Zero trust security management, extended detection and response (XDR), and a host of other threat and vulnerability management offerings were among the top products and services launched at Black Hat USA 2022 this week in Las Vegas.
Black Hat is an annual global conference of security professionals, enthusiasts and vendors, serving as a stage for innovation in the cybersecurity field. The exhibition and conference is conducted annually in locations in the US, Europe, Asia and the Middle East, with Las Vegas typically being the biggest event. Here below are some of the more interesting product announcements that took place at the show this week.
Checkmarx API Security
Checkmarx API Security, available now, is a new application in the Checkmarx One application security platform. The application goes beyond monitoring APIs already deployed in production, and addresses security issues early in the software development lifecycle, according to Checkmarx. Key features include the ability to automatically identify API endpoints; discovery of newly created or updated APIs as source code is checked in or compiled by developers; automatic comparison of an application’s APIs with its documentation in order to identify unknown APIs; and remediation capabilities designed to let security professionals and developers prioritize remediation of API vulnerabilities and OWASP (Open Web Application Security Project) risks.
Cybereason: Cybereason MDR
Cybereason MDR is a managed detection and response mobile application designed to give security personnel SOC-like control capabilities that allow them to reduce the mean time to remediation by suspending an attack’s lateral movement. The application uses a malicious operation (MalOp) detection engine to generate detailed intelligence for an active hacking operation, how it maps to the MITRE ATT&CK framework, and its threat level. Cybereason MDR Mobile app will be available later this month on both Appstore and Playstore.
Cycode: new supply chain security features
Software composition analysis (SCA), static application security testing (SAST), and container scanning are the latest capabilities in the new update to the Cycode supply chain security management platform. All new components will add to Cycode’s knowledge graph, which structures and correlates data from the tools and phases of the software development life cycle to allow programmers and security professionals to understand risks and coordinate responses to threats. A key function of the knowledge graph includes the ability to coordinate security tools on the platform to do tasks such as identifying when leaked code contains secrets like API keys or passwords, in order to reduce risk.
Dynatrace: Runtime vulnerability monitoring
Support for vulnerability detection and protection across runtime environments including Java Virtual Machine (JVM), Node.js, and .NET CLR, has been added to the Application Security Module in the Dynatrace software and infrastructure monitoring platform. Additionally, Dynatrace has extended its support to applications running in Go, a fast-growing, open-source programming language developed at Google. The enhancements are aimed at ensuring better risk assessment, prioritization, and remediation of threats and is scheduled to be available within 90 days.
Mimecast: Mimecast X1
Mimecast X1 is the latest update to Mimecast’s namesake email and business communications security platform, offering greater insights on how people collaborate, and more advanced protection. Mimecast X1 will include four key improvements over earlier versions: machine learning capabilities for more enhanced detection of emerging and unknown threats; new context-based data analytics, allowing for cross-correlational analysis of new threats; an API ecosystem to allow integration with existing security systems including SIEM (security information and event management), SOAR (security orchestration, automation, and response), EDR (endpoint detection and response), and XDR products; and what the company calls a service fabric—a cloud-native system designed to insights into user behavior that can help accelerate threat detection and response.
NetRise: IoT threat detection
NetRise has launched its first product, also called NetRise—a cloud-based SaaS application offering insights into shared vulnerabilities across XIoT firmware images in an organization. XIoT, or extended internet of things (IoT), refers to all physical and software assets that an organization has connected to the internet. The new product is aimed at providing complete visibility into all the IoT products used within an organization by continuously monitoring firmware to identify vulnerabilities, compliance adherence, software bill of materials (SBOMs), misconfigurations, and overall risks. Through a recent partnership with Fortress Information Security (FIS), NetRise hopes to bring its new firmware analysis platform to FIS’ existing global customers.
Mi-X is a free open-source tool by Rezilion designed to enable the cybersecurity community to evaluate whether a certain vulnerability is exploitable. Available now as a download from the Github repository, it is a command line interface (CLI) tool that can help researchers and developers know whether their containers and hosts are impacted by a specific vulnerability, allowing organizations to prioritize their remediation plans. Rezilion says that Mi-X functions by first identifying and establishing the exploitability of a known critical CVE and then goes on to provide a detailed view of the criteria of exploitability, and area of exploitation.
Sentinel One: XDR Ingest
XDR Ingest is a free tool for Sentinel One’s Singularity XDR (extended detection and response) customers, designed to ingest, retain, correlate, search and take action on all enterprise security data, both real-time and historical. XDR Ingest, available now, provides customers with data unification and an alternative to the costs and limitations of traditional SIEM products, the company said. XDR Ingest is powered by Sentinel One’s DataSet data analytics application, aiming to provide an integrated data analytics engine for log data of all types at petabyte scale.
Sysdig: CDR (cloud detection and response)
Sysdig’s CDR (cloud detection and response) is a cryptojacking-protection offering designed to protect against unauthorized use of computing resources to mine cryptocurrency. Sysdig CDR curates rules based on machine learning algorithms to detect hidden and ignored threats and gain improved visibility into containers. Sysdig says that the machine learning algorithms used are trained to recognize cryptocurrency mining patterns, and avoid unexpected cloud fees from hijacked mining. CDR is already available to existing and new Sysdig Secure customers at no additional cost.
Syxsense: Syxsense Zero Trust
Syxsense Zero Trust is a new application within Syxsense’s family of security and endpoint management products that aims to enable endpoint compliance with zero trust network access (ZTNA) policies. The new application advertises improvements over traditional endpoint products with the ability to evaluate device health, ensure granular policy compliance, and automate risk compliance, according to Syxsense. Additionally, it streamlines visibility into endpoints through a single software agent and provides custom policy configuration parameters for each individual corporate asset. Syxsense Zero Trust will be available for purchase in late September 2022.
Tidal Cyber: Community Edition
Tidal Cyber has released a free community edition of its SaaS-based, threat defense Tidal Platform. Key capabilities include: adversary behavior search designed to let security analysts rapidly investigate ATT&CK (adversarial tactics, techniques, and common knowledge) threat elements; a product registry, listing vendor-provided security product capabilities that can be used against specific adversary behaviors; knowledge base labels, which can be used by security personnel to explore the relationships between the threat objects that are most relevant to their organization; and custom-set techniques, meant to allow security experts to group specific techniques and subtechniques together with custom labels, in order to track and communicate new threat research. The Tidal Cyber Community Edition can be downloaded from www.tidalcyber.com/communityedition