Infosec products of the month: May 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Adaptive Shield, Appdome, AuditBoard, Calix, Cranium, CyberArk, Cybersixgill, Dashlane, Datadog, Detectify, Eclypsium, ExtraHop, FireMon, Forcepoint, ManageEngine, OneTrust, OWASP Foundation, PlexTrac, Proofpoint, Secure Code Warrior, SentinelOne, Snyk, Splunk, Strike Graph, Sumo Logic, Synopsys, Trellix, and Truecaller.
Cybersixgill Third-Party Intelligence module identifies potential supply chain risks
The Third-Party Intelligence module combines vendor-specific cyber threat intelligence (CTI) with cybersecurity posture data from suppliers’ tech environments, exposing a critical blind spot for security teams. With this intelligence, threat analysts and security operations teams can identify threats from the supply chain and expand their threat exposure management efforts.
Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams
Polaris Assist combines Large Language Model (LLM) technology with Synopsys’ application security knowledge and intelligence – including coding patterns, vulnerability detection rules, and Black Duck’s vast open source knowledge base – to provide security and development teams with easy-to-understand summaries of detected vulnerabilities, AI-generated code fix recommendations, and other insights to help them build more secure software faster.
Snyk AppRisk Pro leverages AI and third-party integrations for faster risk mitigation
Snyk AppRisk Pro creates a holistic understanding of application risk, equipping AppSec teams with context based on how the application was built, the code it contains, its impact on the organization’s business, and team responsibilities.
Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams
Secure Code Warrior unveiled SCW Trust Score, a benchmark that quantifies the security posture of organizations’ developer teams. SCW Trust Score provides a vital baseline of the impact of their learning programs, assesses its effectiveness, and enables security, developer and engineering teams to more effectively collaborate and recalibrate skills training.
Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools
DLP Transform brings together a cloud-native architecture that analyzes user behavior and content understanding to assess and protect against data risk across channels. This enables organizations to consolidate their DLP point solutions, their insider risk tools, and their cloud DLP or CASB into a single architecture, agent and interface, adding capabilities and channel coverage as their data loss and insider risk programs mature.
Appdome launches MobileEDR, merging MTD and EDR to protect enterprise mobile apps
The Appdome MobileEDR is an in-app mobile EDR and MTD solution coded into enterprise mobile applications by Appdome’s patented no-code, unified mobile app defense platform. By delivering the needed device inspection, threat detection and telemetry capabilities in the mobile app itself, Appdome provides continuous and comprehensive monitoring of Android and iOS devices, including mobile smartphones, embedded apps, VR apps, and wearable apps.
AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization
AuditBoard announced enhancements for its InfoSec Solutions to help organizations meet their IT compliance, cyber risk, and vendor risk management needs in the face of rising risks and increased regulatory requirements. With these new capabilities, including enhanced AI automation, customizable automated workflows, and real-time analytics, teams can better manage and communicate InfoSec risks to the C-suite to allow for more strategic allocation of risk management resources across the enterprise.
Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox
Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and centralize compromised account detection and remediation across identity, collaboration, and cloud infrastructure applications.
Splunk Asset and Risk Intelligence accelerates security investigations
Splunk announced Splunk Asset and Risk Intelligence, a solution designed to power the SOC of the future by helping businesses streamline compliance, reduce cyber risk and eliminate the sources of shadow IT. It allows security operations teams to map relationships between assets and identities to expedite investigations, enabling rich asset and identity context (e.g., network activity, associations, health) for faster security incident response.
SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure
With Singularity Cloud Native Security, SentinelOne provides a comprehensive CNAPP that blocks attacks, combining its Cloud Native Security with AI-powered Cloud Workload Security and Cloud Data Security threat protection products to deliver visibility and mitigation capabilities in a single cloud security platform.
Trellix Database Security protects sensitive data
Trellix Database Security includes database activity monitoring (DAM), vulnerability manager, and virtual patching to find, classify, and defend sensitive information in leading database types and legacy databases to keep them secured, patched, and protected.
Sumo Logic’s analytics capabilities allow security teams to find insights within their data
Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly. These advancements empower customers to use their critical security data to close security gaps and better fuel DevSecOps.
Datadog Event Management helps teams reduce alert fatigue
With Event Management, Datadog intelligently consolidates, correlates and enriches all alert events and important signals from Datadog and existing third-party observability tools into one consistent view. This process reduces alert fatigue so teams can focus their time and resources on remediating issues.
ExtraHop releases AI tools to automate SOC workflows
ExtraHop has revealed a set of AI tools in the RevealX platform designed to automate SOC workflows and relieve analyst fatigue. The new generative AI-powered search assistant from ExtraHop serves as SOC analysts’ threat hunting companion, enabling teams to search for indicators of attack through an AI-powered natural language search interface so they can detect threats faster.
