The 10 Coolest Cybersecurity Tools and Products In 2023 (So Far)
While generative AI has been a major focus for many cybersecurity vendors recently, plenty of other new products — including in cloud security, identity protection and SASE — have debuted during the first half of the year.
Cybersecurity Tools To Know
During the first half of the year, the list of vendors that announced new cybersecurity tools leveraging generative AI grew rapidly. In particular, many cybersecurity companies found that utilizing large language models (LLMs), such as OpenAI’s GPT-4, could help with some of the most vexing challenges faced by security teams — such as the need to analyze huge quantities of data and pinpoint the actual threats. But while there’s no question that generative AI holds massive promise for improving cybersecurity tools, there were plenty of notable product announcements in the space during the first six months of 2023 that did not involve LLMs. Plenty of other new products — including in cloud security, identity protection and SASE (secure access service edge) — were unveiled by top cybersecurity companies during the first half of the year, and we’ve collected the details on 10 of the new security tools that have come onto our radar at CRN.
Vendors including Palo Alto Networks, Zscaler, CrowdStrike, Okta and SentinelOne have been among the companies that recently debuted cybersecurity products and tools of note. And, indeed, channel partners are taking notice. For instance, Zscaler unveiled Risk360, a new cyber risk quantification and visualization tool, earlier this month. Risk360 stands out with its ability to take findings on cyber risk and “translate that into money” for organizations, said Eduardo Ibanez, co-founder and CEO of Dazzpers, a San Ramon, Calif.-based cybersecurity consultancy and Zscaler partner. Security tools like Risk360 that can provide a visualization that tells a story from the data “have a lot of potential for speeding up the sales cycle,” Ibanez told CRN.
Other new cybersecurity offerings in segments such as MDR (managed detection and response) and cybersecurity asset management have also caught our attention during the first half of the year.
The new tools have arrived as security threats continue to intensify: As one high-profile example, the list of organizations that’ve been breached in connection with a critical vulnerability in the MOVEit file transfer tool continues to grow by the day. The MOVEit-related attacks by cybercriminal group Clop have compromised multiple government agencies and dozens of companies, and led to the theft of sensitive data for millions of individuals in recent weeks.
As we continue to track the new technologies that aim to help partners and customers to keep up with the latest threats, what follows are the key details on 10 of the coolest new cybersecurity tools and products in 2023 so far.
Barracuda unveiled its SASE (secure access service edge) platform, SecureEdge, which is targeted both at the vendor’s small and medium-sized enterprise customers as well as at MSPs. The “enterprise-grade” SASE platform brings together a number of Barracuda capabilities — including SD-WAN, firewall-as-a-service, zero trust network access (ZTNA) and secure web gateway (SWG) — to ultimately provide improved security and management for organizations with hybrid and remote teams, Barracuda said. Functionality including selective security inspection, for instance, aims to help enables MSPs to achieve greater control over application traffic, the company said.
In today’s environment, “the customers are demanding integrated and platform-based solutions,” Barracuda CEO Hatem Naguib (pictured) told CRN in a recent interview. “I think for a lot of customers, they see that trend of bringing things together [in security and networking]. They may not know it’s SASE. They may not know it’s secure edge. But they do know that they can’t have point products all over the place. They’re struggling with how to manage that.”
Okta Security Center
Okta announced general availability for Security Center, a new feature for its Customer Identity Cloud platform that enables organizations to deploy the appropriate identity security level based on the current threat environment. For instance, “if you are experiencing an attack, you can turn on these advanced features and then dial them back after the attack dies down,” said Jameeka Green Aaron (pictured), CISO for customer identity at Okta, in a recent interview with CRN. Additional security features that might be enabled could include a CAPTCHA challenge or adaptive multi-factor authentication, and the Security Center capability can also recommend security measures based on the threat level for each organization’s specific industry, Aaron said.
“Obviously with customer identity, customer friction cost money — it causes users to abandon the login process. But also, compromised accounts cost money. And so ultimately, we do have to balance how much security we put in front of our users,” she said. Ultimately, “we are putting that power in our customers’ hands,” Aaron said. “It’s not up to Jameeka to say, ‘Hey, turn on CAPTCHA.’ It’s really up to the customer to decide the experience.”
Huntress MDR For Microsoft 365
Huntress announced the expansion of its managed detection and response (MDR) platform to also cover Microsoft 365, in addition to endpoints. The offering includes monitoring of Active Directory activity and detection for identity compromise, along with 24/7 analysis and remediation by human operators.
