CyberClub

Themed the Art of Possible, the 2024 RSA Conference takes place between 6 and 9 of May and will offer insights into the latest trends, how to master new skills, and more. More than 640 vendors will exhibit their new products at the expo and CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye.

That list is here, presented in the order they were announced. Watch this space for new additions as they become available.

RSA pre-conference announcements

Commvault Cloud Cleanroom Recovery

Commvault will showcase its Cloud Cleanroom Recovery, an isolated environment designed to test and strengthen cyber resilience. It functions as a classroom to share knowledge with teams about unknown threats and a strategic war room for crafting realistic plans to tackle new compliance challenges. While Cleanroom Recovery typically exists in the cloud, Commvault will be doing a physical demonstration. Cleanroom Recovery capabilities allow organizations to test organization’s cyber recovery plans and backup production systems before an attack occurs, recover data and applications automatically, and rebuild digital infrastructure after cyber incidents. Commvault will be at RSAC booths 4308 and 5778.

Trend Micro zero trust security access AI gateway

Trend Micro has revealed new capabilities to its Trend Vision One, Zero Trust Secure Access (ZTSA) controls for AI service use. The AI gateway is designed to protect the end user journey when accessing public or private generative AI services. Specifically, it includes centralized management of employee access and usage of AI applications, prompt inspection to prevent data leaks and malicious injections, content filtering to meet compliance requirements and defense against large language model (LLM) attacks.

Adaptive Shield SaaS security for generative AI

Adaptive Shield SaaS Security Posture Management (SSPM) detection and response capabilities for AI-driven applications is designed to enable enterprises to mitigate the risks introduced by the growing use of generative AI. Some of the features include a security score for each application to help security teams pinpoint those with heightened risk levels; control AI-related security settings within SaaS applications to prevent data leakage or any exposure; discovery and management of shadow apps; management of 3rd party longtail ai-sanctioned apps, securing homegrown applications and data management. Adaptive Shield will be at RSAC booth 1455.

Bugcrowd AI penetration testing

Bugcrowd added AI penetration testing to its security platform. The addition is designed to help AI adopters detect common security flaws before threat actors take advantage. It helps uncover common flaws in prompt injection, training data extraction, data poisoning, and other types of attacks, using a testing methodology based on its open-source Vulnerability Rating Taxonomy. It does this by finding and fixing common issues; tests target, scope and use cases; checks for vulnerabilities in the OWASP Top 10 for LLMs, along with others; and offers curated pentester teams. Bugcrowd will be at RSAC booth 2245.

Legit Security software compliance attestation trust center

Legit Security introduced a software compliance attestation trust center, which by using frameworks such as SLSA, PCI DSS, SOC2, and ISO 27001, helps teams quickly assess the state of a software security program to identify gaps that create risk. The trust center also supports new CISA requirements. It includes out-of-the-box controls and automated validation, customizations defined by customers to enable precise compliance reporting, captures and enables users to export required data by using compliance frameworks to determine status when attesting to CISA or other security frameworks, continuous compliance and faster remediation and new dashboard and reporting capabilities. Legit Security will be at RSAC booth 0232.

Dope.security cloud access security broker

Dope.security’s CASB Neural is a cloud access security broker (CASB) powered by deep learning AI. The product utilizes LLMs to restrict risky SaaS usage and improve DLP by identifying and comprehending externally shared sensitive documents. CASB Neural is designed to identify, extract and understand all externally shared files and display an LLM-generated classification summary when content is sensitive. This enables organizations to identify exposed sensitive data and enables customers to review and/or unshare the data.

Orca Security, ModePUSH digital forensics

Orca Security in partnership with ModePUSH launched cloud digital forensics and incident response services designed to enable organizations to quickly understand and respond to breaches or compromises across their cloud estates and application layers. This is done by using intelligence from the Orca Cloud Native Application Protection Platform (CNAPP). 

The integrated capabilities combine data from Orca’s SideScanning snapshots with cloud provider audit logs and third-party agents to detect suspicious activity, potential compromises, or advanced threats. Orca Security will be at RSAC booth 1627.

