Cybersecurity Innovation Pulse #45: 60+ Product Announcements at RSA. AI-Pocalypse. Recentering.
Covering May 2nd - May 11th, 2024
Welcome to Issue 45 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
AI Rant 🙂
Okay, I’m back in the saddle after a great week in SF for BSides/RSAC. Much like last year, the term ‘AI’ was sprinkled everywhere. "AI-TiSM", "AI-enabled", "AI-powered", “AI-infused”, “AI-fusion”… You get the point. Newsflash: CISOs and security leaders are pretty sick of it from what I gathered through my conversations.
If your product is not using AI in some fashion in 2024, I’d be surprised. Imo, it’s best to keep it out of marketing material or use it sparsely unless the technology is exposed to the end user, in which case you’re better off calling it exactly what it is (e.g., Copilot, code summarizer, etc.). And of course, if your product is helping secure AI builds and deployments, then you get a pass for using ‘AI’ in your marketing copy😉
People want to know what problems you can solve for them and how well. All else is noise.
Onward
Anyhow, I had a blast catching up with some of the TCP community and chatting with a few creators. These discussions and feedback have led me to narrow down the newsletter to focus solely on innovation in the security product landscape.
There are already great creators covering different areas extremely well. For example, Mike Privette covers all things security funding, M&A, and stocks.
However, there is nobody covering all the innovation happening in the product realm on a weekly basis. Since Day 1, this has been TCP’s core focus. Innovation in security products and technological progress/breakthroughs (e.g., Causal AI) that may eventually be productized. It feels good to be honing it back in and writing for product builders, buyers, and investors.
Untangling RSA Announcements
Coming off the heels of RSA, we have over 60+ product announcements (🤯) to dig through compared to 15-20 on an average week. To make things easier on both of us, I’ve split things out into categories and will only double click on the announcements that I found most interesting.
Now, let’s make sense of what transpired last week!
AI Security
Protect AI Launches Public AI/ML Vulnerability Database
Protect AI has released Sightline which is a publicly available vulnerability database focused on vulns discovered in the AI/ML ecosystem. The DB has over 200 vulns and is fed with many of the vulns discovered through Protect AI’s bug bounty program, Huntr.
I love the community-driven approach Protect AI is taking to AI security. They’ve released 3 open-source security tools, acquired the only AI/ML bug bounty hunting platform (Huntr), they are championing MLBOMs, and now they’ve released Sightline which should become a core vulnerability feed for any team securing AI. Kudos to them! 🎉
Source: Protect AI
Rest of AI Security-related product announcements ⬇️
Eclypsium Adds Protection For GenAI Hardware Infrastructure (🔥)
Microsoft Adds AI Security Capabilities to Defender for Cloud and Purview
Legit Security Bolsters AI Supply Chain Security with Risky Model Detection
Varonis Adds AI Prompt Monitoring To Prevent Malicious Copilot Activity
Application Security
ArmorCode Introduces AI Correlation Feature
It’s no secret that AppSec is a shit show. One of the biggest pain points is noise (i.e., false positives, duplicate findings, non-critical “critical” findings etc.). ArmorCode’s new AI Correlation feature aims to help make AppSec easier by using ML and NLP to identify and correlate high-signal findings across an enterprise’s AppSec tools ecosystem to de-duplicate findings, identify root causes of vulnerabilities, and prioritize the most critical issues. This is the type of “cross-pollination” between point solutions that I referred to in this post.
This is a great, practical AI use case that is repeatable wherever there is often tool capability overlap in an enterprise (i.e., IAM, CSPM).
Source: ArmorCode
Ghost Security Announces API-focused Threat Intel Feed
Ghost has launched Phantasm.