Huntress’ ability to cover Microsoft 365 will prove to be “super critical,” at a time of widespread phishing attacks delivered via cloud-based email, as well as attacks targeting SharePoint and OneDrive, according to James Vujicic, COO at Tech-Keys, an MSP that has been working with Huntress over the past two years. “With a lot of our clients, we’re pushing them in the direction of the cloud, and using services like SharePoint and OneDrive,” he said. “So we need to be able to protect any Microsoft 365 products that are cloud-based.”
The expansion by Huntress to cover Microsoft 365 with its MDR platform is a sign of how “our partners really shape our entire roadmap,” Huntress Co-Founder and CEO Kyle Hanslovan (pictured) said in a recent interview with CRN. The whole idea with offering a security platform is that it’s not meant to consist of “separate products that work as their own little silos,” Hanslovan said.“It’s supposed to be truly a fully managed security platform.”
Palo Alto Networks ITDR
Palo Alto Networks updated its Cortex XSIAM (extended security intelligence and automation management) platform with the introduction of a new capability aimed at thwarting identity-driven attacks. Utilizing the vendor’s AI technology, the identity threat detection and response (ITDR) module analyzes data from user identities and behavior to rapidly detect identity-based attacks and enable security teams to mitigate the issues. The ITDR offering leverages data from sources including authentication, endpoints, email, cloud identities and human resources, and its AI models can be trained to spot suspicious user behavior as a way to proactively address insider threats, according to Palo Alto Networks. With the update, Cortex XSIAM now consolidates ITDR with other security operations functionality including user and entity behavior analytics (UEBA) and insider risk management, simplifying the use of the capabilities for security teams, the company said.
In a recent interview with CRN, Palo Alto Networks CEO Nikesh Arora said that the company is creating a “new paradigm” for security operations with Cortex XSIAM. “The new paradigm is we have to collect good data, we have to analyze good data, we have to figure out anomalous behavior and stop it as it is happening,” Arora said. “To me, that is the Holy Grail of security — [being able to offer] real-time security, blocking the event as it’s happening.”
Zscaler unveiled Risk360, a new tool for risk quantification and visualization that aims to help organizations make better — and faster — decisions about reducing their security risk. The new capability leverages a range of data sources within the Zscaler platform to provide what the company says is “unparalleled” visibility. Users can use the tool to obtain risk scores, in real time, for different stages of a cyber incident and visualize risks across four key entities: the workforce, assets, applications and third parties. The framework also offers visualization and reporting capabilities, according to Zscaler, highlighting the biggest drivers of cyber risk and providing an estimate for financial exposure. Additionally, Risk360 provides remediation recommendations and guided workflows to enable the most critical issues to be addressed promptly, Zscaler said.
With something as complex as cybersecurity, any time that “you can show some key performance indicators to top-level management, that is really meaningful,” said Eduardo Ibanez, co-founder and CEO of cybersecurity consultancy Dazzpers. “Because sometimes, if you try to tell that kind of story to an exec, they are not going to understand the technical stuff. But if you can show them, ‘With this technology, we have these benefits, and here you can see some charts some trends to the visitor’ — that is amazing. I really like those kinds of products.”
CrowdStrike and observability startup Cribl introduced a new tool that simplifies the method for getting security and IT data onto the CrowdStrike Falcon platform. The new offering, CrowdStream, is powered by the open observability platform from Cribl, a venture-backed company whose investors include CrowdStrike.
The CrowdStream platform natively connects third-party data sources to CrowdStrike Falcon using the Cribl observability pipeline, simplifying and lowering the cost of bringing data onto the Falcon platform, the companies said. Third-party products that CrowdStream can work with include security information and event management (SIEM) tools, firewalls and essentially “any source” — even products outside of cybersecurity, according to Daniel Bernard (pictured), chief business officer of CrowdStrike.
The offering ultimately aims to accelerate adoption of CrowdStrike’s XDR and log management technologies, while also helping to aggregate data for the training of AI and machine learning models. In order to accelerate the deployment of XDR, the key is to “get more data in the platform,” Bernard said during a recent interview with CRN. And Cribl, he said, is “leading the market right now when it comes to data movement.”
Netskope Endpoint SD-WAN
Netskope introduced a new offering, Endpoint SD-WAN, which can provide organizations with a software option for secure SD-WAN connectivity from laptops and other endpoint devices without the need for deploying hardware. Netskope Endpoint SD-WAN offers simplified management and high-performance application connectivity — including for key apps such as voice and videoconferencing — along with an “optimized” experience for users through simultaneously leveraging multiple data centers, the company said. Notably, the offering utilizes Netskope’s software-based secure access service edge (SASE) client and can provide organizations with a single-vendor SASE platform, the company said — through combining SD-WAN capabilities with the key security service edge (SSE) functionality such as cloud access security broker (CASB), zero trust network access (ZTNA) and secure web gateway (SWG).
