Fortinet launches Wi-Fi 7-enabled secure networking solution
January 17: Network solutions provider Fortinet has announced what it claims to be the first secure networking solution integrated with Wi-Fi 7. Forti-AP 441K is a Wi-Fi 7 access point, and FortiSwitch T1024 supports Wi-Fi 7 bandwidth requirements with 10 gigabit Ethernet access and 90W Power over Ethernet (PoE) technology. Both are part of the Fortinet Secure Networking solution and integrate with AIOps and FortiGuard AI-Powered Security Services. Wi-Fi 7 is the latest wireless technology designed to support wireless devices running data-heavy applications.
Salt Security adds API posture governance to its API Protection Platform
January 17: API security firm Salt Security has enhanced its API Protection Platform, including the addition of an API posture governance engine, an API filtering and querying capabilities, and improved behavioral threat response capabilities. The API posture governance engine helps organizations to create corporate standards for API posture and assess compliance with those standards, industry best practices, and regulatory requirements. The company claims it will keep API lifecycle stakeholders in sync and ensure security standards are followed throughout the API lifecycle. New API filtering and querying capabilities allow for better API asset discovery and management while providing details about their purpose, usage patterns, and risks. Enhanced behavioral response will allow SecOps teams to better prioritize, triage, and analyze API-related security events, according to Salt. Other enhancements include better sharing of API intelligence and enterprise onboarding and operationalization improvements.
Living Security announces Unify Power Insights for risk operations
January 17: Human risk management firm Living Security has launched Unify Power Insights, which is intended to provide visibility into which employees are most vulnerable to risks such as phishing, account compromise, malware, or data loss. It does so by gathering intelligence data from multiple sources such as identity management and security tools. According to Living Security, Unify Power Insights allows security teams to observe grouping of user behavior and detect spikes in risky activities. The solution also provides suggestions to mitigate those risks.
Savvy launches Identity-First Security to manage IAM permissions
January 16: SaaS security platform provider Savvy has announced Identity-First Security, which is designed to discover risks associated with combinations of identity access management (IAM) permissions, user behavior, and business context. According to Savvy, Identity-First Security allows organizations to identify risks such as rogue administrators, compromised accounts, shadow identities, shared accounts, incomplete offboarding, and more. The solution also provides automated playbooks that set “security guardrails” that encourage users to mitigate risks before they become security incidents, the company claims.
GTT Communications brings Fortinet SASE to its MSSP offering
January 16: Managed network and security service provider GTT Communications now offers secure access service edge (SASE) capabilities powered by Fortinet. This includes Fortinet’s zero trust network access (ZTNA), firewall-as-a-service, cloud access secure broker (CASB), and secure web gateway (SWG) solutions, all working alongside GTT’s Managed SD-WAN offering. The Fortinet solutions are deployed within GTT’s network infrastructure and all traffic is maintained on the company’s global IP backbone. GTT claims this will reduce latency, jitter, and packet loss as well as improve availability.
Wiz AI-SPM now available for the OpenAI platform
January 11: CNAPP provider Wiz has announced an OpenAI SaaS connector that extends support for its AI-SPM AI security tool to the OpenAI API platform. The tool provides OpenAI developers with visibility into their OpenAI pipelines and allows them to better mitigate risks across the cloud and OpenAI via the Wiz Security Graph, the company claims. Security teams can now have visibility into new training jobs that AI developers create in a single view. AI-SPM also allows for attack path analysis to detect risks. The Wiz OpenAI SaaS connector for AI-SPM is available now.
Dasera adds Microsoft 365 to its data security posture management platform
January 10: Data security posture management (DSPM) firm Dasera has expanded its platform to include protections for Microsoft 365. This allows greater visibility of data across OneDrive, SharePoint, and Teams, according to the company, allowing organizations to better identify and manage sensitive data. With its DSPM platform, Dasera claims the enhancement will help optimize privacy processes using its policy engine as well as assess risk from files shared in Microsoft 365 apps.
Cohesity Cloud Services now supports Microsoft Azure workloads
January 9: Cohesity Cloud Services (CCS) has added support for Microsoft Azure workloads, specifically the backup and recovery of Azure virtual machines (VMs) and Azure SQL databases. The new Azure VM capabilities within CCS include backup and recovery of an entire VM in place or to an alternate location, region, or resource group, and support for Azure VM backup using private endpoints with a shared access signature. CCS Azure SQL database capabilities include full backups on a customizable schedule, automated backups, portability of SQL databases to and from the cloud, and immutable backups stored outside the tenant.
