Hundreds of companies and organizations showcased their products and services this week at the 2022 edition of the Black Hat conference in Las Vegas.
To help cut through the clutter, the SecurityWeek team is publishing a digest summarizing some of the announcements made by vendors, including new products and services, updates to existing offerings, reports, and other initiatives.
Canonic Security launches AppTotal API
Israel-based SaaS application security platform Canonic Security has launched AppTotal API. This new API enables security teams to automate and integrate Canonic App Access & Vulnerability Intelligence within their workflows. This should improve productivity as employees can connect their apps to IT systems without worrying about security.
Checkmarx launches API security solution
Application security testing firm Checkmarx has launched Checkmarx API Security. A component of the Checkmarx One platform, API Security aims to provide a comprehensive API inventory that covers zombie and shadow APIs. Capabilities include automatic API discovery, complete API inventory, unknown API identification, and API-centric remediation.
Code42 partners with Nullafi to restrict insider access
Insider risk management firm Code42 has partnered with sensitive data detection and protection company Nullafi. The integration between Code42 Incydr and Nullafi Shield will help detect, intercept and redact specific data across corporate applications and systems. As a result, teams can only access the information required to perform the job — improving the prevention of theft, leakage and inadvertent employee access.
Concentric AI launches autonomous data security posture management solution
Concentric AI has launched an autonomous data security posture management solution designed to protect sensitive data shared as text or attachments across popular business messaging platforms, including email, Slack and Microsoft Teams.
Contrast Security announces enhanced API security capabilities
Contrast Security has announced enhanced API security capabilities within its Contrast Secure Code Platform. The platform helps developers gain visibility into their complete API inventory, write secure API code, secure the API supply chain, and protect APIs from being exploited.
Cycode launches software composition analysis solution
Supply chain security firm Cycode has launched a software composition analysis (SCA) solution and expanded its platform to add static application security testing (SAST) and container scanning capabilities.
Cybersixgill announces vulnerability exploit intelligence solution
Threat intelligence company Cybersixgill has unveiled Dynamic Vulnerability Exploit (DVE) Intelligence, a solution that combines automation, advanced analytics, and vulnerability exploit intelligence to address all phases of the CVE lifecycle. The solution is designed to help organizations prioritize CVEs in order of urgency.
Cybrary launches new SOC Analyst Assessment
Cybersecurity training platform Cybrary has announced SOC Analyst Assessment, a beta tester program geared specifically towards SOC analysts. Cybrary’s SOC Analyst Assessment is an engaging, live lab environment that simulates a typical day in the life of a SOC analyst, teaching users how to separate noise from real threats and develop the skill-based instincts necessary to best protect their organizations.
CrowdStrike introduces AI-powered Indicators of Attack
CrowdStrike has introduced AI-powered Indicators of Attack (IoAs) to its Falcon Platform. The new threat detection and response capability is designed to provide enhanced fileless attack prevention and visibility for stealthy cloud intrusions.
Defiant launches Wordfence Intelligence
Wordfence – Defiant’s WordPress security team – has announced Wordfence Intelligence, a new enterprise-focused product designed to provide web application protection to organizations and hosting providers. Wordfence Intelligence launches with three data feeds that cover malicious IP addresses, PHP malware, and WordPress vulnerabilities.
Flashpoint releases State of Data Breach Intelligence: 2022 Midyear Edition
Flashpoint has released its ‘The State of Data Breach Intelligence: 2022 Midyear Edition’ report. Based on data collected from nearly 2,000 breaches reported in the first half of 2022, the report shows that 60% of incidents were the result of hacking.
IBM launches source code management attack toolkit
IBM has launched a source code management attack toolkit (SCMKit), which allows users to launch simulated attacks against SCM platforms. The toolkit supports attack modules for reconnaissance, privilege escalation, and persistence.
NetSPI launches open source tools PowerHuntShares and PowerHunt
Enterprise penetration testing and attack surface management firm NetSPI has launched two open source tools named PowerHuntShares and PowerHunt. PowerHuntShares inventories, analyzes, and reports excessive privilege assigned to SMB shares on Active Directory domain joined computers. PowerHunt, a modular threat hunting framework, identifies signs of compromise based on artifacts from common MITRE ATT&CK techniques and detects anomalies and outliers specific to the target environment.
