📡 Cybersecurity Innovation Pulse #13: How's Your AI Fatigue Doing?; U.S. DHS AI Task Force; Deepfake Scams; 35+ Product Announcements
Covering Apr. 19th - 30th
Welcome to the 13th issue of the Cybersecurity Innovation Pulse newsletter! I'm Darwin Salazar and this newsletter is your personal guide to the ever-evolving world of cybersecurity and all of the innovation happening within. Every week, I bring you the latest updates on product launches, groundbreaking innovations, and strategic collaborations. I also run the Market Pulse newsletter where I cover funding news, earnings, M&A activity, and more. If you enjoy the content and gain value from it consider becoming a paid subscriber to gain access to our archive, and exclusive posts. You can also buy me a coffee ☕ or 3 if subscriptions are not your thing. By subscribing, you'll receive all of timely and valuable insights directly to your inbox, saving you time and helping you stay ahead of the curve. Now, grab a cup of your favorite beverage, and let’s dive into the madness that transpired during RSAC Week. Enjoy!
As I look back on RSAC week and all of the announcements, I’m excited for what the next few years will look like for our industry. It's impossible to ignore the rapidly growing presence of Artificial Intelligence (AI) in our daily lives, across every industry and even more so in ours. Whether it be the growing concerns of how to secure the use of AI and Large Language Models (LLMs) in the enterprise, how to leverage this powerful tech to improve security operations and build better products, or (and in my mind), most importantly, how to secure the builds and maintenance of this tech, it’s clear that AI is on everybody’s mind. While it may not be a silver bullet solution, it may grant us the giant leap forward we’ve long been yearning for in the security industry. As with anything, it must be implemented and deployed correctly.
Now, let's dive into some of the key takeaways from the event. The Innovation Sandbox and Early Stage Expo were hot spots this year, showcasing cutting-edge solutions. Some of my favorite start-ups at RSAC this year were Monad, Resourcely, Gem, NightVision, Tamnoon, and Dazz. If I were to create an All-RSA Start-up Team, they would be on it.
Outside of AI, Zero Trust and Data Security, a key trend that I noticed is the concept of products centralizing data/alerts from different best-in-breed point solutions and then working their magic to help security teams. In my opinion, this play makes sense because these products won’t directly compete with the top solutions, the messaging is that they will augment these solutions and help streamline operations. Two examples of this are Dazz and Tamnoon which was founded by the founder of the first CSPM, Dome9, and former Director of Product at Sysdig. Tamnoon came out of stealth and unveiled their Managed Cloud Protection solution at RSA.
Onto the Innovation Sandbox competition. If you’d like to binge watch the pitches from the top 10 finalists, you can do so here. As you could have probably predicted, an AI-focused start-up took the crown as the "Most Innovative Startup" at the RSAC.
From a pure pitch lens, HiddenLayer had a pretty captivating pitch. Humor, Total Addressable Market (TAM), emphasis on the problem, clear to understand what their solution is, seasoned founding team and they already have customers with interesting use cases such as the U.S. Space Force, Lockheed Martin and Databricks. Check ✅, check ✅, check ✅. While I would love to get my hands on their Machine Learning (ML) Detection & Response solution, I was also pretty impressed to see that they’re also positioned as a services company that conducts red team and ML risk assessments. Would be interesting to see what that entails.
Before moving on to more AI stuff, I wanted to highlight the CISO’s Guide to Generative AI and ChatGPT Enterprise Risks by the fine folks at Team8 with 30+ CISO contributors. It delves into the critical aspects of AI adoption, details the potential risks and attacks associated with such adoption, open-source alternatives, and even outlines critical questions you should be asking yourself about AI use in the enterprise.
Anyhow, the AI revolution is here and it’s not going anywhere. So, if you haven't boarded the AI train yet, now's the time to get on 🚂
DHS U.S. AI Task Force
In other big AI news, the Department of Homeland Security (DHS) just announced the creation of their first-ever AI Task Force. The 90-day department-wide sprint will focus on addressing China-related threats and boosting our nation's cybersecurity posture. While AI offers incredible potential for enhancing security measures, it also opens the door to new risks, such as threat actors leveraging ChatGPT to carry out sophisticated attacks. It's essential to national security for the U.S. to stay ahead of the curve and ensure AI is used responsibly for the greater good.
