Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
To help cut through the clutter, the SecurityWeek team is publishing a daily digest summarizing some of the announcements made by vendors. Here is a roundup of some of the most important new product, service and research announcements made on the second day of the event, as well as some announcements we missed from the first day.
Action1 announces free vulnerability assessment
Vulnerability discovery and patch management automation firm Action1 is offering a service that allows organizations to conduct an enterprise-wide free one-time assessment of software vulnerabilities, enabling them to assess their susceptibility to known vulnerabilities and make informed decisions on their security posture.
Abnormal Security expands Account Takeover Protection and launches AI Security Mailbox
Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and centralize compromised account detection and remediation across identity, collaboration, and cloud infrastructure applications. The company has also launched AI Security Mailbox, an AI-powered coworker that promotes security awareness through real-time conversations between employees and an AI security analyst, while also automating the triage and remediation of user-reported emails.
Aiden announces new capabilities for discovering and remediating Windows vulnerabilities
IT automation solutions provider Aiden Technologies has announced new security features designed to help organizations discover and address Windows vulnerabilities. The features alert organizations of critical and high-severity vulnerabilities in their software, provide remediation mapping, and enable IT and security teams to track remediation progress.
AppViewX launches certificate lifecycle management platform
Automated certificate lifecycle management (CLM) and PKI solutions provider AppViewX has launched AVX ONE, a SaaS-based CLM platform for PKI, IAM, security, DevOps, cloud, platform and application teams. The new platform provides visibility, automation and control capabilities for certificates and keys, enabling governance and remediation.
AppOmni launches Zero Trust Posture Management
SaaS security posture management (SSPM) firm AppOmni has announced Zero Trust Posture Management (ZTPM), a solution designed to provide visibility and monitoring into the configuration, security posture, and user behaviors within SaaS applications. It also enables granular access and configuration management, ensuring mandatory SSO, MFA, and least privilege configurations are enforced.
BigID announces hybrid scanning and security and risk management of AI data
Cloud-focused data security firm BigID has announced dual (hybrid) scanning technology that can help organizations better discover, manage, and protect cloud data. The technology combines side-scanning and direct scanning techniques. The company also announced new capabilities for the security and risk management of AI data, providing complete visibility and assessments into AI model data, access, and associated risks.
Cato Networks publishes CTRL SASE Threat Report Q1 2024
SASE company Cato Networks has published its CTRL SASE Threat Report for Q1 2024, which shows that all enterprises continue to run insecure protocols across their WAN. The report also shows that zero-days do not pose the biggest threat to organizations, and many threats are industry specific.
Cloudflare launches new risk management solutions
Cloudflare has announced Cloudflare for Unified Risk Posture, a suite of risk management capabilities that enable the discovery and mitigation of threats across applications, data loss or exposure, and human error. The capabilities are available at no additional cost.
Claroty releases new CPS data and exposure management solution
Claroty has released new data revealing that traditional approaches to vulnerability management overlook 38% of the riskiest cyber-physical system (CPS) assets. To help address these risks, Claroty has launched a complete built-for-purpose CPS exposure management solution that enables organizations to minimize their attack surface by prioritizing the most immediate threats.
CrowdStrike launches Falcon for Defender
CrowdStrike has announced the launch of CrowdStrike Falcon for Defender, a product that augments Microsoft Defender deployments to stop missed attacks. A part of the Falcon XDR platform, Falcon for Defender is deployed alongside Microsoft products, elevating the security posture of endpoints running Defender.
Cranium launches AI Exposure Management
AI security and trust software firm Cranium has launched AI Exposure Management, a solution designed to help organizations protect and secure internal and third-party AI solutions. Cranium AI Exposure Management enables organizations to identify vulnerabilities in AI infrastructure and helps read teams discover new threats, create protection strategies, and harden AI systems.
Critical Start launches free peer benchmarked risk assessment tool
MDR firm Critical Start has announced free Quick Start Risk Assessments designed to help organizations better understand their security maturity. A 15-question guided survey evaluates the security maturity of an organization, provides peer benchmarking, and delivers actionable insights through dashboards and reports.
Dynatrace announces Kubernetes security posture management solution
Observability and security firm Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities. The new KSPM offering strengthens cloud-native application protection in the Dynatrace platform, providing DevSecOps, security, platform engineering, and site reliability engineering teams a solution for security posture and compliance.