Sevco updates security platform

Sevco Security has updated its platform with new capabilities that proactively prioritize, automate, and validate the remediation of exposures, including software and environmental vulnerabilities like missing security tools and IT hygiene issues. A new remediation analytics dashboard enables security leaders to view detailed real-time tracking of issues by date with timestamps when issues surface, when action is taken, and when remediation is complete. Cybersecurity teams gain quantifiable insights to manage remediation programs, highlighting where efforts are working and where they aren’t.

Semperis adds ML to identity threat detection and response

Semperis Lightning Identity Runtime Protection (IRP) is an identity threat detection and response (ITDR) product that uses machine learning models to detect widespread and successful attack patterns such as password spray, credential stuffing, other brute force attacks, and risky anomalies. Part of the Semperis Lightning platform, IRP uses algorithms trained on Semperis’ experience to detect sophisticated identity attacks. Semperis CEO Mickey Bresman will be on The Cost of Innovation: Complexities of Software Regulation panel on Tuesday, May 7.

Halcyon Ransomware Warranty program

Halcyon’s Ransomware Warranty program complements the vendor’s ransomware protection offer a step further, with the promise that for any attacks that bypass its defence system Halcyon will provide incident response and recovery services, minimizing downtime and impact on business operations. The level of professional services provided is based on the number of purchased endpoint licenses during the warranty period. The warranty covers all endpoints within the customer’s protected environment where Halcyon’s anti-ransomware solution is operational. To be eligible, organizations must maintain an active Halcyon subscription, ensure their endpoints are in a Blocking Security Posture, and comply with Halcyon’s Subscription Services Agreement. Halcyon will be at RSAC booth 3324.

RSA conference announcements, 6 May

Cisco announces Splunk integrations and new cloud detection services

Cisco has announced an integration of its XDR with Splunk Enterprise Security that feeds alerts and detections from Cisco XDR into Splunk ES to accelerate investigation and remediation. Cisco’s unified AI Assistant for Security is now available in Cisco XDR, which, according to the vendor, allows security analysts of all skill levels to make faster, more informed decisions.

Cisco’s Panoptica cloud native application protection platform (CNAPP) now uses AI and ML to detect and alert security teams to emerging threats within cloud applications in real-time, while GenAI Dynamic Remediation allows teams to resolve issues quickly by providing prescriptive guidance. The new Search Graph Query feature enables granular query and graph visualizations across multi-cloud environments to allow for deeper investigation into cloud security posture to reduce exposure.

Cisco also added capabilities to detect and block attacks stemming from unknown vulnerabilities within runtime workload environments in Cisco Hypershield. Suspected workloads can be isolated to limit the vulnerability’s blast radius.

Cisco Identity Intelligence is now available in Cisco Duo. Duo Passport is designed to help teams to minimize repeated authentication requests to provide interruption-free access to everything a workforce needs without compromising security. In limited availability is also Cisco Identity Intelligence in Duo that uses AI-driven analytics to strengthen posture across identity infrastructure and to assess and respond to identity risk before, during and after login.

Splunk Asset Risk and Intelligence

Splunk Asset Risk and Intelligence was designed to help SOC teams to simplify compliance, reduce risk and sources of shadow IT across cloud, hybrid, on-prem and IoT systems. Some of its features include enhanced visibility that enables the correlation and aggregation of data from various sources to provide a continually updated inventory of assets and identities, eliminating duplicate or stale data for more accurate, comprehensive asset insights, reducing risk exposure. Accurate investigations that allows security operations teams to map relationships between assets and identities to expedite investigations. Optimized compliance posture that provides out-of-the-box and customizable dashboards and metrics to assess and enhance compliance and security posture, and proactively identify assets lacking critical security controls using compliance framework controls. Splunk will be at RSAC booth 5457.

ForAllSecure Mayhem Dynamic SBOM

ForAllSecure software bill of materials (SBOM) Mayhem Dynamic uses runtime profiling to go through applications’ behavior and find exploitable vulnerabilities as they run. Mayhem Dynamic has attack surface mapping building a runtime profile of the application as it runs, showing a picture of the CVEs reachable in an application. It includes supply chain security to protect dependencies by identifying dependencies that pose the most risk and highlight unused third-party components. And SSDF compliance to simplify compliance with runtime data generating attestations and justifications. ForAllSecure will be at RSAC booth 1067.

