30 Hot New Security Products Announced At RSA 2017
Hot At RSA
With all eyes on the 2017 RSA Conference in San Francisco, Calif. last week, security companies were bringing their newest and best solutions to the event, launching new features, platforms and integrations that will set the stage for the year to come. For many companies in the security industry, RSA provides a chance to explore new strategic directions and evangelize new products for partners. From machine learning to data security, to endpoint security, to SIEM, take a look at 30 of the new security solutions that were announced at the RSA Conference this year.
HPE announced two new additions to its enterprise data security and IoT security portfolios at RSA 2017, part of a push by the company to bring more of those types of security solutions through the channel. The new HPE SecureData for Hadoop and IoT solution, launched at the 2017 RSA Conference in San Francisco, Calif. this week, brings the HPE Format-preserving Encryption (FPE) to the extensive data flows that are created by the Internet of Things. The launch also adds Apache NiFi, a platform for automating the movement of data between disparate systems, integration with NIST standards and FIPS compliant technology. The launch builds on an HPE pledge last year to move more of its security portfolio through the channel, starting with its data security portfolio, which had previously only been sold directly. HPE also announced the beta of ArcSight Investigate, which acts as a "search and investigate" tool for security analysts in the security operations center by embedding HPE Vertica and then integrating Hadoop.
Intel Security continued to build on its integrated security strategy vision at RSA 2017, rolling out multiple new solutions and initiatives to bring together fragmented security solutions. The company announced the McAfee Enterprise Security Manager (ESM) 10 and McAfee Virtual Network Security Platform (vNSP), which update the company's SIEM solution with a new user interface, threat intelligence, Foundstone threat researchers and extended protection to AWS and OpenStack cloud deployments. Intel Security also announced 16 new partnerships in its McAfee Data Exchange Layer, new integrations to its OpenDXL initiative and the company's integration with the Cyber Threat Alliance Platform (CTAP).
Mimecast Internal Email Protect
Mimecast is expanding its email protection, adding new capabilities to protect against threats from internally generated emails. The new Mimecast Internal Email Protect solution, part of the Targeted Threat Protection (TPP) service portfolio, adding capabilities to detect and remediate email threats that start from an internal email source. These capabilities are important to protect against social engineering and CEO spoofing attacks, as well as compromised accounts or insider threats. The Mimecast Internal Email Protect solution is an add-on subscription to existing TPP licenses.
FireEye continued to build on its HX endpoint security offering at RSA 2017, announcing the addition of prevention capabilities through an OEM relationship with a leading anti-virus solution to supplement the behavioral analysis capabilities of its Exploit Guard solution. The AV integration is expected in the first quarter of this year, the company said. FireEye also added support for macOS endpoints. FireEye VP of Channels Chris Carter said in a statement that the launch builds on the company's Helix platform strategy for partners.
"Our endpoint solution gives our partners the best technology and a simplified sales process that demonstrates the value of working with FireEye," Carter said. "We're evolving quickly to be more channel-friendly, and we'll look to our partners to drive products like endpoint and Helix into the market where they can make a difference for customers on the front lines."
In advance of RSA, Microsoft rolled out a series of security enhancements across Windows, the cloud and Office 365, building on the company's commitment to invest more than $1 billion a year in security. The announcements included Azure SQL Database Threat Detection, general availability of Enterprise Threat Detection, an Azure Security Center, and Operations Management Suite, and the addition of Windows 10 and Surface to the NSA's Commercial Solutions for Classified Programs list. Microsoft also announced the Office 365 Security Sore, a private preview of Office 365 Threat Intelligence and a public preview of Office 365 Advanced Data Governance. Finally, the company announced a partnership with SailPoint to bring access management and identity protection around Microsoft Azure Active Directory, a new Cybersecurity Administration learning path for the Microsoft Software & Systems Academy and a new Enterprise Mobility + Security Playbook.
Symantec continued to boost its cloud security portfolio at RSA 2017, announcing new additions to its Symantec Cloud Security Platform that bring together the Symantec and Blue Coat Systems portfolios. Symantec announced the integration of its DLP offering with its cloud-delivered Web Security Service, bringing DLP across the web, email, and the cloud. Symantec also announced a new Malware Analysis Advanced Service and new Universal Policy for Web Security Service.