TitanHQ announces PhishTitan anti-phishing solution
January 9: Cloud-based email security solutions provider TitanHQ has launched PhishTitan Integrated Cloud Email Security (ICES). The solution works within Microsoft 365 to scan internal and external email messages. It has native and API-based integration with Exchange Online Protection (EOP) and Microsoft Defender. The company claims that PhishTitan ICES will block and remediate business email compromise, account takeover, VIP impersonation, and zero-day threats. The product is available now.
SpecterOps adds Active Directory Certificate Services protection to BloodHound Enterprise
January 9: SpecterOps has updated its BloodHound Enterprise (BHE) platform with new attack paths for Microsoft Active Directory Certificate Services (ADCS). The BHE platform is designed to remove identity attack paths in Microsoft Active Directory and Entra/Azure AD. The new ADCS attack paths focus on common misconfigurations that allow attackers to steal certificates, achieve account persistence, and gain control over Active Directory domains, according to the company.
LogRhythm releases updates to LogRhythm SIEM and LogRhythm Axon
January 4, 2024: LogRhythm has updated its self-hosted LogRhythm SIEM and cloud-native LogRhythm SaaS SIEM platforms. Enhancements to the former include more support for onboarding new Beats and Open Collectors from a single location, simplified Windows event log onboarding, improved analyst workflows while reviewing alarm notifications, and an expanded library of supported log sources. Enhancements to LogRhythm Axon include a new interactive single investigation screen that provides contextual case insights with drill-down of log sources and security analytics; an improved assisted search feature that suggests recent searches, search lists, and search queries; a new collector for Microsoft Office 365 Management API, and more efficient Axon Agent management for on-premises data collection.
Valimail launches Align to meet Google and Yahoo email authentication requirements
January 4, 2024: Valimail, a provider of DMARC, automated authentication, and anti-phishing solutions, has released Valimail Align, which is designed to validate compliance status for new sender authentication requirements from Google and Yahoo. Starting in February, Gmail and Yahoo bulk email senders will be required to authenticate outgoing mail or risk being blocked. Valimail claims that Align checks for alignment between the SPF and DKIM email protocols to meet the new requirements. Valimail’s automation suite can then be used to reach compliance in a matter of days, according to the company.
Mitiga announces Investigation Workbench to assess cloud and SaaS incidents
December 19: Mitiga has added Investigation Workbench to its line of cloud and SaaS incident response solutions. The company claims its new tool will provide more clarity on all multi-cloud and SaaS activities through a single view. Investigation Workbench, part of Mitiga’s IR2 cloud investigation and response automation (CIRA) platform, is designed to give security operation center teams visibility into chains of events across their cloud and SaaS environment. According to Mitiga, this allows for faster and simpler determination of materiality of a cyber event so that they can respond appropriately.
Kasada enhances it bot defense platform
December 19: Bot management firm Kasada has enhanced its bot defense platform and claims it can now better defend against the latest methods attackers use to evade detection. New features include randomized and dynamic defenses across its architecture to make them harder to bypass, machine language anomaly detection, integrity checks on client-side data collection, and attack analytics for classification, drill-down, and filtering. The new enhancements are available now to all Kasada customers.
AI-powered AskOmni bot designed to assist with SaaS security
December 19: SaaS security posture management (SSPM) firm AppOmni has introduced AskOmni, which it describes as an AI-powered SaaS security assistant. AskOmni works with the AppOmni SaaS security platform to allow natural language queries for common SaaS security decisions. Its generative AI technology helps security administrators to more quickly identify and remediate issues, the company claims. Other features include an context-sensitive chat interface and notifications, risk assessment, real-time threat intelligence, and automated code generation for issue resolution. AskOmni is now available as a tech preview and will be rolled out in phases during 2024
Safe Security adds module to assist in SEC Compliance
December 13: Safe Security has added a module to its platform to assist with achieving compliance with SEC reporting requirements. Safe Security, a specialist in AI-driven cyber risk management, said the SAFE Materiality Assessment Module will âenable security and risk leaders to achieve SEC compliance by estimating and tracking materiality of cyber incidents.â
The company said in a press release that the module is based on a tunable factor analysis of information risk (FAIR) materiality assessment model (MAM). âSAFE Materiality Assessment Module allows organizations to model estimated financial losses from top risk scenarios with FAIR-MAM to cost-effectively target security or cyber insurance investments,â said COO Pankaj Goyal. âThis allows them to leverage the insights to prepare for the probable financial impact to follow. The SAFE Materiality Assessment Module is a game-changer for security and risk leaders.â
Telaeris announces RTLS emergency mustering system
December 13: Telaeris, a provider of handheld solutions for physical access control systems, has announced its XPressEntry Real-Time Location Systems (RTLS) Emergency Evacuation Mustering system. Powered by HID’d Bluetooth Low-Energy (BLE) beacons and gateways, the new product provides an automatic way to account for badged workers and visitors in emergency situations. Strategically placed BLE beacons keep track of badge locations, while gateways are placed at designated emergency assembly areas, so the system knows the location and identity of missing persons.
