Putting Users In The Driver’s Seat
See the newest entry: 20 Hottest Cybersecurity Products At RSAC 2022
Vendors are taking advantage of RSA Conference 2021’s bright spotlight to launch new offerings, features, platforms and tools that will define the industry for months and years to come. Security management received a lot of attention at the show, with platforms launched that bring together threat intelligence, threat hunting, asset management, incident response, and data remediation.
Outside of security management, some of the common areas for innovation this year included security awareness training, data categorization, network security, and application protection. CRN broke out three of the most popular areas for new product development – zero trust security, cloud security, and extended detection and response (XDR) – into their own standalone slide show.
From streamlining incident investigation and response to continuously inventorying known and unknown assets to fusing together security awareness training, phishing simulation and account takeover monitoring, here’s a look at 15 hot cybersecurity products announced at RSA Conference 2021.
CrowdStrike Falcon Fusion
CrowdStrike Falcon Fusion streamlines incident investigation, response and remediation capabilities with repeatable and consistent workflows, helping security teams get the right coverage with accuracy and speed. SOC analysts can define real-time active response workflows using an intuitive graphic user interface, along with customizable triggers based on detection and incident categories.
Falcon Fusion allows for the building of consistent and customizable workflows using intuitive no-code logic or custom code options for faster active response. Meanwhile, easy-to-use workflow automations reduce the need to switch between different security tools and tasks while improving the efficiency of security team operations, allowing them to focus on more business critical strategic tasks.
Organizations can speed up incident triaging and incident response with Falcon Fusion by configuring custom actions and notifications based on contextual insights from managed workloads and endpoints. Falcon Fusion also frees up skilled resources and improves cost efficiency by building and scaling workflows on demand employing no-code automation to create repeatable and reliable processes.
Arctic Wolf Managed Security Awareness
Arctic Wolf Managed Security Awareness combines fully managed security awareness training, phishing simulation and account takeover monitoring that’s delivered as a concierge service. It’s intended to make it fast and easy for all security teams, including those who don’t have an IT or cybersecurity function, to add a security awareness and training program.
The offering includes security awareness microlearning that prepares employees to stop social engineering attacks with continuous training to recognize current threats, avoid scams, and understand the importance of reporting mistakes. Account takeover monitoring, meanwhile, reduces risk with immediately notification when employee credentials are found on the dark web.
The phishing simulation capabilities measure and reinforce employee awareness with automated assessments and phishing simulations based on real-life attacks. And turnkey content delivery engages employees by deploying timely content with high production value and a vision of building academic-level programming rigor.
Qualys CyberSecurity Asset Management
Qualys CyberSecurity Asset Management continuously inventories known and unknown assets, discovers installed applications, and overlays business and risk context to establish asset criticality. The offering also identifies unauthorized, end-of-life, or end-of-service software, the absence of required security tools, and assesses the health of the attack surface.
CyberSecurity Asset Management enables response options with threat alerts and software removal, delivering regulatory reporting in support of FedRAMP, PCI-DSS and other mandates. The product classifies, categorizes and groups all IT assets including software, on-prem devices and applications, mobile, endpoints, cloud, containers, OT and IoT to provide a single source of truth for asset inventory.
CyberSecurity Asset Management applies in-context security data including attack surface visibility, authorized and unauthorized software, asset criticality and business attributes to provide a clear security perspective around IT inventory, Qualys said. The tool also utilizes configurable rule-based alerts to automatically notify interested parties of at-risk assets, according to Qualys.
ReversingLabs Malware Lab
ReversingLabs Malware Lab offers a unified threat detection and analysis infrastructure that enterprises can quickly implement and integrate across digital business, development, SOC and threat hunting processes. Consumed in a hybrid cloud delivery model, companies gain immediate access to split-second binary and threat analysis, safe file storage for malware, a data lake for metadata threat analytics.
Using ReversingLabs Malware Lab, organizations are able to quickly rationalize disjoined open source modules and expensive security tool sets to gain a new level of centralized security visibility and insights. It gives security teams the ability to improve processes with a centralized escalation point, universal service team and streamlined auditing response, according to Reversing Labs.
The ReversingLabs Malware Lab centralized workbench supports malware investigation, workflows, and threat hunting across all major platforms and file types. The platform also offers consolidated threat detection rulesets for use in optimizing detection and threat hunting, as well as technology and workflow integrations to facilitate the collection, analysis and enrichment of files.
Text IQ for Privacy
Text IQ for Privacy automatically identifies and categorizes personal and sensitive information from both structured and unstructured sources, enabling redaction and deduplication before presenting the findings for human review. It is designed to meet the numerous privacy-protection requirements that enterprises face today while at the same time filling business needs around collecting and storing data.