Eclypsium announces new gen-AI assessment capabilities
Eclypsium has unveiled new gen-AI assessment capabilities for its Supply Chain Security Platform. The new capabilities help secure the gen-AI tech stack through support for NVIDIA hardware and popular gen-AI foundation models. The new capabilities allow users to continuously monitor and remediate risks in popular NVIDIA hardware used to train gen-AI models.
Flexxon introduces X-PHY Server Defender
Hardware cybersecurity firm Flexxon has introduced X-PHY Server Defender, a standalone and fully independent cybersecurity module that enables full-stack monitoring and defense from the hardware and firmware layers. The solution also introduces full system reversion in the event of a breach. Server Defender is available through an early access program.
Forcepoint unveils ONE Data Security
Forcepoint has presented ONE Data Security, an enterprise-grade cloud-managed solution designed to simplify data protection. The new SaaS solution provides unified management for endpoint and multi-channel cloud data security.
Fortra launches cybersecurity platform
Fortra has unveiled its cybersecurity platform, which unites solutions such as Fortra Cloud Email Protection, Fortra XDR, and Fortra Vulnerability Management. Fortra Data Protection will be added later this year. Fed by data from security products, the Fortra platform can detect attacks, aggregate and correlate them using AI to recognize patterns, and help customers mitigate risk.
Forescout expands threat intelligence-sharing program and publishes vulnerability research
Forescout Technologies has announced the expansion of its threat intelligence-sharing program. The company has also published a vulnerability research report that shows nearly 90,000 flaws are without a CVE identifier. It also shows that more than 2,000 vulnerabilities have been exploited in malicious attacks.
Graylog announces major TDIR platform release
Threat detection and incident response (TDIR) firm Graylog has announced the release of Graylog Security 6.0. The updated solution provides intuitive and cost-effective threat detection and incident response capabilities designed to help customers address cybersecurity challenges without the complexity and high costs associated with traditional SIEM platforms.
HCLSoftware launches HCL AppScan Supply Chain Security
HCLSoftware has launched HCL AppScan Supply Chain Security, an active application security posture management platform designed to help organizations improve the security of their software supply chains.
Hunters introduces OCSF-native search
SOC company Hunters has announced its full adoption of the Open Cybersecurity Schema Framework (OCSF). The firm is also sharing 100 mappings of security logs to the OCSF schema. It also announced the launch of an OCSF-native search capability designed specifically for SOC analysts and threat hunters.
Liongard unveils managed attack surface solution
Attack surface management (ASM) firm Liongard has unveiled a managed ASM solution for SMBs and enterprises. The solution combines its ASM platform with the expertise of its global managed IT service partner network, providing comprehensive visibility, protection and resources against cyber threats.
Legit Security announces new AI supply chain security capabilities
Application security posture management firm Legit Security has announced new capabilities that allow customers to discover unsafe AI models, providing actionable remediation steps to reduce AI supply chain security risk.
LogicGate unveils AI governance solution
GRC company LogicGate has announced a new AI governance solution designed to enable customers to govern and manage the implementation and usage of AI technology throughout their organization using compliance, cyber risk and third-party capabilities.
New Relic launches Secure Developer Alliance
Observability platform New Relic has launched Secure Developer Alliance, with FOSSA, Gigamon, Lacework, Aviatrix, and Opus among the first to join. The alliance provides pragmatic research, education, and guidance to implementing observable security, giving members access to the New Relic observability platform and its cloud-native security tools.
NetRise adds Vulnerability Exploitability eXchange (VEX) support
XIoT security firm NetRise has added support for Vulnerability Exploitability eXchange (VEX) documents to its platform. VEX documents are commonly found alongside SBOMs and allow software, firmware, and device developers to convey whether an asset is affected by a particular vulnerability.
OX Security unveils Attack Path Reachability Analysis
Application security posture management (ASPM) firm OX Security has unveiled Attack Path Reachability Analysis, along with SaaS BOM and API BOM features. The new features provide enterprises with insights into software supply chain risks originating from code, APIs, and cloud environments.
Palo Alto Networks announces new AI security and security operations solutions
Palo Alto Networks has announced new solutions powered by Precision AI, a proprietary AI system that combines machine learning, deep learning and generative AI to ensure real-time security and safety. The new solutions — AI Access Security, AI Security Posture Management and AI Runtime Security — enable companies to safely adopt AI. The company also announced Cortex XSIAM, a SOC platform that is also powered by Precision AI.