Google Cloud announces general availability of Duet AI in Security Operations
December 13: Google Cloudâs Duet AI in Security Operations is now generally available. Announced earlier this year at the RSA Conference, Duet AI in Security Operations can search through large data sets using natural-language queries, automatically generate summaries about case data and alerts, and provide context and recommendations for remediation.
Duet AI in Security Operations is included with Google Cloudâs Security Operations Enterprise and Enterprise Plus packages. Google Chronicle customers will have free access to Duet AI until March 5, 2024.
Perception Point launches security awareness training program
December 13: Threat prevention provider Perception Point said it has launched a new security awareness training program for its customers that will be integrated into its Advanced Email Security product. The program is intended to help organizations counter advanced social engineering attacks by focusing on employee behavior and tailoring cybersecurity training to specific needs, the company said in a press release. The training program leverage services from training services provider DCOYA and offers behavior-centric security awareness training to counter cyberattacks including advanced social engineering.
âThe program leverages machine learning algorithms to seamlessly integrate best practices from behavioral psychology and marketing methods, automating training that is tailored to the specific needs of each employee,â the company said. âThis reduces the likelihood of successful cyberattacks, data breaches, and other malicious activities.â
AI-powered analytics incorporated into Zscaler
December 12: Cloud security provider Zscaler has added Business Insights, an AI-driven analytics tool, to its Business portfolio. Business Insights will enable organizations to curtail SaaS sprawl and optimize office usage to improve workplace experience while saving money, the company claims.
The company said it has also incorporated enhancements to the wider portfolio include new AI-powered innovations within its Zscaler Risk360 and Zscaler Digital Experience Monitoring products. The additions were documented in a company blog.
Qmulos introduces real-time, data-driven compliance automation and auditing updates
December 12: Compliance, security, and risk management automation provider Qmulos has announced the general availability of its Q-Compliance V4.4.0 and Q-Audit V3.7.0 platforms. âThe latest releases of both products add seamless workflow and ticketing capabilities to enable customizable processes for organization-specific security and compliance investigations, escalations, and approvals,â the company said in a press release.
Q-Compliance V4.4.0 introduces customizable system authorization workflows designed to provide organizations with streamlined authorization requests and approvals for their continuous authority to operate process, the company said. Q-Audit V3.7.0 includes alerting capabilities with ticketing workflows to provide real-time insights and actionable steps to fortify defenses against insider threats and other malicious activities. More information was made available on the companyâs blog.
Censys adds threat-hunting tiers and enhancements
December 12: Threat-hunting intelligence platform Censys has added two new product tiers to its search tool, Censys Search Solo and Censys Search Teams. The additions are part of a series of strategic initiatives to enhance the security community, including the introduction of threat-hunting boot camps, the Censys Beta Workshop and significant upgrades to product infrastructure, the company said in a press release. Each tier is available month-by-month or on an annual basis, Censys said.
“Empowering the threat intelligence community is one of Censys’s biggest priorities, and with these two new product tiers, we can continue to help researchers enhance their threat hunting work, no matter the size of their team,â said Censys CEO Brad Brooks.
Descope Fine-Grained Authorization enables granular access control
December 12: Descope has launched an update to its authentication and user management software as a service platform by combining roles with relationships to create flexible access control.
With Descopeâs SDKs and APIs, Fine-Grained Authorization (FGA) can define and assign permissions based on relationships between entities, enabling them to set up authorization systems that can match the nuances of their business. FGA allows organizations to add relationship-based access control (ReBAC) capabilities to their applications.
The new functionality allows organizations to define a schema listing out the types of entities and the possible relationships that exist within their app; store the schema so that it can be queried, managed, and updated as relationships evolve; build out relationships between specific entities based on the existing schema; and add checks within the app that can refer to the defined relationships before making authorization decisions.
Nedap launches Access AtWork SaaS access control system
December 11: Nedap has launched a software-as-a-service (SaaS) access control system called Access AtWork that the company claims will provide âcompanies looking to replace their outdated on-premises systems with modern and easy-to-use software that provides better insights with less effort and smaller investment.â
The new system will assist small to medium-size enterprises wanting in managing physical access across multiple sites, Nedap said in a post on its website. It operates on an authorization model that enables administrators to manage access based on hierarchical teams and zones. The solution is GDPR compliant and includes such security measures as redundant and secure hosting of data in certified datacentres within the European Union.
