Hundreds of companies are showcasing their products and services this week at the 2022 edition of the RSA Conference in San Francisco.
To help cut through the clutter, the SecurityWeek team is publishing a daily digest summarizing some of the announcements made by vendors. The daily summaries will include new products and services, updates to existing offerings, reports, and other initiatives.
Armis has unveiled an end-to-end risk-based vulnerability lifecycle management solution named Asset Vulnerability Management (AVM). AVM is an add-on module for Armis’ platform that is designed to provide a complete view of assets and vulnerabilities, risk-based prioritization, security automation and orchestration, and functionality for tracking vulnerability mitigation efforts. The company says AVM covers the entire attack surface, including IT, OT, ICS, IIoT and cloud.
Data intelligence firm BigID has launched its pay-as-you-go cloud data security platform SmallID. The new solution provides organizations of all sizes with cloud-native data privacy and protection, to help them reduce attack surface and improve security posture, discover shadow and dark data, and automatically identify and classify their data by sensitivity, type, regulation, policy, and more.
Cisco has described its new Security Cloud strategy, whose goal is to provide a cloud-based platform for connecting and securing organizations. The networking giant has also announced enhancements across its security portfolio, including for secure access, secure edge, and secure operations. In addition, the company has introduced a new unified Secure Client that aims to simplify endpoint management.
The Cloud Security Alliance (CSA) has released a new report named “CISO Perspectives and Progress in Deploying Zero Trust.” A survey of more than 800 IT and security professionals found that 80% of C-level executives view Zero Trust as a priority, 94% are in the process of implementing a Zero Trust strategy, and 77% are increasing their budget for Zero Trust over the next 12 months.
CrowdStrike has described several new product capabilities. One of them is Humio for Falcon, which significantly extends data retention for Falcon telemetry in an effort to enhance customers’ threat analytics and hunting abilities. The company also announced new Falcon XDR capabilities that are designed to simplify security operations. It also introduced Asset Graph, a new graph database that can provide organizations with better visibility into their attack surface.
Cynet has launched Automated Response Playbooks for its automated XDR platform. With these playbooks, security alerts are automatically investigated and remediated as part of the 360 AutoXDR platform at no additional cost. The goal is to reduce alert investigation and response time for overwhelmed security teams.
Deepwatch has expanded the capabilities of its managed detection and response (MDR) platform with managed extended detection and response (MXDR). Deepwatch MXDR is a new service that provides automated threat response in an effort to accelerate containment.
DNSFilter has announced the availability of Data Export, a new feature designed to help enterprises accelerate threat detection and response by automating the export of DNS query log data to SIEM and security monitoring solutions to be aggregated, analyzed, and actioned with multiple data sources.
Fortinet has unveiled FortiRecon, a digital risk protection service that leverages machine learning, automation and FortiGuard Labs experts to help companies protect their reputation, assets and data. FortiRecon provides external attack surface monitoring, brand protection, and threat intelligence.
Forgepoint Capital has surveyed more than 100 CISOs from large enterprises and SMBs to learn about their priorities and what they’re working on in 2022.
Juniper Networks has expanded its SASE offering with Cloud Access Security Broker (CASB) and advanced Data Loss Prevention (DLP) capabilities. These improvements should help prevent unauthorized access to data in the cloud, expand visibility, and protect SaaS applications.
Mandiant has launched a digital risk protection solution that provides information on an organization’s attack surface and potentially problematic activity on the deep and dark web. Mandiant has also announced the general availability of Advantage Digital Threat Monitoring, a new module available within Mandiant Advantage and a key driver of the new digital risk protection solution.
Investment and advisory firm NightDragon and nonprofit organization NextGen Cyber Talent announced the Coalition to Close the Cybersecurity Talent Gap, an effort to raise $1 million to fund cybersecurity education for Bay Area students pursuing careers in cybersecurity. With support from more than 25 cybersecurity and technology organizations, the Coalition has raised over $300,000 to date, funds that will be distributed to students at participating Bay Area community colleges.
The MITRE Corporation announced the introduction of “System of Trust,” a free and open platform that offers a new knowledge base of supply chain security risks, as well as a security risk assessment process.
Delivering a proactive approach to finding and mitigating threats, the System of Trust details 14 risk areas for organizations to evaluate, and contains more than 2,200 specific supply chain security risk questions. The framework scores and ranks risks to help identify strengths and weaknesses, and offers a common vocabulary that can be understood across suppliers, supplies, and services.
Behavioral analytics firm Neosec launched ShadowHunt, a threat hunting service focused on identifying API abuse. The new capability enhances the Neosec cloud-based platform to help organizations identify threats in business API traffic by automatically and continually identifying all APIs in use, evaluating risk posture, and monitoring for user behavioral anomalies. The ShadowHunt service also provides monthly reports summarizing findings and delivering news of API threats identified across different companies.
Optiv introduced its new Cyber Recovery Solution (CRS), which identifies and prioritizes the protection of critical assets through automated backup of business-essential data, systems, and applications. The solution supports a vaulted air-gapped backup solution, enables the quick recovery of data through custom playbooks, minimizes the impact of a cyberattack, and helps organizations ensure business continuity in case of an incident.
Pindrop announced it has expanded its voice verification capabilities to provide improved authentication performance. The company says its technology can now provide demographic insights, predicting age range and spoken language, to better route callers and identify potential security threats, while also detecting intentionally deceptive callers to warn if the voice doesn’t match that of the enrolled user. The solution also includes spoof detection and allows organizations to build custom data fields that can be used for policy creation, fraud investigation, and case management.
Qualys has unveiled Vulnerability Management, Detection and Response (VMDR) 2.0, a new cloud-based solution that provides insights into an organization’s risk posture, as well as the ability to use drag-and-drop workflows to orchestrate responses. VMDR 2.0 should become available in late June.
Data protection provider Virtru has introduced OpenTDF, an open source project that provides developers with the necessary tools to build applications for governing sensitive data. OpenTDF can be used to protect personal health information (PHI), cryptographically redact content within documents, secure IoT sensor data against spoofing, and build end-to-end encrypted messaging applications. The project also features Apache Kafka integration, which enables the protection of data event streams.
Wiz has announced two new features: Wiz Cloud Detection and Response (CDR), which enables cloud security teams to quickly identify threats, and Wiz Advanced Control, which leverages attack path analysis to identify critical risks. New Wiz data shows that enterprises have, on average, 200 critical cloud issues that could result in a breach.