Black Hat USA 2023 served as launchpad for a host of cybersecurity products and services, with many notable vendors as well as up-and-coming startups showcasing their innovations at the annual conference, held this week in Las Vegas.
The CSO team has put together a list highlighting the most significant debuts at the show — which, along with the RSA Conference, is one the premier global cybersecurity events. This summary of top security technology illustrates the diversity of security products at the show, including generative-AI based cybersecurity tools, extended detection and response (XDR) software, threat hunting and Security Operations Center (SOC) automation, application security products, and vulnerability management programs.
Cycode: Extended ASPM, IDE plugin
Cycode, an application security posture management (ASPM) system, has expanded its hard-coded secrets detection capabilities to encompass support for Confluence, AWS S3 buckets, and Azure environments, as well as a new IDE plugin for integration with VS Code. The plugin helps developers detect as well as remediate hard-coded secrets from within one system. Additionally, a new Cycode-Azure collaboration allows Cycode Cimon — a free CI monitoring solution designed to secure CI/CD pipelines — to operate with Azure DevOps pipelines to enable SLSA (Supply Chain Levels for Software Artifacts) attestation generation. All new capabilities will be available immediately after Cycode’s showcases them from booth #1875 at the event. Cycode did not immediately disclose pricing for the new capabilities.
Netrise: New SBOM features and KEV support
NetRise has added ingestion support for two major software bill of materials (SBOM) formats, SPDX and CycloneDX, to its namesake extended internet of things (XIoT) security platform. The features allow users to export data in either format and is designed to enrich SBOMs with vulnerability information. Overlaying CISA’s key exploited vulnerabilities (KEV) catalog data on the information gathered in the platform can help to simplify identifying, addressing, and prioritizing known exploits, according to the company. The new features are included in the current pricing model for no additional charges and will be available from August 9. The company showcased the features at booth #SC118.
ThreatConnect: Intelligence requirement capabilities
ThreatConnect has enhanced its machine-learning powered TI Ops Platform for threat intelligence operations with new intelligence requirement capabilities. The new feature is aimed at helping customers define, manage, and track their intelligence requirements (IRs), priority intelligence requirements (PIRs) and requests for information (RFIs), and solve the problem of threat intelligence being produced ad-hoc and siloed without input from stakeholders. It’s designed to give security professionals the ability to create optimally defined requirements and use them to identify relevant intelligence within the customer’s own threat library and ThreatConnect’s global intelligence system. The capability is included within the current pricing model and is available to existing and new customers from August 7. ThreatConnect demonstrated the capability from booth #2940 at Black Hat.
Ironscales: Phishing Simulation Testing, ADE
GPT-powered phishing simulation testing (PST), now in beta launch, is designed to help employers generate highly personalized spear-phishing simulation campaigns to combat hard-to-detect, advanced phishing attacks. Phishing simulation messages are crafted utilizing PhishLLM, Ironscales’ proprietary LLM trained on Ironscales’ community data, which is part of the Ironscales multimodule platform. Additionally, accidental data exposure (ADE) is being rolled out as Ironscales’ new capability for alerting employees when they send potentially sensitive information. Ironscales showcased the new capabilities in booth #2810D and has made them available under beta to limited users until general availability planned for later this year. Pricing for the capabilities is to be decided based on the feedback from the beta launch.