Aside from the more than 500 sessions and vast exhibit halls overflowing with vendors and attendees, the RSA Conference is also a place where vendors choose to make announcements of all sorts.
During RSA Conference 2019, which runs from March 4-8 in San Francisco, announcements of new products, partnerships, research and strategic direction are happening at a dizzying rate. Much of the news occurs during the first two days of the event. Among the news announcements from the first day of this year's conference are a number of new cybersecurity products spanning email security, container security, threat detection, SIEM, endpoint detection and response (EDR), and cloud security.
In this eSecurity Planet overview, we highlight 10 of those products.
- Awake Security
- Fidelis Cybersecurity
- RSA Security
Awake announced updates to its namesake network traffic analysis platform, including the addition of a privacy-aware artificial intelligence capability the company calls "Ava."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
The Ava system helps organization identify complex attacks and then respond with automatic threat validation and triage. The new release of the Awake platform also provides new visualization of incidents that include automated correlation of different parameters. The company is also touting the product's ability to help with regulatory compliance.
"Importantly, we designed Ava as an expert system that uses federated machine learning," said Rahul Kashyap, president and CEO of Awake Security. "This has the added benefit of delivering powerful capabilities while always keeping identifiable information within the customer environment."
BigID was the big winner at the 2018 RSA Conference, winning the Innovation Sandbox award. For 2019, the data privacy vendor is back, this time announcing new data access intelligence capabilities.
BigID's technology platform helps organizations discover personally identifiable information from both unstructured and structured data. The new data access capabilities make it easier for organizations to also understand how personal data is used.
"BigID's Data Intelligence Platform was created to provide a first-of-its-kind identity-centric view of data necessary to meet emerging privacy regulations like GDPR and California Consumer Privacy Act," said Nimrod Vax, BigID's Co-Founder and Chief Product Officer. "With the new access intelligence enhancements, BigID provides security and risk professionals new insight into what and whose data they collect and process, as well as what employees and systems have access to that data."
CrowdStrike announced that it is extending its Falcon Endpoint Detection and Response (EDR), with a new edition for mobile devices.
The new version of Falcon will give organizations the ability to identify, investigate and remediate threats on mobile devices. The Falcon mobile makes use of a lightweight agent that CrowdStrike says will only have a nominal impact on mobile device battery life.
"We continue to expand the capabilities of the CrowdStrike Falcon platform, leveraging its cloud-native architecture built to protect the endpoint and stop the breach on every platform – workstations, servers, cloud workloads, containers, and now also mobile devices," said George Kurtz, CrowdStrike’s co-founder and CEO. "With today’s announcement of Falcon for Mobile, customers will be able to leverage the industry-leading features of the CrowdStrike Falcon platform — EDR, managed threat hunting, single agent architecture, and massive threat telemetry — to effectively defend enterprise mobile devices."
CyberArk announced version 10.8 of its Privileged Access Security Solution, which adds new features to help organizations automatically and continuously identify privileged accounts in the Amazon Web Services (AWS) cloud.
CyberArk's technology fits into a category often referred to as privileged access management (PAM). As part of the new update, CyberArk is also integrating automated privileged account exploit detection and response capabilities.
"Security leaders are facing a dramatic increase in speed along two dimensions – the ability to spin up new and potentially vulnerable accounts in the cloud and the time it takes attackers to gain command and control once they've gained a foothold in an environment," stated Nir Gertner, chief security strategist at CyberArk. "Speed is critical and security leaders who leverage automation and intelligence will have more success protecting their organizations under these conditions."
Fidelis Cybersecurity announced a new update of its Elevate platform that integrates several components, including endpoint, network and deception capabilities.
With the Fidelis Endpoint component enhanced visibility is now included to help organization identify software inventory and potential vulnerabilities. Fidelis Network gains new visibility into encrypted traffic threats, while the Fidelis Deception components add new flexible decoys to help trick potential attackers.
"Collecting logs, events, and alerts actually slows their ability to detect, hunt, and respond properly," said Nick Lantuh, President and CEO of Fidelis Cybersecurity. "Instead, organizations need rich, indexable metadata that provides the necessary content and context for deep visibility, an understanding of their cyber terrain, and the ability to rapidly and accurately respond."
FireEye announced a major new update of its FireEye Email Security technology, integrating secure email gateway (SEG) functionality into the platform.
Among the enhanced capabilities in FireEye Email Security are antivirus, anti-spam, and signature-based anti-malware. Additionally, organizations now get impersonation protection for email to help combat email impersonation fraud attacks.
"Our full secure email gateway protects organizations from inbound email attacks as well as outbound email exfiltration," said Ken Bagnall, Vice President of Email Security at FireEye. "This advanced level of protection is critical in defending against today's evolving threat landscape, as spearphishing, ransomware and impersonation attacks continue to rise."
While many attendees at the RSA Conference often just refer to the event as RSA, it's important to remember that RSA Security is the headline sponsor of the event and always makes its own news at the conference.
RSA Security announced a new version of its NetWitness SIEM (security information and event management) platform, providing new integrations and capabilities for UEBA (user and entity behavior analytics). RSA Security's Archer risk management platform is also getting an update, with new features designed to enable automated risk identification and assessment.
"Every day, organizations take on new and ambitious digital transformation initiatives in order to improve customer experiences, create competitive advantage and drive profitable growth," stated RSA President Rohit Ghai. "Digital transformation fundamentally changes the risk equation; more data means a heightened exposure to cyber threats and ever-changing regulatory requirements."
Scytale announced its first commercial product at the RSA Conference. Scytale Enterprise is a cloud native service authentication technology that is based on the Secure Production Identity Framework for Everyone (SPIFFE) project, which is part of the Cloud Native Computing Foundation (CNCF). In addition to SPIFFE, Scytale leads development of the related SPIRE (the SPIFFE Runtime Environment) open source effort as well.
With the new enterprise product, Scytale is providing commercial support and policy-derived automated lifecycle management on top of SPIFFE to help organizations manage service identities in the cloud.
"Shepherding the SPIFFE and SPIRE open-source projects was Scytale's first step toward helping expedite that journey," said Sunil James, CEO of Scytale. "Scytale Enterprise is the second step, empowering our Fortune 1000 customers to easily and rapidly extend their existing on-premises service authentication frameworks to their burgeoning public cloud infrastructure."
Twistlock got its start as a container security platform vendor, but with its new 19.03 release, the company is now able to protect hosts, containers and serverless in a single platform.
The Twistlock 19.03 update also integrates host file integrity monitoring as well as host forensics. Additionally, there is a runtime application self-protection (RASP) feature, called RASP Defender, to help protect container images running in various types of environments.
"While many security providers already offer products that can run in VMs, they're often just rehashed legacy endpoint protection and are not optimized for the kind of automation and statelessness that defines cloud native," said John Morello, chief technology officer at Twistlock. "This latest release of Twistlock provides vulnerability management, compliance, runtime defense, firewalling and access control across all VMs in all clouds."
VMware used the RSA Conference to announce its new VMware Service-defined Firewall capability.
The service-defined firewall is an automated approach to build and deploy firewall policies for VMware's NSX network virtualization platform, working alongside the ESX server virtualization platform.
"Intrinsic security takes advantage of the unique attributes that are built in to the virtualization platform, allowing us to create very new and unique security services," stated Tom Gillis, senior vice president and general manager of the networking and security business unit at VMware. "The new VMware Service-defined Firewall is focused on internal network firewalling and changes the game by validating known good application behavior, rather than chasing threats.”
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.