Infosec products of the month: November 2022
Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Acronis, Bearer, Bitdefender, Clumio, Cohesity, Flashpoint, Forescout, ForgeRock, ImmuniWeb, Keyo, Lacework, LOKKER, Mitek, NAVEX, OneSpan, Persona, Picus Security, Qualys, SecureAuth, Solvo, Sonrai Security, Spring Labs, Tanium, Tresorit, and Vanta.
Qualys TotalCloud with FlexScan helps enterprises strengthen cloud-native security
Qualys announced TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage of cloud-native posture management and workload security across multi-cloud and hybrid environments. TotalCloud automates inventory, assessment, prioritization and risk remediation via an easy-to-use drag-and-drop workflow engine for continuous and zero-touch security from code to production cloud applications.
OneSpan DIGIPASS CX defends enterprises against social engineering fraud
DIGIPASS CX2 can be used for authentication, transaction authorization, document signing, and digital ID credential storage. The solution supports multiple authentication methods, including FIDO2 and OATH. Organizations can secure their applications and services using the appropriate protocol for each environment.
Forescout Continuum Timeline accelerates threat detection for cybersecurity teams
Forescout Technologies released its latest Continuum platform update which includes Forescout Continuum Timeline, a new cloud-native solution that provides long-term retention, search, and analytics of asset data. Timeline enables enterprises to meet compliance and audit requirements, better support incident investigations, and to identify risks and gaps to help prioritize preventative measures.
Tanium Software Bill of Materials identifies software supply-chain vulnerabilities
Tanium released a new capability called Tanium Software Bill of Materials (SBOM) to help customers identify third-party libraries associated with software packages. Tanium SBOM utilizes a single Tanium agent to deliver real-time visibility into complex software environments, enabling organizations to make better-informed decisions around managing endpoint risk.
Persona releases unified identity platform to help businesses fight fraud
Persona has launched the next evolution of its unified identity platform to help businesses mitigate online fraud and meet ever-evolving compliance standards. The new Persona platform connects, centralizes and orchestrates all fragmented identity data, disparate systems and identity operations under a single infrastructure.
NAVEX IRM Out-of-the-Box accelerates third party and IT risk management
NAVEX released NAVEX IRM (Integrated Risk Management) Out-of-the-Box solutions to help organizations stand-up IT and third party risk management programs. The solution enables program managers to simplify their program and begin mitigating risk with pre-defined and configurable data libraries and organizational hierarchy creation.
Bitdefender Chat Protection defends users from cybercriminal activities targeting mobile devices
Bitdefender unveiled a real-time chat protection capabilities for mobile-based instant messaging applications. Chat Protection continuously monitors chat sessions alerting users of suspicious links that might attempt to steal financial data, credentials and other sensitive information.
Mitek MiPass combines voice and face recognition to strengthen digital security
Mitek launches Mitek MiPass – a passwordless identity authentication solution that allows a person to access digital accounts securely using two features that are uniquely theirs: voice and face. MiPass enables users to access digital accounts by taking a selfie and speaking a phrase with their phone.
Tresorit adds eSignature function to secure sensitive information and documents
Tresorit has expanded its portfolio of integrated solutions tailored to the US market, supplementing its secure workspace and email encryption plugins with eSignature capabilities. The portfolio of secure solutions now includes Tresorit eSign where people can sign documents in the form of a simple electronic signature (SES). The signature of the contracting party is logically linked to the respective document to document his agreement with the content.
Flashpoint’s ransomware prediction model enables security teams to remediate vulnerabilities
Flashpoint’s ransomware prediction model determines a Ransomware Likelihood rating that’s derived from a combination of factors, including exploit availability, attack type, impact, disclosure patterns, and other characteristics captured by VulnDB. This intelligence is critical to vulnerability management teams who often lack the resources and context they need to efficiently prioritize and patch tens of thousands of vulnerabilities disclosed every year.
ImmuniWeb Community Edition 2.0 helps users accelerate and automate security testing
With the average number of daily tests attaining 200,000 during peak days, ImmuniWeb Community Edition 2.0 has been optimised so that it conducts tests much faster than previously, and brings new features and functionalities to its users. The update also includes numerous additional security checks for the free tests, bringing more actionable insights about security, privacy and compliance misconfigurations.
Acronis Advanced Security + EDR improves threat detection for IT teams
Following industry-established standards and mapping to the MITRE ATT&CK framework, Acronis Advanced Security + EDR simplifies the complex solutions required to keep pace with today’s sophisticated threat landscape. It does this by leveraging its unified platform approach which allows IT teams to detect and understand advanced attacks, and then recover using features like attack-specific, one-click rollback.
