33 Hot New Security Products Announced At Black Hat 2017

Red Hot At Black Hat

Security vendors took advantage of the Black Hat 2017 stage to show off their latest security innovations. The launches went head to head with some of the most nefarious threats and vulnerabilities, which were also on display this week at the conference in Las Vegas. The launches include enhancements to existing products to add new machine learning, analytics, threat hunting, threat intelligence, cloud security capabilities, and more. The event also saw the launch of entirely new security platforms to address gaps in today's security market. Take a look at more than 30 new products and product updates that were announced at the show.


McAfee made several announcements to enhance its portfolio at Black Hat 2017, particularly adding to its machine learning capabilities. The Santa Clara, Calif.-based company announced the launch of McAfee Advanced Threat Defense v4.0, which adds machine learning and automation capabilities to better detect threats. The McAfee ATD Email Connecter also extends those capabilities to email by forwarding suspicious attachments to the Advanced Threat Defense solution.

McAfee also announced enhancements to its Enterprise Security Manager offering, adding new risk assessment capabilities, a new McAfee Connect content portal, and the ability to monitor and analyze cloud activity, including around Office 365. McAfee also announced further product integrations in its portfolio, including unifying its McAfee Data Loss Prevention (DLP) Endpoint, DLP Prevent, DLP Discover and DLP Monitor for better efficiency, integration and analysis, and a new integration between its McAfee Cloud Threat Detection and McAfee Threat Intelligence Exchange to forward malicious samples from the endpoint to the cloud sandbox for analysis. Finally, McAfee announced a new online portal for its OpenDXL initiative.

Crowdstrike Falcon Search Engine

Crowdstrike enhanced its flagship Falcon platform Tuesday with the launch of the Crowdstrike Falcon Search Engine. The new solution is an index for cyberthreat intelligence and threat research, allowing for security researchers to search file metadata, binary contents, and related threat intelligence as they look to take advantage of data at speed in their Security Operations Center. The company also announced Crowdstrike Falcon MalQuery, a malware search engine that offers security researchers a way to search one of the largest malware databases in the industry for their malware research. CEO George Kurtz said in a statement that the launch provides threat researchers with the speed and full data sets they need to keep up with today's threat landscape.

"We believe that real-time data access is how cybersecurity professionals can get ahead of modern-day threats, and we've built the fastest AI-enabled platform that makes this possible. With today's launch, we are fundamentally changing the game by empowering threat researchers to outpace the adversary with this solution. CrowdStrike Falcon Search Engine enables the next-gen SOC to be more productive and acts as a powerful force multiplier for security teams," Kurtz said.

Fortinet Global Threat Intelligence Service

Fortinet announced on Monday the launch of the new Fortinet Global Threat Intelligence Service, a new offering the company said would provide CISOs and security professionals with the intelligence they need to stay ahead of threats. The service leverages Fortinet's FortiGuard Labs research. It includes information on specific threats, industry impacts, individual application vulnerabilities and malware, and global threat landscape activity, the company said.

"Given the maturity and breadth of our sensor network, Fortinet is uniquely positioned to provide accurate threat intelligence telemetry across a diverse and broad range of sources across the globe. FortiGuard Labs ingests over 50 billion events daily, and now with the FortiGuard Threat Intelligence Service, we are able to deliver those same extensive threat insights to our customers and the security community at large," Senior Vice President of Products and Solutions John Maddison said in a statement about the launch. The service is currently available in beta.

AlienVault Open Threat Exchange

AlienVault announced that it had expanded its AlienVault Open Threat Exchange, its crowdsourced threat intelligence offering. The San Mateo, Calif.-based company added new Adversary Pages to compile threat information on specific threat actors and groups, new groups to bring together security researchers and practitioners, new support for standardized data formats and protocols, and new support for YARA rules. The company also said it has launched Easy Pulse Creation Tools to make it easier to create pulses, which are summaries of threats, targets and IOCs.

"AlienVault OTX proves that the most powerful tool in the fight against cybercrime is community collaboration," Jaime Blasco, vice president and chief scientist at AlienVault, said in a statement about the launch. "And we have the best community online. Our OTX enhancements will provide our users with the tools they need to share the most recent threat intelligence they have on the most complex adversaries in the industry faster than ever before. In return, they get the most relevant and timely threat indicators they need to protect their environment for free."