Symantec also announced new cloud security solutions, including a Cloud Workload Protection solution for automated security policy enforcement for cloud applications, AWS support for its Web Application Firewall and Azure support for its CASB solution.
Splunk Adaptive Response Initiative
Building on its Adaptive Response Initiative announced at RSA last year, Splunk announced the addition of five new partners to its partner program, bringing the total number of technology partners to more than 20. The new members include AlgoSec, Demisto, RedSeal, Resolve Systems and Symantec ATP. Splunk said these additions add new capabilities to the Splunk Enterprise Security platform around analyzing, accessing and responding to threats.
"Digital transformation is forcing organizations to strengthen their security posture through security analytics. While thousands of organizations rely on Splunk to analyze, assess and respond to threats, we cannot fight them alone," said Haiyan Song, senior vice president of security markets, Splunk, in a statement. "Security is a team sport. It is more important than ever for industry-leading technologies in our Adaptive Response Initiative to work together and help organizations detect and defend themselves from growing cyber threats."
IBM Watson for Cyber Security
IBM is officially bringing its Watson technology to cybersecurity, announcing the availability of IBM Watson for Cyber Security. By integrating Watson with its X-Force Command Centers, rolling out a new voice-powered assistant code-named Havyn to respond to security analyst commands and making available a new app on the IBM Security Exchange called IBM QRadar Advisor with Watson, IBM said it is aiming to build what it says is a cognitive platform for security operations. IBM also announced a new EDR solution called IBM BigFix Detect to bring these capabilities down to the endpoint and an integration of IBM Resilient's Incident Response Platform (IRP) with Watson for orchestration and automation.
"The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next generation threats," Denis Kennelly, vice president of development and technology, IBM Security, said in a statement. "Our investments in Watson for Cybersecurity have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime."
Imperva SecureSphere File Firewall v12
Imperva announced the launch of Imperva SecureSphere File Firewall v12 at RSA 2017, a launch that adds specific capabilities to fight ransomware. The version update adds detection capabilities for ransomware, adding deception-based capabilities to identify and quarantine affected users, real-time monitoring to detect attacks and quarantines an affected user if a threat is identified before it infects the enterprise file services.
"It's not the cost of the ransom that hurts the business; it's the downtime," Amichai Shulman, CTO and co-founder of Imperva, said in a statement about the new version. "We have carefully studied ransomware behavior to develop this unique combination of deception technology and real-time monitoring. The best defense is to catch the extortionists before files are taken hostage."
CrowdStrike announced enhancements to its flagship Falcon offering, adding new capabilities for machine learning and advanced endpoint protection. CrowdStrike announced five new modules for its Falcon EDR platform, including CrowdStrike Falcon Prevent for behavioral analytics-based antivirus replacement, CrowdStrike Falcon Insight for EDR, CrowdStrike Falcon Discover for application usage and privileged user account monitoring, CrowdStrike Falcon Intelligence for analytics and threat intelligence, and CrowdStrike Falcon OverWatch for managed threat hunting. The launches are significant because they further position CrowdStrike to be a full-AV replacement, with modular ways for customers to add on further endpoint security capabilities.
AlienVault Unified Security Management Anywhere
AlienVault announced the extension of its flagship Unified Security Management platform to the cloud, with the launch of AlienVault Unified Security Management Anywhere. The platform is a software-as-a-service security monitoring platform that is fully delivered in the cloud to offer a centralized location for threat detection, analytics, threat intelligence, incident response, compliance management, orchestration, policy management, automation and more. The solution works across cloud, hybrid and on-premises environments. AlienVault said the cloud-delivered solution means faster deployment, easier management and a cost-effective solution for price-conscious businesses.
Juniper Networks announced that it had added multiple new partners to its technology alliance program, including Carbon Black, Netskope, CipherCloud, ForeScout and Aruba. The Sunnyvale, Calif.-based company said the additions would help it further expand its Software-Defined Secure Networks platform, something it said is important as customers look to simplify their security ecosystems. These additions, in particular, add capabilities around endpoint security, cloud access security brokerage, policy management, access control, and more, the company said.
