New infosec products of the week: February 3, 2017
New approach to continuous Docker container security
NeuVector’s solution for container security is itself a container. The application automatically learns and whitelists normal behavior to protect environments even as containers scale up and down. Through this built-in continuous application and network intelligence, it provides application layer segmentation that isolates container traffic. Any abnormal connections can then be detected and blocked before causing harm. NeuVector completes its solution with runtime vulnerability scanning across all running containers and hosts, and includes threat detection for attacks such as DDoS, DNS, and others.
Aqua Security introduces container-level network nano-segmentation
Aqua Security released version 2.0 of its Container Security Platform (CSP), which features automated nano-segmentation of container network traffic, cross-platform secrets management, and sensitive data discovery. Other enhancements include management by labels, integration with Atlassian Jira, and large-scale vulnerability scanning.
Fidelis Cloud: Next generation IPS delivered from the cloud
Fidelis Cloud combines the automation, detection and analytic capabilities of Fidelis Network with a cloud-delivered subscription model. It’s offered as an annual subscription and priced based on the total protected network bandwidth and the number of days of historical information available for look-back detection and investigations. Fidelis Cloud sees the inbound and outbound communication stream up and down the entire network stack, which allows it to detect and prevent attacks at all stages of an intrusion – not just the initial exploit.
Skyhigh Networks unveils integration with Slack Enterprise Grid
Skyhigh for Slack is a security and compliance integration for Slack Enterprise Grid, which allows IT teams to apply data loss prevention (DLP) policies, address threats from insiders and compromised accounts, audit all user activity, and secure corporate data as employees collaborate.
ThreatConnect provides intelligence through global context with ThreatAssess and CAL
ThreatConnect introduced two new features designed to help organizations make decisions based on the threat intelligence: ThreatAssess and ThreatConnect’s CAL (Collective Analytics Layer). ThreatAssess distills multiple factors down to a single, actionable score based on an indicator’s average threat and confidence rating across all sources, false positive votes, and recent activity from your sensors. ThreatConnect’s CAL provides anonymized, crowdsourced intelligence: leveraging the collective insight of the more than 10,000 analysts worldwide.
New release of FinalCode extends enterprise file collaboration security
FinalCode announced a new release of its persistent, file-centric information rights management (IRM) solution that protects files wherever they go, inside and outside of the organization. FinalCode 5.2 is packed with security and usability features. Highlights include a FinalCode file preview capability in Box, enhanced support for EMC storage and macro-enabled Office files and screen watermarking.
Tenable.io cloud platform debuts asset-based licensing
Tenable.io delivers broad coverage for visibility into the security status of modern IT infrastructure. Auditing and assessment capabilities help customers identify and remediate vulnerabilities across more technologies, including containers, web applications and cloud instances. The Tenable.io vulnerability management solution is licensed by assets instead of IP addresses.
Vaultize adds new data-compliance and data-governance tools
The Vaultize platform allows enterprises to create an auditor role and manage and maintain compliance-friendly workflows and collect and package data in an e-discovery process. Auditors can be given access to an organization’s data without the possibility of interference even from administrators, guaranteeing compliance with most data-governance requirements. Administrators will be able to control (and even mandate) formatting and wording of subject lines of emails sent internally and externally, the content of messages sent with secured data and the expiry of shared data.
Threat Catalogue: Healthcare cyber risk management
HITRUST created a Threat Catalogue to aid healthcare organizations in improving their information security posture by better aligning cyber threats with HITRUST CSF risk factors and controls. By integrating analyses with relevant regulatory requirements and best practices, the HITRUST CSF provides an industry-driven standard of due care and due diligence for healthcare information that has become the most widely used in healthcare.