Splunk and Booz Allen Hamilton

In advance of Black Hat, Splunk and Booz Allen Hamilton teamed up around actionable threat intelligence. The partnership brings together Splunk's software analytics platform with Booz Allen's Cyber4Sight insight and security intelligence offering, adding insights from the company's broad set of cyberthreat analysts and threat data. The result is a private beta of Booz Allen Cyber4Sight for Splunk, which is designed to provide security professionals with actionable threat intelligence in a central database.

"In today's cybersecurity landscape, security practitioners are frequently overwhelmed with investigating security threats. As hackers continue to find new ways to break into networks, it is essential to use real-time threat data to identify and respond to incoming attacks," Haiyan Song, senior vice president of security markets for Splunk, said in a statement. "The insight provided by Booz Allen Cyber4Sight for Splunk will help reduce the time organizations spend analyzing and identifying attacks and threat actors, empowering our customers to act quickly on threat intelligence, reduce costs and increase effective detection."

Qualys CloudView, Qualys Certificate Management

On Monday, Qualys announced the launch of CloudView, an expansion of its broad cloud security portfolio with a new application framework for its Qualys Cloud Platform. The new solution, which is starting with the launch of Cloud Inventory and Cloud Security Assessment, gives security teams a single-pane-of-glass view into their cloud infrastructure security, including around AWS, Azure and Google Cloud. Qualys said the launch fills a growing need for security visibility and compliance in the cloud and around DevOps. Qualys also announced the launch of a new application in its Qualys Cloud Platform for certificate management, called Certificate Management. The new app helps companies manage SSL/TLS certificates to prevent downtime, audit and compliance failures, and mitigate risk from expired or vulnerable certificates.

Ixia Active SSL

Ixia boosted the capabilities of its SecureStack offering Tuesday with the addition of Active SSL technology, which allows organizations to see inside encrypted traffic, then re-crypt it to maintain security. The launch responds to the growing threat posed by encryption, as more threats look to hide inside the encrypted network traffic.

"Encryption is a double-edged sword for networks. While it allows for the protection of data from nefarious actors, it also enables the same nefarious actors to hide their activity from monitoring tools and the IT professionals deploying them," said Scott Register, vice president of product management at Ixia, in a statement. "Ixia's Active SSL can be used to decrypt data once, and then allow processing by as many tools as needed, improving speed and latency of security solutions." Ixia said the solution will be available through a high-performance application module.

Skyport Systems Skysecure

Skyport Systems is boosting its security capabilities around hyper-converged infrastructure with the announcement Tuesday of updates to its Skysecure system. The updates include a new self-service capability for application deployment, policy management and troubleshooting. Skyport said the self-service capabilities solve a challenge around application deployment and policy management by giving application owners and DevOps teams the role-based ability to deploy gateways, configuration, and policies, instead of requiring the networking teams to do it.

"IT needs to be able to deliver on business demands and manage security concerns in real time, but there is often a gap between the two," Art Gilliland, CEO of Skyport Systems, said in a statement. "Relying on an old-school firewall to protect application owners from exposing the organization to risk doesn't work. Skyport delivers a cloud-like experience that provides application owners with the guardrails necessary to deploy fast and fail safe, while reducing the need for troubleshooting and the possibility of breaking the entire network."

IntSights Threat Intelligence Platform

IntSights, an Israeli-based threat intelligence platform company, announced on Tuesday the launch of its new advanced threat intelligence platform. It brings together threats from across the Internet, then uses machine learning and artificial intelligence to deliver both tailored and generic threat intelligence to enterprise security analysts. IntSights said this approach helps businesses better consume threat intelligence, rather than collect generic threat feeds from multiple vendors and integrate them together.

"We identify tailored threats to our customers – threat actors, malware and campaigns trying to cause harm to your organization – and help you to deflect them early in the cyber attack chain, thus weakening hacker arsenals and thwarting planned attacks," Guy Nizan, CEO and co-founder of IntSights, said in a statement. "We also provide fully automated remediation and orchestration, enabling security analysts to protect their companies against external threats without additional personnel."

Keeper Security Emergency Access

Keeper Security, a password manager and secure digital vault company, announced Tuesday that it had further enhanced its offering with the launch of the Emergency Access feature. It allows users of the solution to designate trusted family members or friends who can access their secure information in the event of an emergency.

Checkmarx Acquisition Of Codebashing

While not exactly a product announcement, application security company Checkmarx announced Monday that it had acquired Codebashing, an application security education company. Codebashing offers an application security training program for developers, which is delivered in a game-like way. Checkmarx said this addition will help the company fill a gap for companies around application security at the development level.