Fortinet adds Gen AI assistant to SIEM, SOAR platforms
December 11: Fortinet has added a generative AI assistant, Fortinet Advisor, to its FortiSIEM security information and event management solution and to FortiSOAR the security orchestration, automation, and response offering. According to Fortinet, Advisor is designed to help SecOps teams investigate and remediate threats faster.
Fortine Advisor features include interpreting security alerts and generating summaries, helps analysts by accepting natural language queries and returning useful results, suggests threat remediation plans and helps to generate playbook templates translating processes to actionable plans. The assistant will be continuously updated by Fortinet AI and product specialists with the latest threat information.
Nimbus-T Global introduces Nimbus-Key ID & Authentication System
December 11: Nimbus-T Global has added its Nimbus-Key ID & Authentication to the companyâs line of identity and authentication products. It is an enterprise-level passwordless authentication solution that uses a dynamically encrypted Nimbus-Key ID. Each user gets their own global ID, which the system verifies using know-your-customer (KYC), AI, and biometrics methods.
Qrypt and Los Alamos National Labs develop quantum random number generator
December 7: Qrypt and Los Alamos National Labs (LANL) have developed Qryptâs Quantum Random Number Generation (QRNG), which will be part of Qryptâs cloud-based Quantum Entropy and Quantum Key Generation services by helping generate âtrueâ quantum randomness. Qrypt and LANL use photon bunching to advance provable QRNG by meticulously filtering out classical noise, isolating the quantum effect essential for determining the system’s minimum entropy, according to Qrypt.
Netskope completes roll out of Localization Zones
December 7: Netskope has completed the rollout of Localization Zones to its NewEdge security private cloud, first introduced in February 2023. It provides a localized experience for over 220 countries and territories. The localization zones enable better digital experience as if going direct-to-net. It also provides native language and localized content support for websites, as well as access to geo-fenced content and applications, even if there is no in-country data center.
Coro 3.0 combines EDR, SASE, and email security into a single platform
December 6: Coro has launched its 3.0 version of its modular cybersecurity platform. Aimed at midmarket companies, Coro 3.0 has 14 integrated modules including endpoint detection and response (EDR), secure access service edge (SASE), email security, data governance, next-generation firewall (NGFW), and DNS filtering.
The company claims its new platform protects six key enterprise domains: cloud apps, endpoints, email, sensitive data, network, and users. All the modules can be managed and monitored through a single dashboard. Communication among the modules is handled by an AI-driven data engine that, according to Coro, automatically remediates threats and surfaces only the most critical events.
Coro sells each module individually or in bundles. Each module starts at $4 per user, per month. The cost for all 14 modules starts at less than $18 per user, per month.
Genetec announces new version of Security Center
December 5: Unified security, public safety, operations, and business intelligence provider Genetec has released a new version of its flagship Security Center platform, moving it to a continuous delivery approach.
The update adds new features including mapping enhancements, including a new map widget for dashboards and improved zoom behavior and configuration enhancements for authentication services. The company said it plans to release more features for Security Center throughout 2024 to enable advanced workflow activities.
Application security training provider Security Journey adds industry standard support
December 5: Coding and AppSec training provider Security Journey has added industry standard support capabilities to its platform. The company says itâs platform now includes support for Web Content Accessibility Guidelines (WCAG), System for Cross-Domain Identity Management (SCIM) and continued compliance with SOC2 Type 2.
âThe new capabilities mean large enterprises can now provide application security education to their development teams from a platform that meets security, global accessibility, and automated user provisioning requirements,â Security Journey said in a press release.
These features ensure that in-depth training programs are provided to all learners including those who are sight and hearing-impaired, streamline user access and lifecycle management, and provide additional assurances on the rigorous security of the platform.
Cloudbrink adds firewall-as-service to zero-trust access platform
December 5: Cloudbrink has added firewall-as-a-service (FWaaS) to its zero-trust access solution that it says enables admins to set granular controls according to static and dynamic properties of end-users and their devices.
The company, which provides zero-trust application connectivity for hybrid workforces, claims that offloading remote-user security functions improves the stability of existing firewalls and the network performance experienced by remote users.
