Piiano launches code analyzer
November 29: Piiano has launched code analyzer Flows. The tool is designed to continuously analyze source code during the development process and to track when, where and how sensitive data is being used and stored. Piiano claims the tool finds potential data leaks inside source code and ensures that sensitive information is protected before the code reaches production.
A trial, limited version of Flows will be available for free until the end of 2023. After that the pricing model will depend on the number of scans and number of code repositories.
Skyhawk adds AI-based, autonomous purple teaming to platform
November 28: Skyhawk Security has introduced an AI-based, autonomous purple team to its platform to provide adaptive cloud threat detection and response.
The addition of its Continuous Proactive Protection feature to Skyhawk’s cloud threat detection and response Synthesis Security Platform continuously enhances the protection of a customer’s cloud, the company said in a press release.
According to Skyhawk, the new offering continuously analyzes customer cloud infrastructure, proactively runs attack simulations against it and uses the results to prepare verified detections, validated automated responses and remediation recommendations to ensure the cloud has the most up to date security defenses in place.
This process includes learning and automated adaptation of threat detection to enable security teams to take proactive and adaptive approaches to security strategy. The feature runs an AI-based red team against an AI-based blue team to discover least-resistance paths, simulating attacks against them and using the results to improve security.
Lacework launched gen AI assistant to support alert response
November 28: Lacework launched a generative AI assistant to help security teams respond to alerts from the Lacework platform. Assistive AI is designed to help teams understand why they should look at a particular alert and also offers guidance on how to investigate and address the issue.
The assistant combines the insights generated from Lacework Polygraph machine learning with the assistive technology from LLM’s. Lacework also uses generative AI model services from Amazon Bedrock, experimenting with different models.
Immuta integrates Data Security Platform with Amazon S3
November 27: Data security firm Immuta has introduced native integration between its Immuta Data Security Platform and Amazon’s Simple Storage Service (Amazon S3) object storage service. This integration provides customers with streamlined data access control and security across storage and compute platforms using Amazon S3 Access Grants, a new Amazon S3 access control feature that enables customers to manage data permissions at scale for user identities managed by corporate directories.
“Immuta helps simplify data access and security for data stored in Amazon S3 so users can more safely leverage that data for their analytics and AI initiatives. This, paired with Immuta’s ‘write once, apply everywhere’ policy approach, helps customers democratize and increase data usage while still adhering to global regulations,” CTO Steve Touw said in a press release.
Amazon S3 stores more than 350 trillion objects with over 100 million requests per second to process a multitude of workloads including artificial intelligence and data analytics. The recently added AWS Access Grants feature maps identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3, helping to manage data permissions at scale by granting S3 access to end-users based on their corporate identity.
Trend Micro launches AI assistant
November 27: Trend Micro launched Trend Companion a generative AI tool designed to help analysts save time on manual risk assessment. The company claims the tool explains and contextualizes alerts, triages and recommends customized response actions, decodes and explains complex scripts and command lines, helps analysts develop and execute sophisticated threat hunting queries, and helps incident responders develop OSQuery queries in the IR and forensics module.
The combination of adaptive, model-driven threat alerts in Trend Vision One and Companion’s gen AI capabilities can accelerate incident response times by 30%, reduce incident reporting by up to two hours per report, and drive more complete attack containment, according to Trend Micro.
Sumo Logic adds new features to its platform to better integrate with AWS services
November 27: SaaS analytics platform Sumo Logic has added new features and updates to its platform to expand and accelerate troubleshooting and security across AWS environments.
The new features include Sumo Logic Log Analytics for AWS, which “delivers a curated view and a single pane of glass for monitoring and troubleshooting AWS services easily and effectively,” the company said in a press release. “The zero-configuration solution automatically collects logs and metrics data from 12 core AWS services including EC2, Lambda, ECS, RDS, DynamoDB, API GW, and Load Balancers, in one single step.”
Sumo has also added Cloud Infrastructure Security for AWS, designed to provide insight into active threats, non-compliant security controls, and suspicious activity across complex AWS environments.