The product includes data categorization to accurately identify sensitive information and eliminate manual data mapping, as well as discovery and redaction to accurately identify personal information and reduce disclosure risk.
The data breach response capabilities automatically deduplicate and associate data to entities, thereby reducing response time by 50 percent. And the DSAR (data subject access request) fulfillment automation capability meets aggressive request deadlines and reduces manual review by 75 percent, according to TextIQ.
Digital.ai Essential App Protection
Digital.ai Essential App Protection prevents apps from running in unsafe environments while providing timely intelligence into how, when and where apps are being attacked. It provides the visibility needed for security and DevOps teams to make intelligence decisions about the level of type of application protection needed, ensure that organizations can quickly scale app protection to apps in their portfolio.
The product allows companies to act on timely intelligence into compromised devices with targeted follow-on response and protection updates. Digital.ai Essential App Protection also detects and prevents app instances running in unsafe environments like rooted or jailbroken devices and debuggers.
Digital.ai Essential App Protection makes it more difficult for attackers to review and analyze decompiled app code for useful information like IP, trade secrets or security vulnerabilities. Plus threat insights remove the guesswork out of pinpointing where and how an application is being attacked, Digital.ai said.
Cisco Umbrella Enhancements
Cisco Umbrella unifies SWG, CASB, DNS-layer security, firewall and RBI to help customers centrally manage protection for all users and locations from a single dashboard. Umbrella’s new remote browser isolation (RBI) provides an extra layer of defense against browser-based attacks by allowing high risk users to safely browse websites while protecting devices and corporate networks.
Cisco’s SD-WAN fabric has also been extended into Umbrella for fast, reliable, and secure access to apps, making it easy to apply cloud security across thousands of locations. As a result, businesses can now inspect traffic and protect sensitive data with SSL decryption at a scale not possible with on-premises hardware.
In addition, Umbrella’s cloud-delivered firewall now includes intrusion prevention system (IPS), which uses signature-based detection to examine network traffic flows and prevent vulnerability exploits. As a result, organizations can now create firewall policies that analyze outbound traffic flows and take automated actions to catch and drop dangerous packets before they reach their target.
myNuspire consolidates an organization’s entire technology stack into a single pane of glass to give CISOs and security analysts a crystal-clear picture into the security program and posture of their organizations in real-time. It provides customers with actionable threat intelligence specific to their organization’s industry and size, ensuring customers have the knowledge they need at their disposal.
myNuspire also helps organizations understand if they technology is operating the way it should, identify gaps that will advance their security program to the next level, and identify where to spend their money to get the best return on their investment.
The product makes the CISO onboarding process easier, allowing new hires to get a full understanding of the organization’s security posture so they can quickly architect actionable next steps or necessary modifications to bolster security. With the average tenure of a CISO amounting to just 18-24 months, Nuspire said it’s looking to make the CISO job more manageable and less chaotic to reduce burnout.
BigID Security Apps
BigID launched three new security apps to empower enterprises to efficiently make critical changes to data processes by automating data remediation, data retention and risk reduction of overexposed and over-privileged crown jewel data. The BigID Data Remediation App reduces exposure and allows for easy management of remediation activities like deletion, archiving, and quarantining.
The BigID Data Retention App enables policy-driven retention efforts to achieve compliance and automate data lifecycle management. With this app, organizations can: manage retention policies, finding, and violations; leverage out of the box retention policies to decide what data to keep and for how longer; and apply data retention policies consistently across structured and unstructured data.
Meanwhile, the BigID Access Intelligence App helps secure over-privileged crown jewel data, delivering next-gen file access management for an organization’s most sensitive and critical data. With the app, customers can manage risk by access types, direct users, internal and external users across Office 365, GDrive, AWS S3, and more.
Devo Content Stream
The Devo Content Stream gives security teams instant, continuous access to pre-built alerts and threat intelligence that can be operationalized in seconds. Devo Security Operations is the first Devo applications to leverage this new capability, continuously receiving threat intelligence and curated alert content provided by Devo and its partners.
As new threats emerge, Devo customers will automatically receive new detections and threat intelligence and be able to put this content into action immediately. No longer will security teams need to build their own alerts or manually curate threat intelligence to keep pace with new and developing threats, according to Devo.
Devo Content Stream will allow security teams to spend less time on writing searches and more time on higher value activities like triaging, investigating, and responding to threats.