Qualys and IBM have expanded their partnership, the two companies announced at RSA, bringing together Qualys' IT security solutions with IBM's managed security services portfolio. Under the partnership, IBM will bring Qualys Vulnerability Management, Policy Compliance, Continuous Monitoring and ThreatPROTECT to its IBM X-Force Command Centers around the world, boosting its visibility and security management capabilities.
"Qualys' cloud-based platform uniquely provides real-time visibility of IT security and compliance posture on a global scale," John Wheeler, vice president, services strategy and offering management, IBM Security, said in a statement. "We are pleased to integrate Qualys' platform into our MSS portfolio so we can provide customers the continuous view of their security and compliance across all their global assets. In addition, our companies continue to improve product-level integrations and information sharing in products such as Qualys Vulnerability Management and IBM QRadar to help customers derive even more value from their security services."
Carbon Black announced multiple new partnerships at RSA 2017, bringing its next-generation antivirus capabilities to a broader market through agreements with Arrow Electronics and SecureWorks. Carbon Black acquired its Cb Defense next-generation antivirus solutions in July with its acquisition of Confer. Under the partnership agreement with Arrow, resellers will get access to all Carbon Black solutions, including Cb Defense. SecureWorks will also offer the Carbon Black Cb Defense solution as a managed, next-generation antivirus solution for enterprise and SMB clients.
PhishMe Simulator, PhishMe Triage
PhishMe launched enhancements to two of its solutions at RSA 2017. PhishMe upgraded its PhishMe Triage solution, which provides phishing threat management and remediation, with new analytics capabilities. That includes an integration with Palo Alto Networks Wildfire, new hex viewer for raw file attachment viewing, and weekly reporting capabilities. It is available on-premises, virtual or as a fully-managed solution. PhishMe also enhanced its PhishMe Simulator solution, which provides human training for phishing attacks through simulations. PhishMe added a new gamified training platform, an enhanced dashboard for management, reporting and visibility, and mobile phishing reporting through PhishMe Reporter.
Appthority Mobile Threat Defense
Enterprise mobile security company Appthority announced updates to its Mobile Threat Defense platform at RSA 2017. The updates integrate the platform with the company's security research to automatically update with new mobile threats, expanding threat detection and remediation through the Appthority MTP Mobile App, and policy customization options. The company also enhanced the Appthority MTP dashboard with actionable threat intelligence, mobile event data, and added a new Appthority EMM Connector to integrate with existing EMM systems including MobileIron, Airwatch and Citrix.
Siemplify ThreatNexus MSSP Orchestration Platform
New York City-based Siemplify announced that it was extending its security operations platform to MSSPs with the launch of the Siemplify ThreatNexus MSSP Orchestration Platform. The platform allows MSSPs to run a managed SOC, providing capabilities for case management, analytics and orchestration under a single pane of glass. It also allows MSSPs to have a centralized management platform for multiple SIEM solutions, customizable dashboards and automated reporting, and leverage orchestration and automation to meet security SLAs.
"As the MSSP market is seeing significant growth, our MSSP partners are looking to ThreatNexus as a catalyst," Amos Stern, Co-founder & CEO of Siemplify said in a statement about the launch. "With ThreatNexus, MSSPs are able to scale efficiently and meet growing customer demands profitably."
illusive Deception Management System
illusive networks launched the illusive Deception Management System (DMS) at RSA 2017, a platform that uses machine learning and deception technology to detect attacks. The solution uses machine learning capabilities to automatically and autonomously place deception decoys in the network and then adapts as necessary based on real-time monitoring.
"Attack vectors change with lightning speed leaving little to no time to wait for human intervention," CEO Ofer Israeli said in a statement about the launch. "As cybercriminals launch increasingly sophisticated attacks, it's more imperative than ever to continuously create and plant deceptions in real time that are impossible for attackers to discern from real network assets. Using advanced machine learning, illusive DMS takes deception cybersecurity to the next level by automatically customizing and continually adapting deceptions with zero disruption to business — but total disruption to cyber attackers."