ThinAir is looking to help improve the data leak investigation process, announcing a new solution for insider detection and investigation. The company's solution continuously monitors and records user data at the endpoint, creating a "digital equivalent of an HD security camera" to aid security teams in their investigations.

"The combination of rapid information growth, escalating security threats, rising trend of insider threats and an unprecedented shortage of skilled IT and security resources makes it more difficult than ever to detect, investigate and respond to data breaches in a timely manner," Gajraj Singh, VP of marketing of ThinAir, said in a statement.

Capsule8 Protect

Capsule8, a Brooklyn, N.Y.-based threat prevention and response company, announced the launch of Capsule8 Protect at Black Hat. The new solution, which will be generally available this fall, is a threat prevention and response solution that's purpose-built for cloud environments, allowing it to protect both traditional and cloud environments. The company said the solution addresses the security challenges posed as companies move toward containerized and micro-service architectures. The platform includes capabilities for visibility, real-time threat prevention, automated attack resilience, intelligent investigation, an API-first approach, and easy integration, the company said.

Capsule8 also announced that former RSA Executive Chairman and CEO Art Coviello will join its board of directors.

Cloudwick CDL

Cloudwick announced the launch of CDL, a new security analytics platform that it says is the "first neutral security system of intelligence for cybersecurity." The platform brings together the intelligence and network telemetry data and analyzes it. The company also offers automation, detection, orchestration and analytics tools. Cloudwick said it looks to break down security silos by ingesting vast amounts of data and enhancing existing SIEM, EDR, IPS, UEBA, machine learning, analytics and intelligence solutions with additional analytics capabilities.

"CDL has democratized data analytics at scale by changing the model for cybersecurity, giving data ownership and control back to the enterprise and making it securely accessible for both traditional and modern analytic vendors," Thaddeus Blake, VP of alliances, Cloudwick said in a statement.

The company also announced the formation of the Cloudwick CDL Technology Partner Program. The new program – which already includes Bricata, Corelight, Graphistry, H2O, Ixia, Logtrust, Protectwise and Solarflare – provides sales, marketing, delivery and other resources to help accelerate product integrations and bring the company's analytics capabilities to customers.

RiskIQ Digital Footprint Snapshot

Digital threat management company RiskIQ announced a new enhancement to its portfolio on Tuesday as it rolled out the RiskIQ Digital Footprint Snapshot. The new solution provides a way for organizations to build a "snapshot" of their external digital assets. That information can then be used to determine their business risk and provide the foundational starting point for future security improvements. Businesses can use the tool for free to get a high-level view of their digital assets, the company said. The solution leverages RiskIQ's existing Internet reconnaissance, data sets, and analytics to create this report.

Cloudera Apache Spot 1.0

On Monday, Cloudera announced the availability of Apache Spot 1.0, an open source project to bring advanced analytics at scale to IT telemetry data. From a cybersecurity perspective, the company said the release allows for companies to accelerate their advanced threat detection and spot anomalies with analytics. Built on top of Hadoop, platform capabilities include improved machine learning stability, better run times and model performance for all DNS, proxy, and NetFlow workloads, and tighter integration with Hadoop distribution.

"Taking advantage of cross-community open source innovation to strengthen our solutions and deliver customer value is at the heart of Cloudera's strategy. With the release of Spot 1.0, we are excited to strengthen our cybersecurity solution as we look to help enterprises protect themselves in the hyper-connected, digital era we operate within." Cloudera CEO Tom Reilly said in a statement.

JASK Trident

Artificial intelligence security company JASK announced the launch of JASK Trident on Tuesday. It's a solution for security operations teams to use AI for alert triage, detection and investigations. To accomplish that, the solution monitors networks end to end, applies machine learning analytics, and offers data exploration and visualization capabilities. The solution is cloud-based and available as a subscription service, the company said.

CloudPassage Project Azul, Halo Platform Updates

CloudPassage, a cloud security automation company, announced updates to its CloudPassage Halo platform, including added support for Windows Server 2016, multi-factor authentication, and reporting features. CloudPassage also announced plans for container-automated compliance and security controls, a project it has code-named Project Azul. The company said the solution will include automated security for virtual machines, hosts and containers. The significance of that is that companies can have a single platform for cloud and virtualized environments, the company said.

Votiro SDS Version 7.1

Israeli security company Votiro announced an update to its secure email gateway solution, extending its capabilities around disarming and reconstructing files. In particular, the update expands the types of files the company can sanitize, adding support for Hancom .HWP, CAD .dwg, and .dwf. It also enhanced support around PDF and Powerpoint files. The update also added further capabilities around policy filtering, indicators for suspicious files, and digital signature validation. The company said all of these updates are especially important in the wake of the recent WannaCry and Petya outbreaks.