âExisting firewalls were never designed with a large work-from-anywhere workforce in mind,â Cloudbrink CEO Prakash Mana said in a press release. âOur FWaaS takes care of the remote users, leaving the existing firewall to do the jobs it was intended for — such as Layer 3 protection against DDoS attacks. If youâre only using a firewall to protect a remote workforce, the Cloudbrink service can replace it altogether.â
Cloudbrinkâs FWaaS static properties include rules about what resources or applications can be accessed by individuals and the company said it plans to release dynamic properties covering device compliance as well as extended reporting capabilities enabling security and networking teams to spot anomalies based on user behavior and opportunities to tune application performance.
Varonis launches automated security for data in multi-cloud environments
December 5: Varonis has updated its cloud-native platform to help customers continuously discover regulated data, remediate misconfigurations and excessive access, and stop attacks on data in services such as Azure Blob and AWS S3, RDS, and unmanaged databases in EC2.
The update was designed to improve usersâ access to a centralized overview of data and cloud security posture. It also aims to help discover and classify sensitive data stored in Azure Blob and AWS databases; identify and remediate exposure risk through excessive access, misconfiguration, and third-party applications; and monitor activity to detect and investigate threats across the cloud ecosystem.
Databarracks launches cloud-based recovery landing zone
November 30: Databarracks launched Jump-Start, a preconfigured, cloud-based disaster recovery landing zone. By using infrastructure as code, resources, networking, security, and governance can be activated for recovery.
Databarracks claims that deploying the disaster recovery in the cloud through infrastructure as code means itâs isolated, secure and unaffected by issues to production. âRecovery is accelerated because we bring the backups and the recovery environment together,â Databarracks MD James Watts said in a statement.
The benefit, according to the company, is that there is no need for alternative hardware available or a recovery site.
Uptycs announces Cross-Cloud Anomaly Detection Engine
November 29: Uptycs announced its Cross-Cloud Anomaly Detection Engine, which is, according to the company, capable of analyzing billions of events in near-real time. The tool helps identify potential breaches on workloads running on AWS and hybrid multi-cloud environments.
Uptycs uses machine learning techniques and correlates anomalies with MITRE Engenuityâs ATT&CK Evaluations: Enterprise detections to minimize the time to detect threat behavior.
Piiano launches code analyzer
November 29: Piiano has launched code analyzer Flows. The tool is designed to continuously analyze source code during the development process and to track when, where and how sensitive data is being used and stored. Piiano claims the tool finds potential data leaks inside source code and ensures that sensitive information is protected before the code reaches production.
A trial, limited version of Flows will be available for free until the end of 2023. After that the pricing model will depend on the number of scans and number of code repositories.
Skyhawk adds AI-based, autonomous purple teaming to platform
November 28: Skyhawk Security has introduced an AI-based, autonomous purple team to its platform to provide adaptive cloud threat detection and response.
The addition of its Continuous Proactive Protection feature to Skyhawkâs cloud threat detection and response Synthesis Security Platform continuously enhances the protection of a customerâs cloud, the company said in a press release.
According to Skyhawk, the new offering continuously analyzes customer cloud infrastructure, proactively runs attack simulations against it and uses the results to prepare verified detections, validated automated responses and remediation recommendations to ensure the cloud has the most up to date security defenses in place.
This process includes learning and automated adaptation of threat detection to enable security teams to take proactive and adaptive approaches to security strategy. The feature runs an AI-based red team against an AI-based blue team to discover least-resistance paths, simulating attacks against them and using the results to improve security.
Lacework launched gen AI assistant to support alert response
November 28: Lacework launched a generative AI assistant to help security teams respond to alerts from the Lacework platform. Assistive AI is designed to help teams understand why they should look at a particular alert and also offers guidance on how to investigate and address the issue.
The assistant combines the insights generated from Lacework Polygraph machine learning with the assistive technology from LLMâs. Lacework also uses generative AI model services from Amazon Bedrock, experimenting with different models.
Immuta integrates Data Security Platform with Amazon S3
November 27: Data security firm Immuta has introduced native integration between its Immuta Data Security Platform and Amazonâs Simple Storage Service (Amazon S3) object storage service. This integration provides customers with streamlined data access control and security across storage and compute platforms using Amazon S3 Access Grants, a new Amazon S3 access control feature that enables customers to manage data permissions at scale for user identities managed by corporate directories.
âImmuta helps simplify data access and security for data stored in Amazon S3 so users can more safely leverage that data for their analytics and AI initiatives. This, paired with Immutaâs âwrite once, apply everywhereâ policy approach, helps customers democratize and increase data usage while still adhering to global regulations,â CTO Steve Touw said in a press release.
