Welcome to Issue 45 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀

AI Rant 🙂

Okay, I’m back in the saddle after a great week in SF for BSides/RSAC. Much like last year, the term ‘AI’ was sprinkled everywhere. "AI-TiSM", "AI-enabled", "AI-powered", “AI-infused”, “AI-fusion”… You get the point. Newsflash: CISOs and security leaders are pretty sick of it from what I gathered through my conversations.

If your product is not using AI in some fashion in 2024, I’d be surprised. Imo, it’s best to keep it out of marketing material or use it sparsely unless the technology is exposed to the end user, in which case you’re better off calling it exactly what it is (e.g., Copilot, code summarizer, etc.). And of course, if your product is helping secure AI builds and deployments, then you get a pass for using ‘AI’ in your marketing copy😉

People want to know what problems you can solve for them and how well. All else is noise.

Onward

Anyhow, I had a blast catching up with some of the TCP community and chatting with a few creators. These discussions and feedback have led me to narrow down the newsletter to focus solely on innovation in the security product landscape.

There are already great creators covering different areas extremely well. For example, Mike Privette covers all things security funding, M&A, and stocks.

Untangling RSA Announcements

Coming off the heels of RSA, we have over 60+ product announcements (🤯) to dig through compared to 15-20 on an average week. To make things easier on both of us, I’ve split things out into categories and will only double click on the announcements that I found most interesting.

Now, let’s make sense of what transpired last week!

AI Security

Protect AI Launches Public AI/ML Vulnerability Database

Protect AI has released Sightline which is a publicly available vulnerability database focused on vulns discovered in the AI/ML ecosystem. The DB has over 200 vulns and is fed with many of the vulns discovered through Protect AI’s bug bounty program, Huntr.

I love the community-driven approach Protect AI is taking to AI security. They’ve released 3 open-source security tools, acquired the only AI/ML bug bounty hunting platform (Huntr), they are championing MLBOMs, and now they’ve released Sightline which should become a core vulnerability feed for any team securing AI. Kudos to them! 🎉

Source: Protect AI

Rest of AI Security-related product announcements ⬇️

1. Eclypsium Adds Protection For GenAI Hardware Infrastructure (🔥)

2. Microsoft Adds AI Security Capabilities to Defender for Cloud and Purview

3. Legit Security Bolsters AI Supply Chain Security with Risky Model Detection

4. Cranium Launches AI Exposure Management Solution

5. Vectra AI Enhances Its AI Security Offering

6. LogicGate Unveils AI Governance Solution 

7. Varonis Adds AI Prompt Monitoring To Prevent Malicious Copilot Activity

8. Aqua Security Releases Its LLM Security Solution

9. Checkmarx launches AI security offering

Application Security

ArmorCode Introduces AI Correlation Feature
It’s no secret that AppSec is a shit show. One of the biggest pain points is noise (i.e., false positives, duplicate findings, non-critical “critical” findings etc.). ArmorCode’s new AI Correlation feature aims to help make AppSec easier by using ML and NLP to identify and correlate high-signal findings across an enterprise’s AppSec tools ecosystem to de-duplicate findings, identify root causes of vulnerabilities, and prioritize the most critical issues. This is the type of “cross-pollination” between point solutions that I referred to in this post.

This is a great, practical AI use case that is repeatable wherever there is often tool capability overlap in an enterprise (i.e., IAM, CSPM).

Source: ArmorCode

Ghost Security Announces API-focused Threat Intel Feed
Ghost has launched Phantasm.

Most threat intel is noise and not relevant/actionable to security teams, especially open-source intel feeds. Part of the reason why is the sheer volume, lack of context, and difficulty in integrating feeds into the SOC’s workflows.

That said, I think threat intel feeds that are hyper-focused on a specific domain and actively curates by researchers in the space is a huge step in the right direction. While Phantasm isn’t GA yet, you can sign up for early access here.

Source: Ghost

Rest of AppSec-related product announcements ⬇️

1. CrowdStrike GA's Falcon ASPM

2. Salt Launches AI-infused API Security Protection Platform

3. OX Security Launches Attack Path Reachability Analysis

4. Cequence Adds ML Security Features To API Security Platform

5. F5 Announces New API + AppSec Capabilities

6. Dazz Launches AI-Powered Automated Remediation for ASPM

7. Code42 Releases Dashboard for Managing Source Code Risks

Cloud Security

RAD Security Launches Behavioral Fingerprinting for Detection & Response

Securing cloud-native (K8s, containers, serverless) environments is hard due to the ephemeral nature of assets, different way of managing access + network security and several other factors. One startup that is going deep in this space and bringing new capabilities to the market is RAD Security. Below is a snippet describing their newest feature:

Another thing to call out is how they’re leveraging signals from their other point solutions/modules to reduce the risk of surfacing false positives. Easier said than done but this is the way 🧙🏼
Source: EIN News

SentinelOne GA’s Their CNAPP Platform

SentinelOne (S1) became who they are today mostly because of their EDR solution and over the past couple of years they’ve begun expanding coverage across multiple security domains including identity, cloud, IR, and data security.

