Infosec products of the month: July 2024
Here’s a look at the most interesting products from the past month, featuring releases from: AttackIQ, AuditBoard, Black Kite, BlueVoyant, Druva, GitGuardian, Invicti Security, IT-Harvest, LogRhythm, LOKKER, NordVPN, Pentera, Permit.io, Prompt Security, Quantum Xchange, Regula, Rezonate, Scythe, Secure Code Warrior, and Strata Identity.
AuditBoard’s self-assessment tools allow audit teams to maintain focus on their critical work
AuditBoard launched out-of-the-box (OOTB) self-assessment tools that enable internal auditors to easily assess and streamline conformance with the new Institute of Internal Auditors (IIA) Global Internal Audit Standards (“Standards”) that go into effect January 9th, 2025.
GitGuardian’s tool helps companies discover developer leaks on GitHub
GitGuardian releases a tool to help companies discover how many secrets their developers have leaked on public GitHub, both company-related and personal. The audit generates a score ranging from A to E. This score factors in the volume of hardcoded secrets detected, the number of leakers (developers who have leaked at least one secret), and the number of developers within your scope over the past three years. Companies are grouped by their number of developers, allowing for a fair comparison.
LogRhythm’s enhancements boost analyst efficiency
This quarter, LogRhythm is highlighting its Machine Data Intelligence (MDI) Fabric for the AI-ready Security Operations Center (SOC). Streaming of logs to AWS S3 storage provides a cost-effective and easy way to retain data in a searchable format for business requirements such as compliance audits, long-term forensic search, leveraging a “bring your own storage” approach for cloud storage of logs.
SCYTHE 4.3 enables organizations to test and validate their defenses
SCYTHE has announced SCYTHE 4.3, which brings a host of enhancements designed to support and advance cybersecurity teams’ capabilities in threat emulation, vulnerability management, and security integration.
Regula Forensic Studio updates improve the accuracy of forensic examinations
Regula has released a significant update to its operating software, Regula Forensic Studio. This major revamp enhances the functionality of forensic devices, improves usability, streamlines operations, and allows for more precise document examination.
NordVPN File Checker protects users from infected files
Despite the easy-to-use interface, the technology behind File Checker is much more complex. Whenever a user uploads a file to File Checker, the tool calculates the file’s hash in the browser and sends it to NordLabs’ backend. Here, it’s checked against a huge database of known malicious file hashes.
AttackIQ Mission Control simplifies security testing for distributed teams
AttackIQ Mission Control enhances AttackIQ Enterprise BAS deployments within large organizations, streamlining security testing for distributed teams. Reviewers are provided business entity insights analytics that show coverage and success by MITRE ATT&CK tactic, the top MITRE ATT&CK tactics, techniques, procedures not prevented nor detected, and much more in test summary dashboard and reporting.
Pentera updates RansomwareReady to secure Linux environments
Pentera announced a major update to its RansomwareReady product, enabling customers to proactively test the security of their Linux environments. With this addition, Pentera empowers organizations to adopt proactive measures against the world’s most pervasive and destructive ransomware strains across Windows and Linux operating systems.
Prompt Security introduces GenAI security solution for MSSPs
At every touchpoint of GenAI in an organization — from GenAI tools and assistants used by employees and developers to GenAI integrations in homegrown applications — Prompt Security inspects each prompt and model response to prevent the exposure of sensitive data, block harmful content, and secure against GenAI-specific attacks.
IT-Harvest incorporates security scores from Black Kite into its dashboard
With the inclusion of Black Kite’s Data Breach Index which offers historical breach context about data breaches, and Black Kite’s Ransomware Susceptibility Index (RSI), which uses data and ML to discover the likelihood that an organization will experience ransomware attack, IT-Harvest clients will have access to a more detailed view of risk.
Quantum Xchange CipherInsights enhancements identify weaknesses in enterprise cryptography
CipherInsights Version 11.0 includes several new features to pinpoint any weaknesses in enterprise cryptography and ease an organization’s inevitable migration to quantum-safe cryptography, replacing their legacy encryption with Post Quantum Cryptography (PQC) standards to be announced by the U.S. Department of Commerce’s National Institute for Standards and Technology (NIST) summer 2024.
Druva unveils data security capabilities to accelerate incident response
With new Threat Hunting capabilities for indicators of compromise (IOCs), Druva allows customers to more quickly understand the gestation, timeline, and impact of threats throughout their data environment. Druva also empowers IT and security teams with contextual data insights throughout incident response (IR) workflows to understand, remediate, and recover from critical incidents.
Invicti API Security uncovers hidden and undocumented APIs
Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The addition of API discovery to the Invicti Platform bridges the gap between known specifications and the real-world attack surface, helping users uncover and test applications and APIs that would otherwise have flown under the radar.
Rezonate boosts security for both human and non-human identities
Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). With discovery, inventory, and visibility into NHIs and associated users simultaneously on the same platform, Rezonate provides complete risk-driven, contextual insights enabling informed, proactive or even real-time decisions to be made.
BlueVoyant Cyber Defense Platform helps organizations reduce cyber risk
BlueVoyant’s Cyber Defense Platform provides AI-powered, next-generation security operations across enterprises’ entire attack surface. It processes data and alerts from internal networks, supply chains, and the clear, deep, and dark web. This all leads to improvements in scalability, productivity, and enterprises’ cyber risk posture.
SCW Trust Agent measures developers’ security competencies for code commits
SCW Trust Agent delivers control and flexibility for developer gatekeeping. It allows administrators to set up policies and criteria, ensuring developers meet a baseline set of standards and expectations before developing code. For any gaps in developer skills, they can reference the SCW agile learning platform to upskill their language specific knowledge and competencies.
Strata Identity Continuity prevents mission-critical applications from going offline
Strata Identity announced Identity Continuity, an addition to its Maverics Identity Orchestration platform. This new premium offering ensures business continuity and uninterrupted application access by seamlessly failing over from a primary cloud Identity Provider (IDP) to a secondary IDP, using an on-premises IDP or cloud-to-cloud failover capabilities.
LOKKER introduces web privacy risk summary for insurers
LOKKER released a new privacy solution for insurers: the ability to share on-demand web privacy risk reports with their insureds. These reports give insurers and the insured companies a simple view of their data privacy risk profile in eight different categories, highlighting potential issues that could lead to regulatory fines, lawsuits, or data breaches.
Permit Share-If enables developers to implement secure collaboration features into their apps
“Permit Share-If” provides developers with an effective way to delegate access to their end-users without compromising on security and maintaining fine-grained authorization, all with zero development time. By delegating access control to end users, “Permit Share-If” enhances security and functionality without the need for custom-built permissions.