Amazon S3 stores more than 350 trillion objects with over 100 million requests per second to process a multitude of workloads including artificial intelligence and data analytics. The recently added AWS Access Grants feature maps identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3, helping to manage data permissions at scale by granting S3 access to end-users based on their corporate identity.
Trend Micro launches AI assistant
November 27: Trend Micro launched Trend Companion a generative AI tool designed to help analysts save time on manual risk assessment. The company claims the tool explains and contextualizes alerts, triages and recommends customized response actions, decodes and explains complex scripts and command lines, helps analysts develop and execute sophisticated threat hunting queries, and helps incident responders develop OSQuery queries in the IR and forensics module.
The combination of adaptive, model-driven threat alerts in Trend Vision One and Companion’s gen AI capabilities can accelerate incident response times by 30%, reduce incident reporting by up to two hours per report, and drive more complete attack containment, according to Trend Micro.
Sumo Logic adds new features to its platform to better integrate with AWS services
November 27: SaaS analytics platform Sumo Logic has added new features and updates to its platform to expand and accelerate troubleshooting and security across AWS environments.
The new features include Sumo Logic Log Analytics for AWS, which âdelivers a curated view and a single pane of glass for monitoring and troubleshooting AWS services easily and effectively,â the company said in a press release. âThe zero-configuration solution automatically collects logs and metrics data from 12 core AWS services including EC2, Lambda, ECS, RDS, DynamoDB, API GW, and Load Balancers, in one single step.â
Sumo has also added Cloud Infrastructure Security for AWS, designed to provide insight into active threats, non-compliant security controls, and suspicious activity across complex AWS environments.
The company said it has added several new features to its artificial intelligence and machine language models:
- AI-Driven Alerting uses advanced anomaly detection, machine learning, and intelligent playbooks to reduce the noise of daily alerts and false alarms by highlighting the most critical issues that require immediate attention.
- Global Intelligence for AWS CloudTrail DevOps gives insight into AWS performance and configuration.
- Global Intelligence for AWS CloudTrail SecOps enables the detection of potentially malicious configuration changes in AWS accounts by using a machine-learning model to compare CloudTrail events against a cohort of AWS customers.
Fortanix launches Key Insight hybrid multi-cloud environment risk tool
November 27: Data security firm Fortanix has launched the Key insight as an included capability in its Fortanix Data Security Manager platform. Key insight is designed to discover, assess, and remediate risk and compliance gaps across hybrid multi-cloud environments.
Key Insight provides consolidated insights and control of all cryptographic keys to protect critical data services, the company said in a press release. âSecurity, cloud and developer teams can collaborate to assess risk posture and remediate compliance gaps consistent with policies, regulatory mandates, or industry standards (NIST, GDPR, PCI, etc.),â Fortanix said.
Wiz brings native AI security capabilities to its CNAPP
November 16: CNAPP vendor Wiz has introduced Wiz for AI Security, which adds native AI security capabilities to its cloud-native application protection platform. It has four main components: AI Security Posture Management (AI-SPM), an AI security dashboard, and AI extensions for Wizâs Data Security Posture Management (DSPM) and Attack Path Analysis capabilities.
AI-SPM is designed to mitigate the risk of shadow AI by providing visibility into all resources and technology in an organizationâs AI pipeline. The company claims it can detect AI services across cloud services, SDKs, and AI technologies such as AWS SageMaker, GCP Vertex AI, and Azure Cognitive Research.
By extending DSPM to AI, Wiz aims to identify and protect AI training data in the cloud by providing out-of-the-box controls. Attack paths that risk data leakage or poisoning can then be removed.
Attack Path Analysis can now assess AI pipeline risk across vulnerabilities, identities, data, misconfigurations, and more. Those risks can then be correlated on the Wiz Security Graph and potential attack paths can be removed.
Wizâs new AI security dashboard is intended to help AI developers understand their AI security posture. It provides a prioritized list of risks as well as an AI inventory and known AI SDK vulnerabilities.
IONIX adds exposure management features to its attack surface management platform
November 16: IONIX has announced the launch of Threat Exposure Radar, which the company calls the first threat exposure management capability. IONIX will integrate the new technology with its attack surface management (ASM) platform. IONIX claims that Threat Exposure Radar provides a unified view of exposure to threats across the enterprise including cloud, on-premises, SaaS, and third-party systems.
The new solution consolidates security findings into a single view with two options: a radar-like visualization and a summary table from which users can drill down for more explanation or instructions for mitigating the exposed assets. Data is color-coded to highlight urgent items needing attention.
