery, auditing and monitoring of API activity through implementing behavioral analytics technology to quickly respond to attacks, Akamai said in a news release.

Ultimately, Akamai API Security offers “complete visibility” into API activity and detection of complex threats, the company said.

Tenable ExposureAI

Tenable unveiled a set of new generative AI-powered capabilities that aim to enhance its vulnerability and risk management platform, the Tenable One Exposure Management Platform. The new ExposureAI offering is focused on enabling proactive prevention of attacks using generative AI, Tenable said. The company said ExposureAI includes search capabilities, allowing users to analyze assets and potential exposures with natural language queries, while also providing guidance around mitigation. In addition, the offering leverages generative AI to prioritize response actions based on the highest-risk exposures, according to Tenable. Meanwhile, Tenable introduced a second new product Wednesday as well, with the launch of the Tenable Exposure Graph data lake. Powered by Snowflake, the platform underpins ExposureAI with a repository of data on more than 1 trillion exposures, security findings such as vulnerabilities and IT assets, according to Tenable.

XM Cyber Platform Update

XM Cyber said that it has updated its hybrid cloud exposure management platform with new capabilities for securing against identity-based attacks. The updates include an expansion of XM Cyber’s attack graph mapping capabilities and aim to help protect against increasingly common attacks that exploit Active Directory and Azure Active Directory, the company said in a news release. For instance, XM Cyber said it now can secure against techniques that involve compromising Azure AD Connect and stealing authentication tokens to expand the attack across hybrid IT environments. With its latest platform update, the company is now able to improve an “organization’s security posture against cyberattacks and subsequently eliminate these high-risk attack paths,” XM Cyber said.

Sonar Platform Update

Sonar unveiled the launch of new capabilities for its “clean code” application security tool, with the introduction of automated discovery and fixes for certain issues affecting code security. The updated functionality enables developers to more easily remediate the issues related to interactions between a user’s source code and open-source libraries, Sonar said in a news release. The Sonar approach involves “fine-grained analysis” of a user’s source code interactions with third-party dependencies, the company said. The capability constitutes a “deeper” way of performing SAST (static application security testing), offering improved detection for “issues that traditional SAST tools miss by not following the flow within library code,” Sonar said.

Synopsys Software Risk Manager

Synopsys introduced its new application security posture management tool, Software Risk Manager. The tool simplifies app security testing for development and cybersecurity teams, Synopsys said, including through centralized enforcement of security policies and a unified experience across multiple app security testing products. Other key capabilities include consolidated vulnerability management and reporting, as well as easier application security integration into developer workflows, according to the company.

Aqua Security AI-Guided Remediation

Aqua Security said that it has added capabilities leveraging AI technologies—including generative AI—for improved remediation of cloud security issues. The new AI-Guided Remediation capabilities are available on the Aqua Cloud Security Platform to help security teams to “better operationalize risk findings to rapidly reduce risk and help developers quickly fix issues,” the company said in a news release. Using the tool, development and security teams can generate detailed remediation steps automatically and do so for “any misconfigurations and vulnerabilities across multiple clouds and workload types,” Aqua Security said.

Cymulate Platform Updates

Cymulate unveiled new capabilities around attack simulation on public cloud platforms. The new and expanded attack simulation templates and resources cover the three largest clouds—AWS, Microsoft Azure and Google Cloud—and come as attacks against containers continue to increase, Cymulate said in a news release. Cymulate’s Exposure Management and Security Validation platform now offers discovery of cloud assets for inventory of virtual machines, storage objects, virtual private clouds, Kubernetes containers and entitlements, the company said. Cymulate says it offers “unified attack path mapping” that creates a “visual road map and analysis across multi-cloud, on-prem and hybrid environments.”

ThreatConnect Intelligence Requirement

ThreatConnect, which aggregates cyberthreat intelligence feeds and then prioritizes threats tailored to customers, unveiled a new capability that enables customers to better manage their threat intelligence requirements and requests for information. The new Intelligence Requirement tool makes it “easier to identify relevant intelligence, track the value of their intelligence sources and take proactive action against the most dangerous threats,” ThreatConnect said in a news release. The capability ultimately helps organizations to more effectively articulate the requirements they have around threat intelligence, while also improving productivity by “automatically parsing incoming and relevant intelligence related to each requirement,” the company said.

Adlumin IR Subscription

Managed detection and response provider Adlumin debuted a new incident response option that is subscription-based and aims to “drastically reduce the cost of securing organizations of all sizes,” particularly when it comes to SMBs, the company said in a news release. The IR service— which makes an expert response team available on a 24/7 basis—is offered to customers that either use the company’s security operations platform directly or use its MDR service, Adlumin said. The affordable price service promises responses within one hour along with up to 80 hours of support annually, as well as threat intelligence and hunting, according to the company.

Adaptive Shield ITDR

Adaptive Shield, which focuses on providing security for Software as a Service, unveiled its expansion into the identity threat detection and response (ITDR) space to assist with protecting against growing identity-based threats. The ITDR offering utilizes key IOCs (indicators of compromise) to detect potential identity-related breaches and enable mitigation, the company said in a news release. Combined with Adaptive Shield’s capabilities around SaaS security posture management, the company’s addition of ITDR “now addresses the complete SaaS ecosystem security life cycle,” Adaptive Shield said.

Expel Vulnerability Prioritization

Expel said that its new Vulnerability Prioritization service, which informs organizations about the highest-risk vulnerabilities that need to be addressed, is now generally available. The service “quickly assesses exploitability, evidence of real-world attacks and intent from social platforms,” then “correlates that data with context from the customer’s business and asset prioritization,” Expel said in a news release. Ultimately, Expel Vulnerability Prioritization provides customers with a prioritized list of vulnerabilities and recommendations about action steps to take, the company said. The service leverages the Expel Workbench security operations platform and offers integrations with widely used vulnerability management tools, according to Expel.

Contrast Security Platform Update

Code security platform Contrast Security introduced a new capability for security observability with the aim of enhancing visibility into the security of apps and APIs. Contrast’s new security observability capability offers “total visibility into the security-relevant behavior of every application and API to accelerate threat modeling, penetration testing, risk prioritization and incident response,” the company said in a news release. The update to Contrast’s platform also enables continuous monitoring for vulnerabilities in code—whether it’s custom or third-party code—as well as detection and prevention of exploit attempts, Contrast Security said.

Cycode Platform Updates

Cycode unveiled an expansion to its application security posture management platform, with the addition of detection capabilities for hard-coded secrets in several cloud-based environments. The Cycode platform now enables secrets scanning in AWS S3 buckets, Microsoft Azure environments and Confluence, the company said in a news release. In addition, Cycode disclosed a new collaboration with Azure DevOps pipelines that aims to “ensure end-to-end supply chain integrity,” the company said.