Speaking of national security and AI, Chinese cloud giant, Tencent Cloud is reportedly offering a deepfake creation tool to the public starting at $145USD. I’ve always been concerned with what will happen once deepfake technology reaches the hands of the masses. If you haven’t been paying attention to recent uptick in AI-fueled scams, all I have to say is we should be bracing ourselves for what’s to come.
Security Product Innovation
The AI Watch 👁️
This new section will cover all of the good, bad and ugly at the intersection of AI/ML implementation across security products. It’s purpose is to highlight how vendors are leveraging these advancements to make the world more secure.
NVIDIA has released NeMo Guardrails, an open-source toolkit aimed at developing trustworthy, safe, and secure LLM conversational systems. One of the critical features is the implementation of security guardrails. Since NeMo is open-source, it’s fully customizable allowing users to build guardrails specific to their use cases. Part of me wonders if this can stop ChatGPT from hallucinating 🤔
“These guardrails prevent LLMs from executing malicious code or calls to external applications, which could pose security risks. Since LLM applications can be an attractive attack surface when allowed to access external systems, security guardrails help provide a robust security model and mitigate potential LLM-based attacks as they are discovered.” - NVIDIA
Google Cloud has launched the Google Cloud Security AI Workbench, a new platform backed by the Sec-PaLM LLM which is specifically fine-tuned for security use cases. The model leverages Google’s massive trove of insights into the security landscape paired with Mandiant’s threat intelligence from being out in the trenches for nearly two decades. What stood out to me the most is that they may soon allow customers to privately connect their own data to the LLM. The new features and enhancements include:
Chronicle AI generates queries and detections from plain text.
Chronicle AI summarizes query results.
Mandiant Threat Intelligence AI summarizes key insights and Indicators of Compromise (IoCs) across reports.
Security Command Center Attack Path Simulation and AI-generated summaries.
VirusTotal AI-powered malware analysis.
Okay, Azure has Security Copilot and Google Cloud has the Security AI Workbench. The next question is, “Where is AWS???”
SentinelOne demonstrates AI-powered threat hunting with their release of Purple AI. One of the use cases highlighted is that it enables analysts to use prompts such as “Is my environment infected with SmoothOperator?”, or “Do I have any indicators of SmoothOperator on my endpoints?” to hunt for a specific named threat. Their announcement linked above has more details on their other use cases.
BigID launches BigAI, a privacy-by-design LLM designed to discover and protect sensitive data.
BigAI enables organizations to scan structured and unstructured data whether stored in the cloud or on-premises, using a mix of ML-driven classification and generative AI to suggest titles and descriptions for data tables, columns and clusters so they’re easier to locate via search. - VentureBeat.com
GitLab has introduced a new security feature that leverages AI to explain vulnerabilities to developers, streamlining the process of identifying and remediating security risks in code. Here’s the video demo.
Palantir demonstrates AI for warfare, showcasing cutting-edge technology that can assist in military strategy and decision-making. I won’t go into too much detail here since it’s technically not cybersecurity related but this one is pretty scary and something out of Black Mirror.
ReliaQuest has integrated AI capabilities into its GreyMatter platform, enabling organizations to enhance their threat detection, investigation, and response capabilities.
SecurityScorecard releases first GPT-4 security ratings platform at RSA Conference 2023, improving accuracy and coverage in evaluating cybersecurity risks.
OpenAI introduces new data controls for ChatGPT and previews a business-oriented version of the popular AI model.
A new plugin prevents employees from leaking sensitive data to AI chatbots, enhancing internal data protection.
Atlassian infuses generative AI into Confluence and Jira, improving collaboration and productivity on the platforms.
Dataminr's AI-powered cybersecurity offering provides actionable intelligence on real-time risks, enhancing organizational security.
Google's Bard launches a new feature for automatic code generation, assisting developers in creating efficient software.
Palo Alto Networks embraces AI/ML to automate OT security, leveraging advanced technologies to better protect operational technology environments from emerging threats and vulnerabilities.
KSOC has unveiled a security posture management platform for Kubernetes, addressing the growing need for robust container security. The platform provides continuous monitoring, policy enforcement, and automated remediation, empowering organizations to maintain a strong security posture across their containerized applications. The solution will also scan for vulnerabilities and generate software bills of materials (SBOMs).