"We are very pleased to announce these key product updates," Votiro CEO Itay Glick said in a statement. "We are determined to ensure that our products can protect against a wide range of file formats in order to guarantee that catastrophic events do not occur as a result of information theft, denial of service and other security issues."

Lieberman Software Teams Up With VeriClouds

Lieberman Software and VeriClouds announced at Black Hat that they were teaming up around credential security. The partnership brings together Lieberman RED Account Reset Management, a self-service password reset tool for sensitive environments, with VeriCloud CredVerify technology, allowing for companies to block users from logging in with known compromised credentials. The integration adds to an existing integration between Lieberman's Privileged Identity Management solution and VeriClouds CredVerify.

"We're excited to release our latest product integration with VeriClouds," CEO Philip Lieberman said in a statement. "The VeriClouds service harvests the dark web to find compromised credentials that are easily available to nation-state attackers and cyber criminals. If a user of our RED Account Reset Management product attempts to log into a workstation or server with one of these known compromised credentials, the login can be blocked until the password is reset."


Ziften upped its capabilities around ransomware at Black Hat, an area that has been front and center after multiple high-profile ransomware campaigns this year. The company, which offers a visibility and control solution, added new ransomware-specific capabilities, including new features to find vulnerable systems, disable vulnerable systems through custom extensions, patch vulnerable systems, and detect ransomware by looking for quiet volume shadow copy service deletions.

enSilo Version 2.6

enSilo, an endpoint security startup, announced Version 2.6 of its platform at Black Hat. The company added enhanced capabilities around threat hunting, communicating applications, reputation scoring, and improved visibility around system events in its new System Events Viewer. The company said the latest update adds to its next-generation antivirus and EDR capabilities with new features to protect against advanced malware threats using automation.


Container security company Twistlock announced on Tuesday that it had extended its support to AWS Lambda, Google Cloud Functions, and Azure Functions. The announcement further moves Twistlock away from pure container security, offering a centralized management tool to detect and prevent vulnerabilities across both container and cloud environments.

"As we work with enterprises around the world that are deploying cloud-native apps, we're seeing increased usage of server-less functions in mission-critical environments," CEO John Morello said in a statement. "Our mission is to give customers cloud-native cyber security from top to bottom. With this feature, customers have a single security tool that provides visibility, detection and prevention across the entire topology of their cloud-native apps." Twistlock said the solution is available as part of its Vulnerability Explorer solution, currently available in private beta and expected to be generally available in the fall.

Syncurity IR-Flow Version 4

Syncurity, a security operations and incident response platform company, announced the launch of IR-Flow Version 4 at Black Hat. The new update adds new features that include a Triage Scoring Engine for dynamic risk scoring of alerts, an API Software Developer's Kit for custom software or integrations, and a new Embedded Business Intelligence Engine for dashboards and reporting. The company said these updates will better allow customers to build custom workflows and automation to fit their unique businesses.

ThreatConnect Playbooks

ThreatConnect, a security operations and analytics platform company, announced the addition of Playbooks to its platform to add to its security automation capabilities. The company said the Playbooks can be used to automate security actions across multiple environments in response to security intelligence. The company said this has particular applications for MSSPs, allowing them to better manage security workflows for multiple customers from a single platform, as well as offering customized Playbooks for different customer needs. The Playbooks will be available in Q3 2017, the company said.

Acalvio ShadowPlex-R

Acalvio, an advanced threat defense company, announced on Tuesday the launch of ShadowPlex-R, a new specialized solution based on Acalvio's Deception 2.0 technology to help customers better defend against ransomware. Features of the new solution include detection using deception sensors throughout the network, a scalable and flexible DevOps approach to deployment, and a low impact on IT. The solution integrates with Splunk Enterprise Security.

Mimecast Sync & Recover

Announced in advance of Black Hat, Mimecast Sync & Recover expands the company's email and data security portfolio to include an integrated backup and disaster recovery option for Office 365 and Exchange. The company said this type of solution is particularly important as more companies migrate to Office 365 and need protection against downtime in the event of ransomware or another attack.

"To strengthen their cyber resilience strategy, organizations need to ensure they have a backup-and-recovery capability to help protect email data and maintain business continuity, in case of an incident resulting in data loss," Glenn Brown, senior product manager at Mimecast, said in a statement. "Sync & Recover for Exchange and Office 365 offers organizations a simple, streamlined way to recover deleted or corrupted email, calendar, and contact information by leveraging archive data." The company said the solution will be generally available in August.

