Security News

The 10 Coolest New Cybersecurity Tools And Products Of 2019 (So Far)

Michael Novinson

July 22, 2019, 08:00 AM EDT

The 10 products and tools making noise in the cybersecurity market have emphasized centralizing security operations and information gathering and using artificial intelligence to reduce noise and limit exposure.

Batten Down The Hatches

See the latest entry: The 10 Coolest Cybersecurity Tools and Products in 2022 (So Far)

Vendors have spent the first half of 2019 advancing protection everywhere from the network to the cloud to mobile devices, debuting consoles that help centralize management, and using artificial intelligence to reduce cyberthreat noise and mitigate threat exposure in cloud infrastructures.

Enhancements to security operations and intelligence were a major area of focus thus far in 2019, with advancements around detecting suspicious behavior, investigating incidents, and migrating applications, data, and business opportunities to the cloud.

Five of the 10 coolest cybersecurity tools and products of 2019 came from companies based on the West Coast, two came from companies based in other parts of the United States, and three came from companies based abroad. Read on to learn how suppliers have gone about making their cybersecurity portfolio even more relevant to the channel.

Check Point Maestro

Check Point Maestro was released in January and allows organizations to easily scale up their existing Check Point security gateways on demand, in the same way that new servers and compute resources are spun up in the public cloud. Maestro enables a gateway to expand to the capacity and performance of 52 gateways in minutes, giving companies flexibility and enabling massive firewall throughput.

Customers using Maestro can scale up their existing gateways of any size within minutes to support more than 50 times their original throughput, Check Point said. It is managed intuitively by Maestro Security Orchestrator, which controls all of an organization's gateway as a single unified security system, minimizing management overhead.

Maestro is the only unified security system that can offer cloud-level resilience and reliability to all organizations, Check Point said. The almost limitless scalability of Maestro enables organizations to support the high data rates and ultra-low latency of 5G networks, and secure the largest, most resource-hungry environments.

Chronicle Backstory

Backstory was released in March, and enables security teams to detect suspicious behavior, perform security incident investigations, and hunt for threats in their networks. The product provides each customer with a private cloud instance for storing its security telemetry, including high-volume telemetry such as DNS traffic, web proxy traffic, and endpoint activity.

It uses a variety of signals and techniques to provide instant analysis of machine or user activity within an enterprise network, according to Chronicle, Alphabet's cybersecurity subsidiary that's set to become part of Google Cloud.

Backstory automatically compares all of an enterprise's files and web activity against public threat intelligence feeds, the full VirusTotal database, and proprietary signals that are only available from Chronicle. When suspicious activity is detected, Backstory notifies customers and can instantly provide a complete picture of the activity.

CrowdStrike Falcon for Mobile

CrowdStrike Falcon for Mobile was released in March and enables security teams to hunt for advanced threats on mobile devices, providing unprecedented visibility into malicious, unwanted, or accidental access to sensitive corporate data, while protecting user privacy and avoiding any impact on device performance.

With Falcon for Mobile, security teams have real-time visibility into the health and security posture of mobile devices in their organization, and are able to immediately identify vulnerable devices. Organizations can for the first time perform proactive threat hunting on mobile devices, leveraging new telemetry types such as mobile network activity, clipboard actions, and peripheral monitoring.

Falcon for Mobile provides enhanced monitoring of enterprise application behavior on Android, giving security teams unprecedented visibility into data that allows them to more quickly uncover malicious activity. And telemetry from traditional endpoints is presented alongside telemetry from mobile devices in a single interface to enable rapid, comprehensive security incident investigations.

CylancePERSONA

CylancePERSONA was released in March and combines continuous biometric behavior and user conduct monitoring to identify suspicious users in real-time to prevent compromises. Its sensors are able to detect and score both malicious and anomalous conduct.

The tool monitors user activity and calculates a Cylance Trust Score; if the user trust score drops below a given threshold, step-up authentication action or suspension can be automatically initiated. CylancePERSONA continuously monitors user behavior with real-time detection of suspicious keyword and mouse actions that could indicate an imposter.

The offering provides real-time monitoring of user actions with instant identification of anomalous user activity to indicate a possible remote account takeover. CylancePERSONA is also able to interrupt user activity automatically upon detection of anomalous or suspicious actions with responses such as user logoff, suspended processes, and step-up authentication.

Forcepoint Converged Security Platform

The Forcepoint Converged Security Platform was released in February and is intended to enable the secure migration of data, applications, and business operations to the cloud, according to the company. The platform makes it possible for CISOs to define, enforce and monitor policies consistently across the security stack in one place, eliminating the gaps and redundancies of managing point products.

