New infosec products of the week: August 4, 2023

Here’s a look at the most interesting products from the past week, featuring releases from Forescout, Menlo Security, Qualys, Sonar, SpecterOps, Synopsys, Traceable AI, and Lineaje.

Open-source penetration testing tool BloodHound CE released

SpecterOps released version 5.0 of BloodHound Community Edition (CE). This free and open-source penetration testing solution maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control.

Qualys unveils first-party software risk management solution

The Qualys Cloud Platform now includes new capabilities for assessing risks in first-party applications. Customers can “bring their own” assessment and remediation logic into Qualys Vulnerability Management, Detection and Response (VMDR) workflows and reporting, providing SecOps teams with a unified view of all first- and third-party applications along with open-source software in their environment.

Menlo Security introduces two features to protect users against web browser threats

Menlo Security announced HEAT Shield and HEAT Visibility, a suite of threat prevention capabilities designed to detect and block highly evasive threats targeting users via the web browser.

Synopsys Software Risk Manager simplifies application security testing

Software Risk Manager enables security and development teams to simplify, align and streamline their application security testing across projects, teams and application security testing (AST) tools. It aligns intelligent policy-driven orchestration and vulnerability management capabilities with the Synopsys Software Integrity Group’s SAST and SCA engines, with broad support for other open-source and commercial AST tools.

Forescout Risk and Exposure Management offers quantitative approach to risk prioritization

Forescout unveiled Risk and Exposure Management, its cloud-native product designed to collate all data sources associated with an enterprise’s connected assets and calculate a unique multifactor risk score for each asset, offering a quantitative approach to risk prioritization.

Traceable AI combats API abuse with digital fraud prevention capabilities

By integrating advanced fraud prevention capabilities within its API security platform, Traceable provides a holistic, in-depth, and adaptive approach to ensuring that organizations stop fraud in its tracks. This proactive approach empowers organizations to detect real-time digital fraud.

Sonar’s new deep-analysis capability discovers and fixes code security issues

Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible.

Lineaje BOMbots remediate security issues using generative AI

The BOMbots generative AI tool acts like a “co-pilot,” enhancing a user’s ability to find, understand, and mitigate specific software security and maintenance issues through a specialized, comprehensive analysis by Lineaje AI. Using an intelligent chatbot feature, integrated with their SBOM, teams can engage via a human-like conversation for a comprehensive resolution of a complex issue.