During RSA, they announced the general availability of their CNAPP platform which is built on top of PingSafe which they acquired in Jan. of this year. Quick turnaround time to integrate a product into their platform so kudos to them!

In a world where almost every vendor seems to have a CNAPP, I would love to see how S1’s compares to Wiz’s and PANW’s CNAPPs.

Source: BusinessWire

Rest of cloud security-related product announcements ⬇️

1. Palo Alto Networks Adds Copilot to Prisma Cloud

2. CrowdStrike Adds Attack Path Analysis Support For More AWS Services

3. CrowdStrike Adds Support for Azure To Their Cloud Detection & Response (CDR)

4. Cisco Introduces Hypershield And Adds New Features To Its Security Cloud

5. Dynatrace Launches Their Kubernetes Security Posture Management (KSPM)

Data Security

1. Trellix Adds New Features to Its Database Security Product

2. Relyance AI Launches Asset Intelligence x DSPM

3. BigID Adds ‘AI-Guided’ Remediation Features

4. Sentra Launches DataTreks and Adds More On-Prem Coverage

5. Forcepoint Launches ONE Data Security

Digital Forensics & Incident Response (DFIR)

1. Cado Security launches solution for forensic investigations in distroless container environments

Email Security

1. Proofpoint Adds Adaptive Threat Protection Capabilities Across the Entire Email Delivery Chain

2. Abnormal Security Adds A Email Security Copilot

Governance, Risk, and Compliance (GRC)

1. Arctic Wolf releases risk assessment tool

2. CyberSaint launches NIST CSF benchmarking feature

Identity and Access Management (IAM)

Token Security Emerges From Stealth

Token Security, another startup tackling the machine identity problem that has risen to prominence with the cloud. I haven’t done too much digging in this space but as shown in the meme above, this area is ripe for consolidation. Anyways, kudos to the Token team! Execution is the name of the game and time will tell who the winners are and security is never a ‘Winner takes all’ market.
Source: DarkReading

Rest of identity security-related product announcements ⬇️

1. Saviynt unveils Identity Cloud 

IoT/OT Security

1. Cyolo and Dragos partner to bring a remote access solution for ICS/OT

2. Claroty launches cyber-physical system (CPS) Exposure Management Solution

SaaS Security

1. AppOmni launches Zero Trust Posture Management

2. Abnormal Adds SaaS Account Takeover Protection

   1. Not typically a domain they focus on, but they’re well positioned to handle SaaS security, imo.

Security Operations

CrowdStrike launches Falcon for Defender 👀

CrowdStrike basically launched a SKU of their endpoint solution that is hyper-focused on stopping attacks that evade detection by Microsoft Defender for Endpoint and they didn’t even sugarcoat it lol. Given Microsoft’s recent history and George Kurtz’ criticism of them over the past couple of years (1, 2), this does not come as much of a surprise, but still it’s a very ballsy thing to do.

Source: CrowdStrike

Rest of SecOps-related product announcements ⬇️

1. Sumo Logic adds new capabilities to log analytics platform

2. ExtraHop Introduces AI-Driven SOC Workflows

3. Microsoft Adds 15 New Security Copilot Plugins

4. SecurityScorecard Unveils Heid AI for Breach Prediction

5. Datadog Launches New Event Management Features

6. Recorded Future Upgrades Threat Intelligence Platform

7. Anomali Introduces Their Copilot

8. Splunk Releases Asset and Risk Intelligence Module

9. Palo Alto Networks Releases ‘Precision AI’ Across Their Platform Portfolio

10. Hunters Fully Adopts OCSF, Adds Native Search Feature

11. Elastic Introduces ‘AI-Driven’ Security Analytics for SIEM

12. Graylog v6.0 Adds New TDIR Capabilities

13. Expel Launches New MDR Offerings

Extras🎬

1. Why RAG won’t solve generative AI’s hallucination problem

2. Dark Reading Confidential: The CISO and the SEC Podcast Ep.

3. Inside The Network Podcast w/ Dmitri Alperovitch, Sid Trivedi and

   Ross Haleliuk

4. A SaaS Security Challenge: Getting Permissions All in One Place 

Bye For Now!

Nos vemos la próxima semana! 🚀

Share