NetRise releases XIoT firmware security solution
XIoT security firm NetRise announced the release of the NetRise Platform, a solution providing insights into shared vulnerabilities across XIoT firmware images in an organization. NetRise is a cloud-based SaaS platform that analyzes and continuously monitors the firmware of XIoT devices. The firmware images are then dissected, presenting all of the key data, artifacts, and risk in an easy-to-consume interface.
NetWitness announces upcoming availability of NetWitness Platform XDR 12
RSA Group business NetWitness announced the upcoming availability of NetWitness Platform XDR 12 and the appointment of Ken Naumann as the company’s new CEO. NetWitness Platform XDR 12 features new and enhanced analytics capabilities that can find known and unknown threats even faster, to reduce dwell time, and allow fast response and remediation.
Normalyze announces general availability of freemium offering
Data-first cloud security firm Normalyze announced the general availability for its freemium offering, a self-serve, free platform that democratizes data discovery and classification in public clouds. The freemium offering provides full data discovery, a dashboard that outlines all detected risks, support for all structured and unstructured data stores, and automation workflows.
OPSWAT presents new malware analysis capabilities for OT
OPSWAT has announced new malware analysis capabilities for IT and operational technology (OT). The enhancements include OPSWAT Sandbox for OT, with detection of malicious communications on OT network protocols, and support for open-source third-party tools in the company’s MetaDefender Malware Analyzer solution.
Pentera launches attack-based validation for exposed credentials
Automated security validation firm Pentera launched Credential Exposure, a new module for its platform that allows users to test stolen and compromised credentials against the enterprise attack surface. The new module leverages data from billions of real-world leaked credentials to expose compromised identity threats to internal and external attack surfaces.
Rezilion launches open source vulnerability detection tool
Rezilion has released MI-X, a new open-source CLI tool that can help researchers and developers know if their containers and hosts are impacted by a specific vulnerability. Organizations can use MI-X to identify and establish the exploitability of over 20 high-profile CVEs within their environment, and the tool can easily be updated to include coverage for new vulnerabilities.
SimSpace announces new training platform and partner network
Risk management company SimSpace has unveiled SkillWise, a new training platform that provides a realistic environment to conduct individual and team cyber training exercises.
The company also announced the SimSpace Partner Network, which is aimed at giving channel resellers, service providers and technology alliance partners the toolset to accelerate sales and capitalize on new revenue opportunities.
SentinelOne unveils XDR Ingest
SentinelOne unveiled XDR Ingest, which provides the company’s customers with a limitless data platform to ingest, retain, correlate, search, and action all enterprise security data – real time and historical, from any source.
Tidal Cyber launches community edition of threat-informed defense platform
Tidal Cyber has launched the community edition of its threat-informed defense platform, which enables security analysts to efficiently explore the advanced knowledge of adversary behaviors as defined by the MITRE ATT&CK knowledge base. It also provides additional open-source threat intelligence sources, and a Tidal-curated registry of security product capabilities mapped to specific adversary techniques.
Tenable announces new cloud security features
Tenable announced Agentless Assessment and Live Results, two major updates to its cloud security solution. The new features help organizations remediate vulnerabilities faster and prevent them from being exploited.
Traceable AI updates API security platform
API security and observability company Traceable AI announced platform enhancements designed to address more specific types of API attacks, including API abuse and misuse, fraud, and malicious API bots.
TrustedSite launches Halo Security
Vulnerability scanning and certification provider TrustedSite has officially launched Halo Security, an attack surface management platform designed to provide organizations with full visibility into their internet-facing assets. The solution brings together vulnerability scanning and manual testing to identify risks and help organizations improve their security posture and protect their data from external threats.
Veracode improves Continuous Software Security Platform
Application security testing solutions provider Veracode has announced improvements to its Continuous Software Security Platform, including support for software composition analysis (SCA), a software bill of materials (SBOM) API, and expanded frameworks and languages support for static analysis – with the addition of Rails 7.0, Ruby 3.x, and PHP Symfony.