Living Security announces Human Risk Operations Center
November 15: Living Security has announced the Human Risk Operations Center (HROC), a combination of the security operations center (SOC) security awareness and training, and governance, risk, and compliance (GRC) teams. HROC is powered by the companyâs Unify platform and aggregates and correlates employee behaviors using data from an organizationâs existing security tools.
The company claims it offers one pane of glass with real-time visibility into a companyâs riskiest people, departments, and programs. This helps SOC and GRC teams plan next actions and measures the impact of improving policies and behaviors. It supports API integrations for some of the most popular security tools including CrowdStrike, Microsoft, Proofpoint, and Zscaler.
HROC is available now and can be deployed in existing Security Operations Centers or as a standalone offering worldwide, and it is priced based on the size of the organization.
SecureAuth announces new release of Arculix access management and authentication platform
November 15: SecureAuth has released a new version of its Arculix access management and authentication platform. The new release includes enhancements to its Orchestration Engine and improved integration with some Citrix applications and Microsoft Entra ID (formerly Azure). Orchestration Engine improvements include a no-code, drag-and-drop environment to more easily integrate and deploy identity services. Administrators can customize the end-user identity lifecycle including registration, verification, authentication, and post-authorization. Orchestration Engine is available to customers who use the premium version of Arculix, which is sold on a per-user/monthly active user basis.
By integrating with Citrix through its Device Trust solution, Arculix can provide what SecureAuth promises to be a âfrictionless login experience.â Arculix can now authenticate users directly against Microsoft Entra ID, allowing for pass-through authentication.
Sophos adds three new threat detection and response solutions
November 14: Cybersecurity-as-a-service vendor Sophos has announced three new solutions and capabilities designed to protect against active threats. Sophos Firewall v20 software with Active Threat Response will identify, stop, and block attacks without the need to add firewall rules, according to the company. The new version also integrates with Sophosâs Zero-Trust Network Access (ZTNA) gateway, which allows secure remote access to applications behind the firewall. The company has also enhanced the network scalability of Sophos Firewall to support distributed environments, and it has improved ease-of-use management.
Sophos Extended Detection and Response (XDR) and Managed Detection and Response (MDR) customers now have access to Sophos Network Detection and Response (NDR) with XDR. Sophos NDR scans network activity for potentially malicious traffic patterns.
Finally, Sophos has enhanced its XDR solution with more third-party integrations to connect security data across multiple sources for faster detection and response, according to the company. Security operations and analyst workflow and case management features have also been improved to better filter alerts and provide visibility from a single console.
OneSpan adds passwordless authentication to its DigiPass Authenticator line
November 14: Digital agreements security company OneSpan has announced an enhancement to its Digipass Authenticators line. DIGIPASS FX1 BIO enables passwordless authentication via a physical passkey and fingerprint scan. The company claims this combination of biometric authentication and public-key cryptography will help companies meet compliance requirements, reduce phishing and other social engineering attacks, and improve the user experience. DIGIPASS FX1 BIO is based on the FIDO standard.
Stream Security announces Cloud Twin cloudsecops platform
November 14: Stream Security (formerly Lightlytics) has announced three new features for its Cloud Twin engine, a cloud security operations (cloudsecops) platform that can help detect and investigate threats and exposures in their cloud environments. The company claims it can now map cloud dependencies in real-time rather than periodically, allowing security and operations teams to better cooperate to address security gaps.
The new features, which will be automatically available to existing customers, are:
- Azure integration: Cloud Twin now supports Microsoft Azure, which Stream Security claims allows it to model all the possible paths and traffic between different cloud platforms.
- Vulnerability correlation: The platform can help security teams prioritize efforts by correlating vulnerabilities with their exploitability level.
- Threat anomaly detection: Cloud Twin now has threat anomaly detection capabilities to identify malicious behavior and unauthorized access.
Kasada launches KasadaIQ attack prediction services
November 14: Threat detection and management firm Kasada has launched a new attack prediction platform designed to counter bot fraud. The KasadaIQ suite debuted with its first service, KasadaIQ for Fraud, with plans to add more capabilities in the future.
KasadaIQ for Fraud is designed to provide businesses with insight into how bots target digital channels and customer data by offering visibility into non-traditional data sources and adversary communities through the âcapability to detect attacks before they happen and confirm threats that would otherwise go undetected,â the company said.
Core functions of KasadaIQ for Fraud include:
Unconventional sourcing: Kasada monitors activity within non-traditional sources — including resale marketplaces, fraud groups, proxy providers, account generation groups, and hosting providers.
Early warnings: Kasadaâs analysts first identify and vet current and emerging threats within its data system, then send out advance alerts.