Relyance AI launches Asset Intelligence and Data Security Posture Management
Relyance AI has released Asset Intelligence and Data Security Posture Management, a DSPM solution that brings together asset-level visibility and lineage to all sensitive enterprise data in the context of contractual and regulatory obligations. The solution enables organizations to see where data is stored at a fine-grain level, why it is stored there, who has access to it, and what risks exist with how it is being processed.
RSA announces identity security product enhancements
Identity security firm RSA has announced product enhancements, including capabilities needed to meet advanced NIST CSF 2.0 tiers, and passwordless authentication improvements. The company also launched its 2024 RSA ID IQ Survey, which asks users to assess their organization’s identity security architecture, quantify the costs of identity-related data breaches, and predict AI’s cybersecurity potential.
runZero publishes inaugural research report
ASM firm runZero announced the inaugural edition of the runZero Research Report, which explores the state of asset security across global enterprises. The report looks at attack surface increase due to IT/OT convergence, outlier devices, the lack of network visibility, end-of-life products, zero-day attacks, and authentication protocols.
Salt Security launches AI-infused API Security Protection Platform
API security firm Salt Security has launched an API Security Protection Platform powered by Pepper, the company’s LLM. Pepper has been used for years to stop API-based attacks and has now been extended to the continuous API discovery and posture assurance steps in the API Security lifecycle.
SentinelOne launches Purple AI
SentinelOne has unveiled Purple AI, a chatbot that provides expert analysis to augment the skills of security teams. Purple AI also provides anomaly detection, automated alert triage, response recommendation, investigation, and threat intelligence capabilities.
Safe Security adds third-party risk module
Risk management firm Safe Security has announced a new third-party risk module (TPRM). Safe TPRM is the latest addition to the SAFE One platform that takes a risk-based approach using outside-in questionnaire, and inside-out telemetry to quantify risk in a defensible manner.
Carnegie Mellon University SEI launches new tool
The Software Engineering Institute at Carnegie Mellon University has announced the release of a DevSecOps tool. Called Polar, it has been described as an observability framework that provides a comprehensive picture of a software system’s deployment platform, unlocking data that is captured by disparate tools within an organization.
Sentra expands data security capabilities
The Sentra data security platform now includes DataTreks, which provides security teams insight on data similarity and movement across the entire data estate through an interactive contextual map view. The company also announced that its platform can now classify and detect sensitive data in on-premises environments for file shares and databases.
Theori launches security posture management solution
Offensive cybersecurity firm Theori has launched Xint, a unified security posture management solution designed to streamline and automate security operations across cloud and hybrid environments. Xint integrates cloud security, external threat detection, and an AI engine to provide a unified and detailed view of cloud environments and external threats.
Trellix enhances Database Security
XDR firm Trellix has unveiled an enhanced Database Security, designed to protect sensitive data in widely used database types, including legacy databases, while supporting compliance initiatives. Database Security provides activity monitoring, vulnerability manager and virtual patching capabilities.
Utimaco expands Trust as a Service marketplace and launches partner program
Utimaco has expanded its Trust as a Service marketplace with new features and deployment options. A new general purpose Hardware Security Module (HSM) as a Service allows customers to reduce capital and labor costs without the need for a dedicated server room, secure environment setup, or data center selection. The company has also announced the launch of its u.nity partner program.
Varonis adds AI prompt monitoring to prevent malicious Copilot activity
Data security firm Varonis has added prompt monitoring to its Microsoft 365 Copilot security offering. This new feature allows security teams to investigate risky prompts, responses, and sensitive file references directly within the Varonis platform.
XDR firm Vectra AI has expanded its AI Platform to protect enterprises from new threat vectors introduced by gen-AI tools. The platform’s Attack Signal Intelligence uses behavior-based AI to defend against threat actors abusing gen-AI.
Veriti develops solution to map CVEs and security configurations to MITRE ATT&CK
Veriti has developed a solution for mapping CVEs and security configurations to the MITRE ATT&CK framework. This approach automates the entire vulnerability management lifecycle, significantly accelerating the detection, prioritization, and secure remediation of threats.
Zscaler teams up with Google and publishes VPN risk report
Zscaler has collaborated with Google on a zero trust architecture with Chrome Enterprise. The solution combines Zscaler Private Access, which enables zero trust secure access to private applications, with the threat and data protection capabilities of Chrome Enterprise Premium. Zscaler has also published its annual ThreatLabz VPN Risk report, which reveals that a vast majority of organizations are concerned about VPNs leading to a breach.