Cranium AI Exposure Management Solution helps organizations secure internal and third-party AI systems
Cranium AI Exposure Management empowers organizations to identify vulnerabilities in AI infrastructure, ensuring the security and reliability of machine learning applications and supercharge red-teaming efforts to discover novel threats, inform protection strategies, and harden AI systems against known adversarial tactics and vulnerabilities to help secure AI/LLM development and usage.
Eclypsium offers protection for GenAI hardware infrastructure
Eclypsium announced new GenAI assessment capabilities for its Supply Chain Security Platform. The new capabilities from Eclypsium allow users to continuously monitor and remediate risks in popular NVIDIA hardware used to train GenAI models.
Forcepoint ONE Data Security simplifies data protection with zero-trust principles for all organizations
The new Forcepoint SaaS solution provides unified management for endpoint and multi-channel cloud data security, eliminating the need for multiple tools and complex policy management. Forcepoint offers a single place to manage data security policy for global compliance and proactive breach prevention across all digital channels.
Calix strengthens SmartBiz security with automated alerts and anti-spam compliance tools
Calix unveiled updates to SmartBiz, a purpose-built small business solution for broadband service providers (BSPs), that expand an existing set of security capabilities. These enhancements help BSPs ensure the safety, security, and compliance of critical small business online activities at scale. Updates include new security alerts and heightened cybersecurity reporting across primary, staff, and point of sale (POS) managed networks.
FireMon Asset Manager 5.0 improves situational awareness
FireMon Asset Manager 5.0 finds every L2 and L3 device across the network, including on-premises and cloud environments. This gives teams an accurate inventory of all networks, connections, routes, and devices across the enterprise. Automatic profiling identifies devices, including endpoints, routers, switches, and OT/IoT, whether installed in the organization’s data center or hosted in the cloud.
BLint: Open-source tool to check the security properties of your executables
BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries.
OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and use in CI environments.
ManageEngine SaaS Manager Plus simplifies access management
ManageEngine launched SaaS Manager Plus, a SaaS management solution for enterprises. It streamlines discovery, enforces access controls and offers valuable usage insights, allowing IT teams to gain control over their SaaS ecosystems, optimize costs and ensure data security, all while empowering a productive remote workforce.
CyberArk CORA AI accelerates identity threat detection
CyberArk announced CyberArk CORA AI, a new set of AI-powered capabilities that will be embedded across its identity security platform. CORA AI will reduce the time it takes to sift through human and machine identity data to analyze anomalies and apply next-level identity threat detection and response actions from hours to minutes.
PlexTrac Plex AI helps offensive security teams write reports
Plex AI applies PlexTrac’s algorithms to scale findings development and authoring, saving countless hours in manual proactive security report development while ensuring the quality and data integrity that leading MSSPs, MSPs, and enterprises demand.
Strike Graph VerifyAI gives businesses flexibility and control for audits
VerifyAI delivers real-time feedback on continuous compliance, allowing customers peace of mind knowing all evidence has been verified. This helps avoid costly mistakes and exceptions on audit reports. All of this is accomplished without relying on a third-party AI network, which can pose security risks.
OneTrust helps organizations meet the framework requirements
OneTrust announced the expansion of OneTrust solutions to help organizations drive operational resilience and risk management across their extended enterprise, as well as comply with regulations like the European Union’s (EU) Digital Operational Resilience Act (DORA).
Adaptive Shield unveils platform enhancements to improve SaaS security
Adaptive Shield has extended the capabilities of its SaaS Security Posture Management (SSPM) unified platform to cover complex Permissions and Shared Data. The Permission Inventory provides customers with deep visibility into permission structures at the SaaS stack level through an automated approach, while the Data Inventory feature enables customers to prevent data leakage.
Dashlane Nudges reduces the risk of credential theft
Dashlane Nudges immediately notifies users if Dashlane detects that a password in their vault has been compromised via dark web monitoring, and provides users actionable steps to change the password and remediate the risk. Admins can also configure settings to trigger a targeted message informing the user directly about the security threat.
Detectify platform enhancements address growing attack surface complexity
Detectify announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring control over attack surface data and enable organizations to seamlessly configure alerts for policy breaches based on their unique definition of risk.
Truecaller AI Call Scanner detects AI voice clones in real-time
AI Call Scanner is trained to detect and differentiate between human voices and AI-synthesized voices, empowering people to safeguard themselves against potential scams and fraudulent activities. If a person receives a suspicious call, all they have to do is tap a dedicated button within the Truecaller interface.