At the 22nd annual Black Hat conference in Las Vegas for computer security consulting, training and briefing, industry experts came together from Aug. 3 to 8 to discuss emerging threats in cybersecurity, such as new attack methods and critical vulnerabilities across various industries. The conference also served as the birthplace for many potential answers to the security issues highlighted. Vendors in security and networking used Black Hat as an opportunity to unveil their newest products and services to the tens of thousands of attendees that ranged from executives and security professionals to small-business owners to individuals with an interest in the cybersecurity world.
While some vendors released new offerings leading up to the main two days of the conference -- including BlackBerry's Intelligent Security, LogicHub's SOAR+ platform and Gurucul's Network Behavior Analytics tool -- many waited to announce their wares. Here are some of the latest releases from security vendors at Black Hat 2019.
Carbon Black Inc. introduced customizable API Access Control across its cloud-native endpoint protection platform to give security teams more control of data access and management. With greater control, security teams are less likely to face risks and misuse, according to the vendor.
API Access Control enables administrators to decide if individual integrations can read, update, create or delete certain data across the platform. By providing a principle of least privilege for integrations between products, security teams can maintain flexibility across their technology stack and thoroughly control data access and management, according to the vendor.
Carbon Black also introduced a new API for its real-time endpoint query and remediation product, CB LiveOps. The new API enables users to initiate automated queries and integrate results from CB LiveOps with the security stack to improve workflows and confidence in responses. Carbon Black said these capabilities will save time when investigating threats, assessing vulnerabilities and managing endpoints.
CrowdStrike Inc. introduced a new feature to its CrowdStrike Falcon platform for endpoint protection, CrowdScore. The offering enables corporate executives to view real-time threat levels of their organization and deploy resources to prevent or address attacks. According to the vendor, lack of resources and prioritization historically prevent organizations from detecting, understanding and containing threats in a timely manner, and it claims CrowdScore will improve metrics.
CrowdScore intends to help organizations detect threats in one minute, understand them in 10 minutes and contain them in 60 minutes with the following features:
- A real-time organizational threat score helps security teams understand the current state of threats and supports executive decision-making.
- The Incident Dashboard automatically compiles and categorizes alerts into incidents and uses AI to prioritize critical threats.
- The Incident Workbench visualizes threats and provides context in addition to automating investigation to reduce time and effort for investigators.
Digital Guardian Inc. released a free forensic artifact collection tool that intends to help security teams investigate and scope endpoint intrusions.
DG Wingman claims to aid security teams in extracting forensic artifacts such as the Master File Table, Windows registry and Windows event logs for intrusion analysis. With DG Wingman, security teams can also execute custom commands or collect metadata with a full endpoint scan from portable files such as hashes and certificates.
Updates to the Onapsis Platform bring change assurance, automated governance and continuous monitoring capabilities to protect business-critical applications, designed for collaboration among IT, cybersecurity, development and governance, risk and compliance teams to improve workflows, automate manual tasks and lower costs.
With this update, the Onapsis Platform integrates tools from Virtual Forge and the Onapsis Security Platform to bring four modules:
- Assess, which gives development and security teams insight to discover, assess, prioritize and improve code quality and reduce application vulnerabilities;
- Control, which enables secure change to inspect, manage and accelerate workflows;
- Comply, an automated governance that provides compliance, IT and business application administration teams with enforcement and reporting capabilities; and
- Defend, which brings continuous monitoring and real-time visibility to business applications and enables security operations center and incident response teams to respond to internal and external threats.
SentinelOne launched a new version of its server and workload protection offering built specifically for containers. SentinelOne's platform brings behavioral AI and autonomous threat response capabilities to cloud-native and containerized workloads to provide prevention, detection, response and hunting of cyberthreats.
The vendor claims that as workloads increasingly move toward cloud architectures, most endpoint protection platforms aren't equipped to protect the growing cloud attack surface. The SentinelOne platform intends to provide full visibility and threat response capabilities for containers in addition to traditional cloud servers and private data centers. SentinelOne's server and workload protection platform can be deployed in containers, in machines that host containers, in servers or in the cloud.
Tenable Inc. added new capabilities to its Tenable.io and Tenable.sc offerings to discover and assess all assets -- known and unknown -- across on-premises and cloud environments. The new features are based on Tenable's Nessus Network Monitor (NNM) platform for passive network monitoring, and will come at no additional cost.
Tenable's newest capabilities include the following:
- NNM Discovery Mode enables users to continuously monitor networks to discover assets without using a product license to eliminate blind spots in the network.
- Rogue Asset Automatic Assessment automatically assesses rogue assets and enables security teams to ascribe policies for scanning newly discovered assets. Tenable claims this automatic assessment will improve security posture while decreasing operational costs.
- Tenable Cloud Connector Auto-Discovery provides live visibility into AWS, Azure and Google Cloud Platform cloud workloads and enables users to automatically collect and track assets.
NNM Discovery Mode and Rogue Asset Automatic Assessment will be available later this year; Tenable Cloud Connector Auto-Discovery is generally available now.
The newest version of Tigera Secure Enterprise Edition enables security teams to use Palo Alto Networks' Panorama to define and enforce security policies for cloud-native Kubernetes applications. Tigera Secure Enterprise Edition 2.5 allows security teams to secure and monitor inbound and outbound traffic as well as traffic between workloads with existing tools and processes.
Tigera Secure 2.5 also eliminates the need for security to be entirely delegated to infrastructure and application teams; with this update, security teams can define zone-based architecture and firewall rules themselves through Panorama, without the need for additional training or tools.
Other updates to Tigera Secure include the following capabilities:
- Policy Preview Mode enables users to define changes to Kubernetes Network Policies and preview effects before enforcing them, reducing potential risk.
- Security Configuration Monitoring and Compliance continuously monitors, reports and alerts on security-related configuration issues to prevent exploitation by a hacker.
- Splunk integration enables security teams to use existing tools and processes to manage traditional and modern Kubernetes workloads.
- Ingress Flow Logs identify source and destination data and Kubernetes context of all traffic to provide a comprehensive view of all network flows and their sources and destinations.
Aiming to eliminate certificate-related outages for machine identity protection, Venafi released the Via Venafi No Outages Guarantee to keep critical business systems intact. Venafi's new tool intends to control certificates shared among multiple applications across complex, multi-tiered architectures to simplify the outage prevention process.
According to Venafi, 2.6 million certificates expire every seven days; when certificates expire unexpectedly, machines and applications stop sharing data with other machines, ceasing business operations.
Via Venafi No Outages Guarantee uses capabilities from the Venafi Platform in addition to the experience of experts in the field and a customizable, step-by-step implementation plan to bring visibility and automation to processes that help users prevent certificate outages.
Virtru Developer Hub is a development portal that integrates data protection capabilities with zero-trust architecture, enabling developers to embed platform-agnostic protection to appliances or connected devices securely with a few lines of code.
The Virtru Developer Hub brings the following data protection capabilities:
- Persistent data protection for any workflow, application or file type and maintain data protection in multi-cloud deployments.
- Integrated privacy controls for information rights management, including data expiration, revocation, watermarking and sharing policies.
- User-first technology such as secure web-based reader, out-of-the-box dashboard and administrative capabilities and authentication with existing identity.
- Key management options like zero-trust architecture and the choice of SaaS, on-premises or integrations with hardware security module deployments.
- Flexible architecture that enables addition of data protection to client- or server-side workflows and open Trusted Data Format and Virtru's SDK for no vendor lock-in.