Eclypsium Enterprise Device Integrity Platform
The Eclypsium enterprise device integrity platform extends visibility and security beyond traditional endpoints to include network and unmanaged devices that can impact overall security posture. This includes traditional network gear like switches, routers, VPNs, application delivery controllers and network-attached storage devices, as well as personal and unmanaged devices on the same network.
Distributed discovery of network and unmanaged devices by Eclypsium-managed endpoints removes the blind spots represented by connected but unchecked devices, the company said. The product also conducts an automatic risk analysis of network infrastructure devices down to the firmware layer, with switches, routers, and VPN gateways assessed to identify critical vulnerabilities exploited in the wild.
An authenticated firmware integrity analysis of supported network devices with the Eclypsium enterprise device integrity platform assures that firmware has not been compromised. Plus a comprehensive dashboards of endpoints, servers, and unmanaged enterprise devices allows organizations to see their entire estate as well as associated risks.
JumpCloud Protect is a one-touch multi-factor authentication offering that makes it easy for IT administrators to deploy and enforce MFA without adversely impacting end users. Available for iOS and Android devices, JumpCloud Protect enables simple and efficient ‘touch to verify’ functionality for employees when accessing corporate IT resources authenticated by the JumpCloud Directory Platform.
The product allows employees authenticating into protected apps and resources to verify themselves directly from their corporate-issued or BYOD mobile device, JumpCloud said. It also offers alternate time-based one-time password token-generating capabilities for any JumpCloud authenticated resources or users’ personal online accounts requiring second factor verification.
JumpCloud Protect also extends beyond the JumpCloud user portal and cloud applications to protect: on-premise applications; Mac, Windows, and Linux desktops; VPN and wireless networks; and servers. The offering is including with all the company’s packages at no extra cost, according to JumpCloud.
Palo Alto Networks Next-Generation ML-Powered Firewalls
Palo Alto Networks’ two new hardware firewalls expand protection up to the hyperscale data center, internet edge and campus segmentation deployments and down to a desktop form factor. The PA-400 series is built for the distributed enterprise and offers up to ten times more performance with security services and decryption enables as compared with the previous generation.
The PA-400 Series offers easier and flexible deployment, including zero touch provisioning to simplify rollout to tens, hundreds or thousands of branches, Palo Alto Networks said. It also offers a quiet, compact design with multiple mounting options for a range of scenarios such as desktop, rackmount, and wall mount.
Meanwhile, the PA-5450 secures traffic which is almost fully encrypted today and is purpose-built to apply decryption and machine learning-powered security to stop zero days as well as known threats. The firewall offers 120 Gbps performance with security services enabled, which Palo Alto Networks said is four times the performance of the previous generation.
Cisco Network Security Enhancements
The new Cisco Secure Firewall Cloud Native is first available for AWS, and leverages Kubernetes for orchestration, auto-scaling, auto-healing, and real-time responsiveness to microservices changes. Secure Firewall can now enable the SecOps team to pivot instantly from an event seen in the firewall to the SecureX platform that correlates threats across the Cisco Secure portfolio.
Cisco’s new Secure Managed Remote Access relieves customers of day-to-day remote access support so that they can focus their time on more strategic tasks for the organization. Meanwhile, the company’s Threat Defense 7.0 enables robust policies in environments where fixed IP addresses don’t exist by leveraging Microsoft Azure, VMware, and AWS tags through the dynamic attribute connector.
Threat Defense 7.0 also bring Snort 3 to the Cisco Secure Firewall Management Center, which improves threat defense by making it possible for organizations to maintain performance while running more rules. It also support on-prem and cloud-based Cisco Security Analytics and Logging and advanced threat analytics on logs, according to Cisco.
ServiceNow-Microsoft SecOps Integration
ServiceNow and Microsoft’s new SecOps integrations are designed to help security operations teams make smarter decisions around security, planning, management, and incident response. Integrating Microsoft Teams with ServiceNow Security Incident Response streamlines and improves collaboration on critical security incidents through automated setup of dedicated Teams channels, ServiceNow said.
Meanwhile, integrating SharePoint with ServiceNow Security Incident Response centralizes the evidence gathered by Teams during critical security incidents by automating the creation of SharePoint folder structures. The artifacts created by the different incident response groups are consolidated for visibility in the major security incident case record, according to ServiceNow.
Finally, the integration of Microsoft Threat & Vulnerability Management with ServiceNow Vulnerability Response ingests asset information, vulnerabilities, and recommendations by prioritizing vulnerabilities using asset and business context to drive remediation workflows. Remediation owners are able to take action on the highest risk items using pre-populated solution details to improve a company’s posture.