The company said it has added several new features to its artificial intelligence and machine language models:
- AI-Driven Alerting uses advanced anomaly detection, machine learning, and intelligent playbooks to reduce the noise of daily alerts and false alarms by highlighting the most critical issues that require immediate attention.
- Global Intelligence for AWS CloudTrail DevOps gives insight into AWS performance and configuration.
- Global Intelligence for AWS CloudTrail SecOps enables the detection of potentially malicious configuration changes in AWS accounts by using a machine-learning model to compare CloudTrail events against a cohort of AWS customers.
Fortanix launches Key Insight hybrid multi-cloud environment risk tool
November 27: Data security firm Fortanix has launched the Key insight as an included capability in its Fortanix Data Security Manager platform. Key insight is designed to discover, assess, and remediate risk and compliance gaps across hybrid multi-cloud environments.
Key Insight provides consolidated insights and control of all cryptographic keys to protect critical data services, the company said in a press release. “Security, cloud and developer teams can collaborate to assess risk posture and remediate compliance gaps consistent with policies, regulatory mandates, or industry standards (NIST, GDPR, PCI, etc.),” Fortanix said.
Wiz brings native AI security capabilities to its CNAPP
November 16: CNAPP vendor Wiz has introduced Wiz for AI Security, which adds native AI security capabilities to its cloud-native application protection platform. It has four main components: AI Security Posture Management (AI-SPM), an AI security dashboard, and AI extensions for Wiz’s Data Security Posture Management (DSPM) and Attack Path Analysis capabilities.
AI-SPM is designed to mitigate the risk of shadow AI by providing visibility into all resources and technology in an organization’s AI pipeline. The company claims it can detect AI services across cloud services, SDKs, and AI technologies such as AWS SageMaker, GCP Vertex AI, and Azure Cognitive Research.
By extending DSPM to AI, Wiz aims to identify and protect AI training data in the cloud by providing out-of-the-box controls. Attack paths that risk data leakage or poisoning can then be removed.
Attack Path Analysis can now assess AI pipeline risk across vulnerabilities, identities, data, misconfigurations, and more. Those risks can then be correlated on the Wiz Security Graph and potential attack paths can be removed.
Wiz’s new AI security dashboard is intended to help AI developers understand their AI security posture. It provides a prioritized list of risks as well as an AI inventory and known AI SDK vulnerabilities.
IONIX adds exposure management features to its attack surface management platform
November 16: IONIX has announced the launch of Threat Exposure Radar, which the company calls the first threat exposure management capability. IONIX will integrate the new technology with its attack surface management (ASM) platform. IONIX claims that Threat Exposure Radar provides a unified view of exposure to threats across the enterprise including cloud, on-premises, SaaS, and third-party systems.
The new solution consolidates security findings into a single view with two options: a radar-like visualization and a summary table from which users can drill down for more explanation or instructions for mitigating the exposed assets. Data is color-coded to highlight urgent items needing attention.
Living Security announces Human Risk Operations Center
November 15: Living Security has announced the Human Risk Operations Center (HROC), a combination of the security operations center (SOC) security awareness and training, and governance, risk, and compliance (GRC) teams. HROC is powered by the company’s Unify platform and aggregates and correlates employee behaviors using data from an organization’s existing security tools.
The company claims it offers one pane of glass with real-time visibility into a company’s riskiest people, departments, and programs. This helps SOC and GRC teams plan next actions and measures the impact of improving policies and behaviors. It supports API integrations for some of the most popular security tools including CrowdStrike, Microsoft, Proofpoint, and Zscaler.
HROC is available now and can be deployed in existing Security Operations Centers or as a standalone offering worldwide, and it is priced based on the size of the organization.
SecureAuth announces new release of Arculix access management and authentication platform
November 15: SecureAuth has released a new version of its Arculix access management and authentication platform. The new release includes enhancements to its Orchestration Engine and improved integration with some Citrix applications and Microsoft Entra ID (formerly Azure). Orchestration Engine improvements include a no-code, drag-and-drop environment to more easily integrate and deploy identity services. Administrators can customize the end-user identity lifecycle including registration, verification, authentication, and post-authorization. Orchestration Engine is available to customers who use the premium version of Arculix, which is sold on a per-user/monthly active user basis.