The platform hosts a company's complete range of enterprise-class security capabilities, delivering risk-adaptive protection and seamless cloud connectivity anywhere organizations and their users are located, Forcepoint said. It allows for the application of policies that are dynamically tailored to each individual user's actions, reducing security friction and enabling businesses to innovate more rapidly.

In addition, the company said open APIs enable integrations with third-party products, extending Forcepoint's risk-adaptive protection across infrastructure while delivering security efficacy.

Fortinet Secure SD-Branch

Fortinet's Secure SD-Branch offering was released in June and secures the WAN (Wide Area Network) and access edge to enable security-driven networking for distributed enterprises. The tool extends the benefits of SD-WAN to network access, converging WAN and security to increase visibility, reduce complexity, improve performance and agility, and lower overall IT costs at the edge of the network.

The Secure SD-Branch tool is comprised of the FortiGate Next-Generation Firewall, FortiNAC Network Access Control, FortiSwitch and FortiAP Access Points. This unique technology combination provides better integration of LAN (local area network) and WAN platforms and delivers integrated security, simplified management, and a lower total cost of ownership to customers.

Extending firewall security through the access layer helps consolidate security and network access and is a unique architecture ideal for secure SD-branch deployment, Fortinet said. Plus the new FortiNAC 8.6 release increases anomaly detection via traffic scanning by leveraging FortiGate as a sensor, with no additional hardware required at the branch.

IBM X-Force Red Blockchain Testing Service

The IBM X-Force Red Blockchain Testing Service was released in March and evaluates the entire implementation process including chain code, public key infrastructure and hyperledgers. It also tests the backend processes, applications and physical hardware used to control access to and management of the blockchain networks.

IBM X-Force Red evaluates how permissions to access and add information to the blockchain are administered, including password policies, susceptibility to brute force attacks, and the implementation of two-factor authentication. The team also tests for the secure creation, management, and distribution of digital certificates and keys associated with the blockchain network.

Common libraries and component dependency hacking can be tested by X-Force Red during design and implementation to ensure secure dependency signatures and a trust build pipeline. And while smart contracts allow for trustless execution of agreements by parties on the blockchain, IBM said proper penetration testing can still find exploitable flaws in those agreements.

Microsoft Azure Sentinel

Azure Sentinel was released in February and aims to stand out from other SIEM (security information and event management) tools by leveraging the scalability and flexibility of the cloud and by tapping artificial intelligence to reduce cyberthreat noise.

The launch comes at a time when massive volumes of data have created issues for security professionals, who are often too overwhelmed by alerts to focus on solving complex security problems, according to Microsoft. Early partners working with Azure Sentinel include Accenture, Insight and New Signature, Microsoft disclosed.

The use of AI in Azure Sentinel has helped to enable a 90-percent reduction in "alert fatigue" among early users, wrote Ann Johnson, corporate vice president for cybersecurity at Microsoft, in a blog post. Organizations can bring data into Azure Sentinel from Office 365 for free, where it can be analyzed alongside the organization's other security data, Johnson said.

Palo Alto Networks Prisma

Prisma was released in May, and gives customers what they need to consistently govern access, protect data, and secure applications. Palo Alto Networks CEO Nikesh Arora said Prisma is the largest cloud security business in the world with 9,000 enterprise customers and a billings run rate in excess of $250 million.

Prisma Access secures access to the cloud for branch offices and mobile users anywhere in the world with a scalable, cloud-native architecture, blending enterprise-grade security with a globally scalable network. Prisma Public Cloud provides continuous visibility, security, and compliance monitoring across public multi-cloud deployments, correlating data and assessing risk across the cloud environment.

Prisma SaaS is a multi-mode cloud access security broker (CASB) service that safely enables SaaS application adoption by providing advanced capabilities in areas like risk discovery, adaptive access control, data loss prevention, and compliance governance. And VM-Series is the virtualized form of the Palo Alto Networks firewall that can de deployed in private and public cloud computing environments.

Sophos Cloud Optix

Sophos in April unveiled a new tool that provides visibility, automatic compliance regulation, detection and threat response across multiple public cloud environments. Sophos Cloud Optix leverages artificial intelligence to highlight and mitigate threat exposure in cloud infrastructures, building upon the AI capabilities Sophos acquired from startup Avid Secure in January 2019.

A single Sophos Cloud Optix license provides support around development platforms, test QA platforms, and production platforms for up to 100 cloud assets, which can include virtual machines or Amazon S3 storage buckets, said Richard Beckett, senior product marketing manager for Sophos. Customers with large environments beyond 100 cloud assets can obtain multiple licenses, according to Beckett.

Although the live production platform gets a lot of the focus, Beckett said companies that operate in a test environment and use customer accounts within that environment need to address the weakness and organizational risk that poses. Sophos Cloud Optix licenses are available for a one-month or 12-month term, he said, and allow users to run an unlimited number of compliance checks on the platform.