Normalyze DSPM new features

Data security posture management vendor Normalyze will be showing new features during the conference. These include DSPM for AI, new scanning capabilities focused on identifying sensitive data being used in large language models (LLMs) to ensure that AI-generated content does not expose sensitive company information. It also helps secure your cloud-based AI deployments in AWS Bedrock and Azure OpenAI by detecting any sensitive data being fed into the foundational or custom models, according to Normalyze. DSPM for on-premise to help teams get visibility and control of sensitive data in non-cloud data centers, Normalyze supports both self-managed as well as cloud-based deployments of scanners to scan on-premises data.

Other news from Normalyze include specialized API for LLM Security; enhance precision with adaptive feedback validation workflows, learning capability that improves classification accuracy and remediation recommendations based on user feedback and actions ; expanded Optical Character Recognition (OCR) with increased support for OCR to better recognize and classify text within scanned documents or images. And Snowflake customers can now apply advanced tools for automated data discovery and classification, precise access management via the Data Access Graph. Normalyze will be at RSAC booth 6476.

Team Cymru investigation and threat hunting software

Team Cymru Pure Signal Scout Insight is an investigation and threat hunting tool designed to help SOC teams, incident responders, and threat analysts identify and track malicious entities on the internet. It uses generative AI capabilities to deliver better insights quickly along with added contextual details, according to Team Cymru. It claims to make threat hunting and triage activities accessible to analysts of all experience levels. It integrates into existing workflows such as Splunk. It feeds intelligence directly into SIEM and SOAR. Team Cymru will be at RSAC booth 6559.

RSA conference announcements, 7 May

Abnormal Security expands account takeover protection beyond email

Abnormal Security is expanding its Account Takeover Protection beyond email by integrating the Abnormal AI platform that ingests a large set of signals, including sign-in events, typical geolocations and VPN details, to build a behavioral baseline for each user across all integrated applications. Autonomous AI models then analyze risky events based on deviations from this baseline, which are correlated across other platforms accessed by that user. Compromised account detections deemed to be high-risk are automatically remediated.

Abnormal is also launching AI Security Mailbox designed to serve as a personal AI cyber assistant for employees reporting an attack by providing a personalized response explaining if the email was deemed malicious, safe, or spam and how a determination was made.

Abnormal now integrates with more cloud accounts, including:

Email: Microsoft 365, Google Workspace

Identity: Azure Active Directory, Okta, Ping

SaaS/Collaboration: Atlassian, Box, DocuSign, Dropbox, Google Drive, Salesforce, ServiceNow, Slack, Workday, Zendesk, Zoom

Cloud Infrastructure: Amazon Web Services, Microsoft Azure, Google Cloud Platform

Abnormal Security will be at RSAC booth 860.

Sentra tracks path of sensitive data

Sentra DataTracks, an interactive contextual map, is designed to offer security teams insight on data similarity and movement across the entire data estate. When combined with other behaviors like access, security posture and threats, teams can better understand and manage the full effect of sprawl in structured and unstructured data. DataTreks allows users to investigate flow views by account, by region or by hosting service. Teams also can see exactly where data resides and if it was duplicated, transformed or moved.

Sentra is also extending its cloud-native data security capabilities to classify and detect sensitive data in on-premises environments for file shares and databases. It supports file shares including SMB (CIFS), NFS, and FTP, and databases, including MSSQL, Oracle, PostgreSQL, MongoDB, MySQL, Kafka and Red. Sentra will be at RSAC booth 3108.

Graylog updates threat detection and incident response software

Graylog has launched a new version of its threat detection and incident response software, Graylog Security 6.0. The updates include enhanced threat detection through a continuously curated library, integration with Graylog API security, guided analyst workflow that identifies critical alerts from calculated risk assessments, and also promises a lower total cost of ownership via optimized data management. Graylog will be at RSAC booth 3124.