By integrating with Citrix through its Device Trust solution, Arculix can provide what SecureAuth promises to be a “frictionless login experience.” Arculix can now authenticate users directly against Microsoft Entra ID, allowing for pass-through authentication.
Sophos adds three new threat detection and response solutions
November 14: Cybersecurity-as-a-service vendor Sophos has announced three new solutions and capabilities designed to protect against active threats. Sophos Firewall v20 software with Active Threat Response will identify, stop, and block attacks without the need to add firewall rules, according to the company. The new version also integrates with Sophos’s Zero-Trust Network Access (ZTNA) gateway, which allows secure remote access to applications behind the firewall. The company has also enhanced the network scalability of Sophos Firewall to support distributed environments, and it has improved ease-of-use management.
Sophos Extended Detection and Response (XDR) and Managed Detection and Response (MDR) customers now have access to Sophos Network Detection and Response (NDR) with XDR. Sophos NDR scans network activity for potentially malicious traffic patterns.
Finally, Sophos has enhanced its XDR solution with more third-party integrations to connect security data across multiple sources for faster detection and response, according to the company. Security operations and analyst workflow and case management features have also been improved to better filter alerts and provide visibility from a single console.
OneSpan adds passwordless authentication to its DigiPass Authenticator line
November 14: Digital agreements security company OneSpan has announced an enhancement to its Digipass Authenticators line. DIGIPASS FX1 BIO enables passwordless authentication via a physical passkey and fingerprint scan. The company claims this combination of biometric authentication and public-key cryptography will help companies meet compliance requirements, reduce phishing and other social engineering attacks, and improve the user experience. DIGIPASS FX1 BIO is based on the FIDO standard.
Stream Security announces Cloud Twin cloudsecops platform
November 14: Stream Security (formerly Lightlytics) has announced three new features for its Cloud Twin engine, a cloud security operations (cloudsecops) platform that can help detect and investigate threats and exposures in their cloud environments. The company claims it can now map cloud dependencies in real-time rather than periodically, allowing security and operations teams to better cooperate to address security gaps.
The new features, which will be automatically available to existing customers, are:
- Azure integration: Cloud Twin now supports Microsoft Azure, which Stream Security claims allows it to model all the possible paths and traffic between different cloud platforms.
- Vulnerability correlation: The platform can help security teams prioritize efforts by correlating vulnerabilities with their exploitability level.
- Threat anomaly detection: Cloud Twin now has threat anomaly detection capabilities to identify malicious behavior and unauthorized access.
Kasada launches KasadaIQ attack prediction services
November 14: Threat detection and management firm Kasada has launched a new attack prediction platform designed to counter bot fraud. The KasadaIQ suite debuted with its first service, KasadaIQ for Fraud, with plans to add more capabilities in the future.
KasadaIQ for Fraud is designed to provide businesses with insight into how bots target digital channels and customer data by offering visibility into non-traditional data sources and adversary communities through the “capability to detect attacks before they happen and confirm threats that would otherwise go undetected,” the company said.
Core functions of KasadaIQ for Fraud include:
Unconventional sourcing: Kasada monitors activity within non-traditional sources — including resale marketplaces, fraud groups, proxy providers, account generation groups, and hosting providers.
Early warnings: Kasada’s analysts first identify and vet current and emerging threats within its data system, then send out advance alerts.
Bot acquisition and analysis: Kasada secretly purchases bots in circulation and extensively analyzes how they work.
Stolen credential analysis: Kasada purchases and evaluates stolen credential sets from criminal marketplaces to help the customer remedy security gaps and online fraud.
Dedicated analyst hours: Customers receive a set amount of analyst hours for Kasada to investigate what’s most relevant to their needs, such as intel on fraud groups or reverse-engineering attacks.
Professional services: Kasada will scope custom requirements and provide expert guidance on how to best achieve the desired outcomes.