GigaSECURE SSL/TLS Decryption
Gigamon announced at RSA 2017 that it had enhanced its GigaSECURE SSL/TLS Decryption solution with additional visibility capabilities. Specifically, the company announced support for both inline and out-of-band decryption, with supported ciphers now including Diffie-Hellman (DH), Diffie-Hellman Ephemeral (DHE), Perfect Forward Secrecy (PFS) and Elliptic Curve. The launch comes as encrypted traffic continues to proliferate, which can create a blind spot for organizations if the encryption is hiding malware.
"Inline SSL decryption represents a strategic technology evolution that further expands the benefits of the Gigamon Security Delivery Platform," Ananda Rajagopal, vice president of products at Gigamon, said in a statement. "By offering SSL decryption as a service in the Security Delivery Platform complemented by strong policy enforcement, organizations can create a centralized ’decryption zone', enabling them to more easily see and manage their growing SSL/TLS traffic volumes, while enabling their security tools with newfound visibility into formerly encrypted traffic and threats."
Cybereason Endpoint Security Platform
Cybereason, a Boston, Mass.-based endpoint detection and response startup, announced the expansion of its platform to include next-generation antivirus functionality. Cybereason did not say which NGAV company it was integrating to add the capabilities. The platform update allows for automated threat prevention, pinpointing both known and unknown malware, adding to the company's existing detection and response capabilities.
"The introduction of the new Cybereason platform furthers the mission of reversing the hacker advantage in the connected, digital world," Chief Product Officer Sam Curry said in a statement. "AV is failing. We're leveraging our ability to detect threats and adding NGAV to enable our customers to automatically block all threat types, not just known bad files." The integrated solution will be available in the second quarter, the company said.
Cybereason also announced the launch of announced version 2.2.3 of RansomFree. The latest version adds behavioral detection improvements, deception method improvements, a smaller footprint and removable media capabilities to the free anti-ransomware product.
RedSeal expanded its cybersecurity analytics platform at RSA 2017 with multiple new integrations and platform enhancements. The Sunnyvale, Calif.-based company announced expanded integrations with Splunk's Enterprise Security SIEM, Rapid7's Nexpose vulnerability management software, and ForeScout's CounterACT. RedSeal also announced the expansion of its platform, including the ability for modeling of software-defined networks in VMware NSX and Amazon Web Services Virtual Private Clouds.
"Enterprises today have complex network infrastructures with many point product security solutions," said Ray Rothrock, chairman and CEO of RedSeal in a statement. "To improve their resilience in the face of inevitable attacks, they need a holistic view of their network that's deeply integrated with their current security solutions."
Irvine, Calif.-based SecureAuth expanded the fraud prevention capabilities of its adaptive access control solution last week, to help companies identity, block and protect against those trying to exploit two-factor authentication. The company added the capability to block recently ported numbers, block by number case (such as blocking virtual or toll-free numbers), block by carrier, and one-time passcode spam prevention.
"It is often credentials themselves that are targeted, either directly or opportunistically, to be used in later breaches," Keith Graham, chief technology officer at SecureAuth, said in a statement. "Organizations are deploying adaptive access control methods to prevent the misuse of stolen credentials, but attackers are evolving to take advantage of SMS delivery methods. By performing multiple pre-authentication risk checks, including phone number fraud prevention and other techniques, organizations can determine their customer, 3rd party and employee identities with confidence while still delivering a pain-free user experience."
Vera for Mail
Vera expanded its data security platform at RSA, announcing the launch of Vera for Mail to extend its data protection capabilities to email. The launch adds to Vera's Vera for Files and Vera Platform solutions and gives capabilities for encryption and to dynamically permit and remove access to confidential communications and content.
"In today's collaborative enterprises, email encryption, audit, and access control is an absolute necessity. Unfortunately, other encryption solutions just aren't user-friendly or foolproof enough for daily use," Ajay Arora, CEO and co-founder of Vera, said in a statement. "With Vera for Mail, the days of email leaks are finally over. This is the next stage in our long-term quest to protect enterprise data through the last mile, secure every collaboration channel, and ensure the confidentiality and integrity of our customers' most valuable data." The solution will be available in private beta this spring.