Uptycs has launched the industry's first cloud security early warning system to help organizations proactively identify and respond to threats in cloud environments. This innovative solution leverages machine learning and behavioral analytics to detect anomalies and provide actionable insights, strengthening the overall cloud security posture.
VMware has unveiled a new suite of security solutions designed to better protect multi-cloud environments. The suite addresses the unique challenges of securing multi-cloud infrastructures by offering centralized policy management, automated threat detection, and response capabilities, allowing organizations to safeguard their data and resources across various cloud platforms.
AWS GuardDuty has expanded its capabilities to secure container, database, and serverless workloads. The enhancement demonstrates AWS's commitment to providing comprehensive security features for its users, allowing them to protect their workloads from potential threats and minimize the attack surface.
Dig Security announces a new integration with CrowdStrike, streamlining sensitive data threat detection, investigation, and response by combining Dig’s Data Security Platform expertise with CrowdStrike's Falcon.
The integration protects cloud data assets from malicious content with complete malware scanning from the CrowdStrike Falcon platform across: all cloud storage buckets, such as Amazon Simple Storage Service (Amazon S3), Azure Blob Storage, and Google Buckets; FileStores and other unstructured data stores that live in the cloud; and other IaaS, PaaS, and DBaaS providers, including Databricks, Oracle Cloud, and Snowflake. - DarkReading.com
Rubrik and Zscaler announce an integration to provide customers with secure access to Rubrik's cloud data management platform. The integration will combine insights from ZScaler’s Data Loss Prevention (DLP) solution and Rubrik Sensitive Data Monitoring & Management application for mutual customers.
BigID and Thales are collaborating to deliver comprehensive data protection and privacy compliance solutions, combining BigID's data discovery and classification capabilities with Thales' data protection and key management expertise.
CrowdStrike partners with Cribl to provide seamless data transit, enhancing security and visibility across enterprise environments while minimizing friction and improving data flow.
SentinelOne releases their Singularity Security DataLake which centralizes data and alerts from a number of security solutions in a cost-efficient manner along with the many other things practitioners can do with security data lakes.
Gurucul delivers data and cloud security advancements, enhancing their SIEM platform with improved threat detection and response capabilities for securing sensitive information.
Red Canary announces readiness for a proactive approach to security operations, enabling organizations to better prepare for and respond to potential cyber threats.
CrowdStrike introduces CrowdStream to accelerate and simplify XDR adoption, offering an open, flexible architecture that can easily integrate with existing security tools for more comprehensive threat protection.
Cisco unveils a solution to rapidly detect advanced cyber threats and automate response, providing insights from over 200 million endpoints for improved visibility and faster response times.
Apiiro launches an Application Attack Surface Exploration tool, enabling organizations to identify and mitigate risks in their application environment by analyzing attack surfaces and providing actionable insights.
So, for example, the app may incorporate OSS code with a known vulnerability that can only be exploited from the internet – but the code here is only deployed in an environment that is not internet connected. In this instance, the vulnerability exists, but is not a risk. - SecurityWeek.com
Apigee introduces new AI-enhanced API security features, leveraging machine learning to identify and block suspicious activities and improve overall API security.
Software Supply Chain Security
Phylum adds Open Policy Agent to its open-source analysis engine, enhancing its ability to discover and manage security risks in open-source software by implementing policy-based governance.
Akamai introduces Prolexic Network Cloud Firewall, a scalable and comprehensive solution designed to safeguard organizations against DDoS attacks and other network threats.
Akamai introduces new cloud firewall capabilities to protect the network edge, offering advanced security features and granular controls to safeguard organizations from evolving threats.
ExtraHop expands detection coverage with new NDR solutions, enhancing threat visibility and response times for organizations focusing on securing hybrid environments.
Skyhigh Security announces updates to its product portfolio at RSA 2023, improving cloud security and threat intelligence capabilities to better protect enterprises from advanced threats.
That wraps up our 4th and longest issue of the Cybersecurity Innovation Pulse. While this one took a bit out of me, it was an exhilarating journey catching up with what the industry has been up to and providing you a recap of all the product news from RSA. If you enjoyed the content and gained value from it consider becoming a paid subscriber to gain access to our archive, and exclusive posts. You can also buy me a coffee ☕ or 3 if subscriptions are not your thing! In any case, I hope you have a wonderful week. Until next time!