NSS Labs CAWS Continuous Security Validation Platform 3.0

NSS Labs announced the launch of CAWS Continuous Security Validation 3.0 at Black Hat. The new version helps companies make more informed decisions about their security products by allowing them to continuously monitor the performance of their security products against new exploits. NSS Labs said this helps companies better understand their security effectiveness, get validation on their security purchases, and identify areas of risk.

Dell Endpoint Security Suite Enterprise

Dell further enhanced its Endpoint Security Suite for Enterprise in advance of Black Hat with the launch of an air gap version of its suite. The launch fills a gap for companies that have highly secure airgap environments, but still need high-quality endpoint security and advanced threat protection. The solution brings together capabilities from Dell's partnership with Cylance, as well as its own file-level data encryption, web protection filtering, and consolidated management and compliance. The launch means Dell Endpoint Security Suite is now available in original mode using an internet connection for cloud communication, an on-premise network mode, and a full air gap mode.

"Highly-regulated organizations and government agencies need to deploy air gap solutions to protect their highly sensitive data, but have been unable to take advantage of the latest security technology that requires cloud connections," Brett Hansen, vice president, endpoint data security and management, Dell, said in a statement. "Dell is responding to their heightened needs by adapting our flagship Endpoint Security Suite Enterprise solution for on-premises, air gap environments – giving these organizations an advanced threat protection solution that has been inaccessible to them before now." Dell said the solution is currently available.


Endpoint security company AppGuard officially launched at Black Hat this year, offering a solution for dynamic isolation and containment of the endpoint, allowing applications and computer systems to continue operating. The launch comes after the company announced $50 million in funding from ANA Holdings and other Japanese companies, as well as the announcement that Hirokazu Higuma, former president of Symantec Japan, and Hirotaka Sakajiri, former regional CTO of Symantec, have joined Blue Planet-works, AppGuard's parent company. The company says it brings a new approach to endpoint security, instead of a traditional detection-based approach offered by other vendors in the space.

illusive networks External Incident API and Risk Metrics Tool

Israeli-security startup illusive networks announced an expansion of its deception technology solution at Black Hat with the launch of the External Incident Application Program Interface (API) and Risk Metrics tool. The new tool helps incident response teams and SOC analysts by centralizing the gathering and processing of incidents, providing forensics in real-time, and facilitating automation and analytics, something the company calls the illusive Attacker View feature. The Risk Insight tool helps companies prioritize incidents and remediation.

"Our API-based capabilities empower the otherwise overburdened SOC and IR teams with richer forensics data, enabling them to anticipate the attacker's next moves and take a more pre-emptive, risk-based approach. Reducing both costs and resources, our new tools and capabilities further assist enterprise teams to mitigate APTs at the earliest opportunity and minimize impact," CEO Ofer Israeli said in a statement.

Digital Guardian Analytics & Reporting Cloud

Digital Guardian announced on Wednesday the general availability of Digital Guardian Analytics & Reporting Cloud. The new subscription solution provides a single agent and management console for DLP, user monitoring, big data analytics and reporting, and threat detection and response. The solution adds to Digital Guardian's already robust set of data protection offerings.

"We are declaring this a new dawn for data loss prevention because we're the first security platform to combine the traditional capabilities of DLP with the contemporary features required for endpoint threat detection and response, all delivered in the cloud," President and CEO Ken Levine said in a statement. "A lot has changed in the security world, but one thing remains the same: Data is the target. We need security solutions that always put sensitive data at the forefront of organizations' security efforts and DG ARC achieves that."

Minerva Anti-Evasion Platform

Endpoint security company Minerva announced at Black Hat that it had enhanced its Anti-Evasion Platform, adding new capabilities to protect against unknown threats. The enhancements include ransomware protection by protecting against data loss, memory injection prevention, and malicious document prevention by blocking malicious actions initiated by document files.

"Instead of relying on previously known patterns, behaviors or signatures, our Anti-Evasion Platform deceives the threat regarding its ability to interact with various aspects of its environment. Our solution blocks the adversary from gaining a foothold on the endpoint, rendering evasive techniques ineffective," Eddy Bobritsky, co-founder and CEO of Minerva, said in a statement. "Unlike other solutions, our deceptive approach to blocking unknown malware doesn't rely on which attack vector it came through. Instead, it simulates an environment where malware would never be able to execute, significantly reducing the organization's endpoint security efforts."