SecurityScorecard announced the launch of the public beta of Malware Grader. The free solution allows companies to continuously monitor their infrastructure for malware, providing alerts on events and an A to F grade on the ability to prevent, detect and remediate malware events. The tool also provides weekly summaries. It builds on the SecurityScorecard platform, which provides security ratings and continuous risk monitoring.
"Malware is an important security concern affecting almost every business." Aleksandr Yampolskiy, CEO and founder of SecurityScorecard, said in a statement. "By adding Malware Grader to our suite of free security tools, we want to help all companies go beyond malware and raise awareness for other critical risk categories to monitor, from leaked information to hacker chatter, that contribute to the true security posture of an enterprise."
Akamai Web Application Protector, Kona Site Defender
Cambridge, Mass.-based Akamai announced the launch of Web Application Protector at RSA 2017. The Web Application Protector solution, part of the Akamai Web Security Solutions portfolio, provides protection against DDoS attacks without having to configure and maintain a web application firewall by adding application layer protections, DDoS protections, custom rules and self-service capabilities that are monitored and continuously updated by Akamai. Akamai also announced updates to its Kona Site Defender, adding new API protections against known vulnerabilities, excessive rates of calls and slow POSTs. The company also added SIEM integrations to Kona Site Defender.
Arlington, Va.-based ThreatConnect announce an expansion of its security operations and threat intelligence platform at RSA 2017, adding four new products to its ThreatConnect Platform: TC Complete, TC Identify, TC Manage and TC Analyze. TC Complete is a security operations and analytics platform that allows for orchestration, analytics, response and reporting in a centralized platform. TC Identify includes threat intelligence streams from more than 100 open source threat intelligence feeds, as well as the company's threat intelligence. TC Manage adds orchestration, and TC Analyze adds threat intelligence data analytics and prioritization.
Centrify Risk-Based Access Service
Identity security company Centrify announced at RSA 2017 the launch of its new Risk-Based Access Service, which provides machine learning capabilities to provide a risk score on a user's behavior for access and authentication decisions. Chief Product Officer Bill Mann said this approach would help companies better tailor security policy to each user's behavior, providing for better flagging of risky behavior.
"We're helping IT professionals minimize the risk of being breached — with immediate visibility into account risk, without poring over millions of log files and massive amounts of historical data," Mann said in a statement. "And thanks to our broad set of enforcement points that include applications and IT infrastructure, we can enforce risk-based policy in real-time, at the point of access. This means high-risk threats can be blocked, while low-risk users get authorized access to apps, privileged credentials, or privileged sessions."
Bay Dynamics Application Value At Risk
As companies look to quantify their cyber risk, Bay Dynamics has rolled out a new solution to help them measure the risk associated with specific threats and vulnerabilities. The Application Value at Risk solution, part of Bay Dynamics' Risk Fabric platform, allows companies to continuously calculate risk based on threat, vulnerability and business context, and assigns a dollar amount to those risks. This helps companies prioritize their security risks, the company said.
BluVector capitalized on a recent acquisition by private equity firm LLR to launch new product enhancements and executive hires. The Tysons Corner, Va.-based machine learning company announced the launch of new features to its platform, including improved machine learning for advanced threat detection and resolution, expansion of targeting logging for threat intelligence, improved enterprise manageability, and enhanced integration for endpoint blocking and data gathering. BluVector also announced the addition of former Verint executive David Capuano as chief marketing officer and former Clarabridge executive Steven Golsch as chief people officer.
AppViewX, a security management, orchestration and automation company, announced the launch of SSH+ at RSA 2017. The solution is a key management and automation solution for SSH protocols, helping companies identify, provision, change and secure SSH keys automatically. At a high level, the solution allows companies to identity SSH key use, administer SSH keys and provide policies for use across an enterprise.
"Enterprises believe that SSH protocols in their infrastructure guarantee the security of their data and applications," said Muralidharan Palanisamy, Chief Product Officer at AppViewX, said in a statement about the launch. "But organizations need to understand that the underlying SSH keys need to be managed and automated to prevent security breaches. SSH+ helps by creating a set process to secure SSH keys thereby protecting them from unauthorized usage."