Phantasm is a curated global threat intelligence network created by Ghost Labs that focuses solely on detecting attackers targeting API and specific web applications and their vulnerabilities. Real-time insights are delivered to consumers to proactively block or alert on malicious activity that may target their organizations' application infrastructure.- Ghost
Most threat intel is noise and not relevant/actionable to security teams, especially open-source intel feeds. Part of the reason why is the sheer volume, lack of context, and difficulty in integrating feeds into the SOC’s workflows.
That said, I think threat intel feeds that are hyper-focused on a specific domain and actively curates by researchers in the space is a huge step in the right direction. While Phantasm isn’t GA yet, you can sign up for early access here.
Source: Ghost
Rest of AppSec-related product announcements ⬇️
Cloud Security
RAD Security Launches Behavioral Fingerprinting for Detection & Response
Securing cloud-native (K8s, containers, serverless) environments is hard due to the ephemeral nature of assets, different way of managing access + network security and several other factors. One startup that is going deep in this space and bringing new capabilities to the market is RAD Security. Below is a snippet describing their newest feature:
…Any drift from this core set of behaviors (baseline) is suspicious. RAD fingerprints get critical context from its ITDR and KSPM capabilities to help reduce noise and allow teams to understand the true impact of detections, compared to leading CSPM and CNAPP vendors that leave teams blind to the real-time changes between cloud native identity, infrastructure, and workloads.
Another thing to call out is how they’re leveraging signals from their other point solutions/modules to reduce the risk of surfacing false positives. Easier said than done but this is the way 🧙🏼
Source: EIN News
SentinelOne GA’s Their CNAPP Platform
SentinelOne (S1) became who they are today mostly because of their EDR solution and over the past couple of years they’ve begun expanding coverage across multiple security domains including identity, cloud, IR, and data security.
During RSA, they announced the general availability of their CNAPP platform which is built on top of PingSafe which they acquired in Jan. of this year. Quick turnaround time to integrate a product into their platform so kudos to them!
In a world where almost every vendor seems to have a CNAPP, I would love to see how S1’s compares to Wiz’s and PANW’s CNAPPs.
Source: BusinessWire
Rest of cloud security-related product announcements ⬇️
CrowdStrike Adds Attack Path Analysis Support For More AWS Services
CrowdStrike Adds Support for Azure To Their Cloud Detection & Response (CDR)
Cisco Introduces Hypershield And Adds New Features To Its Security Cloud
Dynatrace Launches Their Kubernetes Security Posture Management (KSPM)
Data Security
Digital Forensics & Incident Response (DFIR)
Email Security
Governance, Risk, and Compliance (GRC)
Identity and Access Management (IAM)
Token Security Emerges From Stealth
Token Security, another startup tackling the machine identity problem that has risen to prominence with the cloud. I haven’t done too much digging in this space but as shown in the meme above, this area is ripe for consolidation. Anyways, kudos to the Token team! Execution is the name of the game and time will tell who the winners are and security is never a ‘Winner takes all’ market.
Source: DarkReading
Rest of identity security-related product announcements ⬇️
IoT/OT Security
Cyolo and Dragos partner to bring a remote access solution for ICS/OT
Claroty launches cyber-physical system (CPS) Exposure Management Solution
SaaS Security
Abnormal Adds SaaS Account Takeover Protection
Not typically a domain they focus on, but they’re well positioned to handle SaaS security, imo.
Security Operations
CrowdStrike launches Falcon for Defender 👀
CrowdStrike basically launched a SKU of their endpoint solution that is hyper-focused on stopping attacks that evade detection by Microsoft Defender for Endpoint and they didn’t even sugarcoat it lol. Given Microsoft’s recent history and George Kurtz’ criticism of them over the past couple of years (1, 2), this does not come as much of a surprise, but still it’s a very ballsy thing to do.
Source: CrowdStrike
Rest of SecOps-related product announcements ⬇️
Extras🎬
Inside The Network Podcast w/ Dmitri Alperovitch, Sid Trivedi and
A SaaS Security Challenge: Getting Permissions All in One Place
Bye For Now!
Nos vemos la próxima semana! 🚀