Picus Complete Security Validation Platform strengthens organizations’ cyber resilience
The new Picus Complete Security Validation Platform levels up the company’s attack simulation capabilities to remove barriers of entry for security teams. It enables any size organization to automatically validate the performance of security controls, discover high-risk attack paths to critical assets and optimize SOC effectiveness.
Vanta Access Reviews empowers organizations to identify risk and revoke unauthorized usage
Vanta’s Access Review solution is an integrated SaaS tool that removes the need for spreadsheets and back-and forth-emails with internals and auditors. It includes pre-built system integrations to automatically consolidate live access data from all systems, intuitive reviewer workflows to approve/deny access, remediation management to assign tasks to owners, and reporting for both executives and auditors.
Lacework enhances CNAPP capabilities with attack path analysis and agentless vulnerability scanning
Lacework announced new cloud-native application protection platform (CNAPP) capabilities for the Polygraph Data Platform that provide improved attack path analysis and agentless workload scanning for secrets and vulnerabilities. Customers can now assess vulnerabilities and exposed secrets in container images, hosts, and language libraries and deliver a software bill of materials for their runtime environment.
Keyo Network improves security for people and businesses with palm scanning technology
Keyo launches Keyo Network, allowing anyone to verify who they are and access what is theirs with a contactless scan of their hand, giving people the power to open doors, pay at stores, redeem tickets, and more without needing phones, fobs, cards, or keys.
Cohesity DataHawk enables organizations to recover from cyber incidents
Cohesity DataHawk provides multiple cloud service offerings designed to deliver comprehensive data security and recovery capabilities to withstand and recover from cyber incidents. It leverages AI/ML to detect user and data anomalies that could indicate an emerging attack, utilizes threat intelligence to ensure recovery-data is malware free, and with data classification enables organizations to determine the exposure of sensitive and private information when an attack occurs.
Abnormal Security Posture Management offers protection against email platform attacks
The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform. Increased visibility begins with three new Knowledge Bases, in addition to the existing VendorBase, which present comprehensive databases of employees, third-party applications, and email tenants.
Clumio Protect for Amazon S3 enhancements simplify data protection for AWS customers
Clumio announced new capabilities that will allow enterprises to protect their AWS data at any scale and recover from disruptions instantly, all while optimizing their cloud costs. These benefits will allow enterprise customers to simplify the protection and recovery of large data lakes, application data, and sensitive information on AWS.
LOKKER Privacy Edge PRO helps companies identify and mitigate privacy risks
LOKKER Privacy Edge PRO empowers data privacy professionals to analyze all of their clients’ websites for known privacy risks in one integrated dashboard view. It can identify whether or not specific trackers, tags and pixels are running on a website, which pages they’re on, what personal data is being harvested, and with whom the data is being shared.
ForgeRock Identity Governance empowers large enterprises to solve security and compliance challenges
Built on Google Cloud, ForgeRock’s Identity Governance solution uses AI and machine learning (ML) to help organizations determine whether employees should or shouldn’t have access to applications and data. By leveraging ForgeRock’s comprehensive platform, security decisions become immediately actionable for IT teams.
Bearer Data Security Platform detects gaps within data security policies during coding and in production
Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. It can also remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue.
SecureAuth Arculix Universal Authentication Fabric prevents identity related breaches
Arculix Universal Authentication Fabric allows users to attain a level of assurance needed to authenticate with its patented behavioral AI/ML risk analytics engine. To ensure there is no account takeover (ATO), it generates a score at the beginning of a user logging in that is used to grant access to web apps, servers and services without requiring another factor check. This removes the need for siloed systems to authenticate users.
Sonrai Risk Insights Engine empowers security teams to reduce impact of exploits
Sonrai Security releases Risk Insights Engine which lets developer and security teams control the chaos in both their organizations and their multicloud environments, minimizing lateral movement that leads to data theft. The platform recommends goals based on multiple factors, including the intended use of an environment (development, staging, production, etc.), presence of sensitive data (e.g., PII), and the maturity of the team responsible for it.
Solvo Data Posture Manager protects organizations using public cloud services from data leakage and breaches
Data Posture Manager delivers enhanced visibility into users and cloud components that have access to sensitive data, alerting organizations to excessive or newly-granted privileges and enabling one-click, real-time remediation of security policy violations, ultimately helping security teams combat overload, fatigue, and lack of resources.
Spring Labs TrueZero enables companies to exchange sensitive data without revealing PII
TrueZero authenticates account information and cuts vendor due diligence times by up to 50%. The service also replaces business’s sensitive information with non-sensitive data called tokens to allow businesses to share data with third parties without sending any PII.