For the significant portion of customers that are seeking a single-vendor SASE platform, “we’re one of the only ones who can deliver that full thing,” said Netskope Co-Founder and CEO Sanjay Beri (pictured) in a recent interview with CRN. “But when we do it, we don’t just deliver it as a price-list integration, which is what many do. We are truly integrated.” The company has also released its Endpoint SD-WAN offering “on the same [software client] footprint we already had. So you can just upgrade,” Beri said. “You can do CASB and SWG and firewall and private access and everything — and now [you] can also, on that same software client, do SD-WAN and endpoint DLP.”
World Wide Technology — which has partnered with Netskope for the past three years — has been finding strong customer demand for Netskope’s offerings, and is “excited about their expansion into SD-WAN,” said Bob Olwig, executive vice president of global partner alliances at WWT. “Now Netskope can become more of a platform play — providing the true SASE platform experience, both on the networking side and on the security side.”
SentinelOne announced the general availability of new capabilities that are enabled by its integration with cloud security vendor Wiz. The integration is initially between SentinelOne’s cloud workload protection platform and complementary capabilities from Wiz, including its widely used cloud security posture management technology. The move is “really about creating a more-seamless experience” for partners and customers, through simplifying management and creating “compounded value by joining two separate parts of cloud security into one cohesive fabric,” said SentinelOne Co-Founder and CEO Tomer Weingarten (pictured) in a recent interview with CRN.
Wiz “has built a phenomenal cloud inventory visibility platform, that for a lot of the public cloud users, just gives them unfettered visibility into their entire footprint. And to us, it was always a missing piece — where we can secure that footprint for you, but we don’t always see and scan and find that footprint. That was [Wiz’s] concept,” Weingarten said. “So if you take their ability to see everything you have in the cloud, identify what could benefit SentinelOne protection — and now have one-click deployment to all of it, and get back the alerts into one place, get enrichment to all of it — then you have a whole new way to think about cloud security in a very seamless way.”
Assaf Rappaport, co-founder and CEO of Wiz, told CRN that this type of tight integration between two widely deployed cybersecurity vendors can help meet the rising demand for tool consolidation from customers and partners. While “everybody talks about consolidation,” it doesn’t necessarily need to be vendor consolidation, Rappaport said. Instead, SentinelOne and Wiz are working together to create “platform consolidation [around] how these things work together” to achieve the same improved outcome for partners and customers, he said.
Lacework debuted new capabilities aimed at allowing partners and customers to more easily pinpoint the cloud identities that pose a security risk, while also providing recommendations for how to mitigate the issues. The recently unveiled CIEM (cloud infrastructure entitlement management) capabilities utilize Lacework’s Polygraph machine learning engine, and involve dynamic discovery of cloud identities — across users, groups, roles and resources — to uncover cases of excessive privilege.
Lacework’s technology then comes up with a risk score for every identity and discovers the highest-risk identities using attack path analysis functionality, according to the company. The platform ultimately is able to automatically generate recommendations for resetting permissions to the correct level, Lacework said.
Cybersecurity asset management vendor Axonius announced a major new update to its platform that seeks to provide unheard-of visibility into installed software applications, with the aim of dramatically improving an array of critical security and business functions, Co-Founder and CEO Dean Sysman (pictured) recently told CRN. Axonius 5.0 also enables correlation of data about installed applications with other parts of an organization’s digital infrastructure in a way that’s never been possible before, according to the company.
Sysman said that the release of Axonius 5.0 and its new capabilities around installed software marks a major step in the company’s effort to become the industry’s go-to “system of record” for digital assets and infrastructure. “We’re not aware of any other platform that allows you to see this comprehensive level of your infrastructure,” Sysman said. “Today, we’ll have devices, identities, vulnerabilities, installed software and SaaS applications, all in one platform.”
With the newest add-on capability — Axonius Software Management — the platform can now consume inventories of installed software. The enhanced visibility into installed apps can enable improved whitelisting and blacklisting of software, while also giving a boost to vulnerability management, Sysman said. Customers and partners will also be able to use the capability to determine which software is end-of-life or end-of-support — and in some cases, whether software licenses could be utilized more fully.