Bot acquisition and analysis: Kasada secretly purchases bots in circulation and extensively analyzes how they work.
Stolen credential analysis: Kasada purchases and evaluates stolen credential sets from criminal marketplaces to help the customer remedy security gaps and online fraud.
Dedicated analyst hours: Customers receive a set amount of analyst hours for Kasada to investigate whatâs most relevant to their needs, such as intel on fraud groups or reverse-engineering attacks.
Professional services: Kasada will scope custom requirements and provide expert guidance on how to best achieve the desired outcomes.
Cycode debuts ConnectorX with application security posture management capability
November 14: Application security posture management (ASPM) provider Cycode has launched its click-and-consume third-party ASPM connector platform ConnectorX and announced significant enhancements to its risk intelligence graph (RIG) for risk-based prioritization. The platform aims to foster improved collaboration between security and development teams. It includes more than 40 software development lifecycle integrations, including the introduction of support for Wiz and Black Duck.
The Cycode platform provides companies with the choice to use its native ASPM tools or maximize investments in their existing AppSec tools. Companies can plug in any AppSec solution and âwithin minutes,â gain accurate, real-time visibility into their security posture, according to the company.
DirectDefense ThreatAdvisor 3.0 aims to streamline security operations with SOAR technology
November 14: Information security services company DirectDefense has launched ThreatAdvisor 3.0, a major update to its proprietary security orchestration, automation, and response (SOAR) platform. ThreatAdvisor 3.0 is designed to improve the speed, efficiency, and accuracy of DirectDefenseâs Security Operations Center (SOC), the company said in a press release.
The platform offers customized continuous security monitoring and management, automates manual processes, and includes an extensive knowledge base for compliance, security events and mitigation techniques. ThreatAdvisor 3.0 integrates with other solutions to provide a single interface for threat management with more data and better context, the company claims. The platform collects and processes vulnerability and asset data from several sources and compiles them into a holistic view of an organizationâs security posture, supporting penetration testing, operational technology (OT) and industrial control systems (ICS) assessments, vulnerability management, managed detection and response (MDR), compliance assessments, and enterprise risk management.
Lacework Code Security expands coverage to full application lifecycle
November 14: Cloud security firm Lacework has added the Code Security product to its infrastructure-as-code (IaC) suite to unify code and cloud security with the aim of allowing enterprises to innovate and deliver secure cloud-native applications with increased speed.
Lacework Code Security introduces two forms of static program analysis — software composition analysis (SCA) targeted at third-party code in customersâ repositories, and static application security testing (SAST) targeting first-party code. The Lacework platform now encompasses code as it is written, infrastructure as code, containers, identity and entitlement management, and runtime across clouds.
Lacework added that customers will have access to always-up-to-date software bills of materials (SBOMs) for every application and continual visibility into their software supply chain, as well as an understanding of open-source license risk.
Palo Alto Networks updates Cortex XSIAM
November 13: Palo Alto Networks has announced Cortex XSIAM 2.0, an updated version of its existing product that now has a command center, MITRE ATT&CK Coverage Dashboard and bring your own ML (BYOML) among other updates.
The new features are:
- XSIAM Command Center: With a more user-friendly design, XSIAM Command Center offers a comprehensive overview of SOC operations, including visibility into all data sources being consumed by XSIAM, security alerts and incident information, such as the number of resolved or open security incidents.
- MITRE ATT&CK Coverage Dashboard: This is designed to allow mapping coverage directly to MITRE ATT&CK, providing detailed visibility of detection and prevention coverage across tactics and techniques into the MITRE ATT&CK framework.
- Bring your own ML: For organizations that want to build their own custom ML model, XSIAM ingests complete security data across hundreds of supported sources to enable better out-of-the-box AI/ML analytics. SOCs can use this to create and customize ML models as well as integrate their own models.
- Contextual in-product help assistant: Access to product help and documentation without the need to navigate out of the product.
- New security protection: Improve detection and protection coverage capabilities with new modules for early detection of threats targeting macOS ransomware, Kubernetes(K8s) and master boot records (MBRs).
- Network detection (NDR) coverage: Expand the network coverage of the endpoints with over 50 new detectors covering generic and specific protocol-based threat detection.
- Advanced Local Analysis for macOS and Linux: Provides enhanced coverage for local analysis of macOS and Linux file systems, leveraging ML models to provide accurate and adaptive responses to evolving threats.
- Free text search: A simplified search that enables analysts to query the entire security data set, without the need to craft specific XQL queries.
- New attack surface management (ASM) policies: New ASM policies added to the existing library of over 700 policies.