Cycode debuts ConnectorX with application security posture management capability
November 14: Application security posture management (ASPM) provider Cycode has launched its click-and-consume third-party ASPM connector platform ConnectorX and announced significant enhancements to its risk intelligence graph (RIG) for risk-based prioritization. The platform aims to foster improved collaboration between security and development teams. It includes more than 40 software development lifecycle integrations, including the introduction of support for Wiz and Black Duck.
The Cycode platform provides companies with the choice to use its native ASPM tools or maximize investments in their existing AppSec tools. Companies can plug in any AppSec solution and “within minutes,” gain accurate, real-time visibility into their security posture, according to the company.
DirectDefense ThreatAdvisor 3.0 aims to streamline security operations with SOAR technology
November 14: Information security services company DirectDefense has launched ThreatAdvisor 3.0, a major update to its proprietary security orchestration, automation, and response (SOAR) platform. ThreatAdvisor 3.0 is designed to improve the speed, efficiency, and accuracy of DirectDefense’s Security Operations Center (SOC), the company said in a press release.
The platform offers customized continuous security monitoring and management, automates manual processes, and includes an extensive knowledge base for compliance, security events and mitigation techniques. ThreatAdvisor 3.0 integrates with other solutions to provide a single interface for threat management with more data and better context, the company claims. The platform collects and processes vulnerability and asset data from several sources and compiles them into a holistic view of an organization’s security posture, supporting penetration testing, operational technology (OT) and industrial control systems (ICS) assessments, vulnerability management, managed detection and response (MDR), compliance assessments, and enterprise risk management.
Lacework Code Security expands coverage to full application lifecycle
November 14: Cloud security firm Lacework has added the Code Security product to its infrastructure-as-code (IaC) suite to unify code and cloud security with the aim of allowing enterprises to innovate and deliver secure cloud-native applications with increased speed.
Lacework Code Security introduces two forms of static program analysis — software composition analysis (SCA) targeted at third-party code in customers’ repositories, and static application security testing (SAST) targeting first-party code. The Lacework platform now encompasses code as it is written, infrastructure as code, containers, identity and entitlement management, and runtime across clouds.
Lacework added that customers will have access to always-up-to-date software bills of materials (SBOMs) for every application and continual visibility into their software supply chain, as well as an understanding of open-source license risk.
Palo Alto Networks updates Cortex XSIAM
November 13: Palo Alto Networks has announced Cortex XSIAM 2.0, an updated version of its existing product that now has a command center, MITRE ATT&CK Coverage Dashboard and bring your own ML (BYOML) among other updates.
The new features are:
- XSIAM Command Center: With a more user-friendly design, XSIAM Command Center offers a comprehensive overview of SOC operations, including visibility into all data sources being consumed by XSIAM, security alerts and incident information, such as the number of resolved or open security incidents.
- MITRE ATT&CK Coverage Dashboard: This is designed to allow mapping coverage directly to MITRE ATT&CK, providing detailed visibility of detection and prevention coverage across tactics and techniques into the MITRE ATT&CK framework.
- Bring your own ML: For organizations that want to build their own custom ML model, XSIAM ingests complete security data across hundreds of supported sources to enable better out-of-the-box AI/ML analytics. SOCs can use this to create and customize ML models as well as integrate their own models.
- Contextual in-product help assistant: Access to product help and documentation without the need to navigate out of the product.
- New security protection: Improve detection and protection coverage capabilities with new modules for early detection of threats targeting macOS ransomware, Kubernetes(K8s) and master boot records (MBRs).
- Network detection (NDR) coverage: Expand the network coverage of the endpoints with over 50 new detectors covering generic and specific protocol-based threat detection.
- Advanced Local Analysis for macOS and Linux: Provides enhanced coverage for local analysis of macOS and Linux file systems, leveraging ML models to provide accurate and adaptive responses to evolving threats.
- Free text search: A simplified search that enables analysts to query the entire security data set, without the need to craft specific XQL queries.
- New attack surface management (ASM) policies: New ASM policies added to the existing library of over 700 policies.