Infosec products of the month: August 2023
Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Adaptive Shield, Bitdefender, Bitwarden, Forescout, ImmuniWeb, Kingston Digital, LastPass, Lineaje, LOKKER, Menlo Security, MongoDB, Netskope, NetSPI, OffSec, Qualys, SentinelOne, Solvo, SonarSource, SpecterOps, Synopsys, ThreatConnect, Traceable AI, and Vicarius.
NetSPI launches ML/AI Pentesting solution to help organizations build more secure models
NetSPI has debuted its ML/AI Pentesting solution to bring a more holistic and proactive approach to safeguarding machine learning model implementations. The solution focuses on two core components: Identifying, analyzing, and remediating vulnerabilities on machine learning systems such as Large Language Models (LLMs) and providing grounded advice and real-world guidance to ensure security is considered from ideation to implementation.
Open-source penetration testing tool BloodHound CE released
SpecterOps released version 5.0 of BloodHound Community Edition (CE). This free and open-source penetration testing solution maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control.
Qualys unveils first-party software risk management solution
The Qualys Cloud Platform now includes new capabilities for assessing risks in first-party applications. Customers can “bring their own” assessment and remediation logic into Qualys Vulnerability Management, Detection and Response (VMDR) workflows and reporting, providing SecOps teams with a unified view of all first- and third-party applications along with open-source software in their environment.
Menlo Security introduces two features to protect users against web browser threats
Menlo Security announced HEAT Shield and HEAT Visibility, a suite of threat prevention capabilities designed to detect and block highly evasive threats targeting users via the web browser.
Synopsys Software Risk Manager simplifies application security testing
Software Risk Manager enables security and development teams to simplify, align and streamline their application security testing across projects, teams and application security testing (AST) tools. It aligns intelligent policy-driven orchestration and vulnerability management capabilities with the Synopsys Software Integrity Group’s SAST and SCA engines, with broad support for other open-source and commercial AST tools.
Forescout Risk and Exposure Management offers quantitative approach to risk prioritization
Forescout unveiled Risk and Exposure Management, its cloud-native product designed to collate all data sources associated with an enterprise’s connected assets and calculate a unique multifactor risk score for each asset, offering a quantitative approach to risk prioritization.
Traceable AI combats API abuse with digital fraud prevention capabilities
By integrating advanced fraud prevention capabilities within its API security platform, Traceable provides a holistic, in-depth, and adaptive approach to ensuring that organizations stop fraud in its tracks. This proactive approach empowers organizations to detect real-time digital fraud.
Sonar’s new deep-analysis capability discovers and fixes code security issues
Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible.
Lineaje BOMbots remediate security issues using generative AI
The BOMbots generative AI tool acts like a “co-pilot,” enhancing a user’s ability to find, understand, and mitigate specific software security and maintenance issues through a specialized, comprehensive analysis by Lineaje AI. Using an intelligent chatbot feature, integrated with their SBOM, teams can engage via a human-like conversation for a comprehensive resolution of a complex issue.
Vicarius vuln_GPT enables security teams to find and fix software vulnerabilities
Vicarius launched vuln_GPT, an LLM model trained to generate remediation scripts for software vulnerabilities. This new AI-powered remediation engine can automatically generate a remediation script to execute a number of actions. For example, scripts can remove a file, close a port, disable a protocol, or initiate a compensating control.
LastPass removes the master password from customers’ login with FIDO2 authenticators
With FIDO2 authenticators, LastPass Free, Premium, Families, Teams and Business customers will have more options when it comes to setting up passwordless login to their vault. The FIDO2 authenticators are currently supported on desktop browsers and Chrome and Firefox extensions, with Safari browser extension and desktop application support coming soon.
Adaptive Shield’s ITDR capabilities help users detect identity-related security threats
Adaptive Shield’s ITDR features security measures to detect and respond to identity-related security threats based on key Indicators of Compromise (IOCs). These IOCs provide forensic signs of a potential breach, such as malware, data breaches, unusual behavior, and other suspicious events.
ThreatConnect empowers security teams to operationalize intelligence requirements
ThreatConnect announced its new Intelligence Requirement capability that helps articulate requirements and form the foundation of the evolved threat lifecycle, no matter the team’s maturity. It also saves users time by automatically parsing incoming and relevant intelligence related to each requirement.
Solvo SecurityGenie helps organizations improve their cloud security posture
Powered by OpenAI, SecurityGenie uses natural language processing (NLP), like how ChatGPT operates, but to help security teams to identify and remediate security risks, such as misconfigurations, vulnerabilities, and compliance violations quickly and easily, eliminating time-consuming manual searches.
Action1 platform update bridges the gap between vulnerability discovery and remediation
Action1 Corporation has released a new version of its solution. The updated Action1 patch management platform brings together vulnerability discovery and remediation, helping enterprises fortify their defenses against threats such as ransomware infections and security breaches.
MongoDB Queryable Encryption enables organizations to meet data-privacy requirements
MongoDB Queryable Encryption helps organizations protect sensitive data when it is queried and in-use on MongoDB. It reduces the risk of data exposure for organizations and improves developer productivity by providing built-in encryption capabilities for sensitive application workflows—such as searching employee records, processing financial transactions, or analyzing medical records—with no cryptography expertise required.
Bitdefender enhances security for iOS devices with Scam Alert
Bitdefender has launched an advanced security feature for iOS users, Scam Alert. The new technology protects users from phishing scams delivered through SMS/MMS messages and calendar invites. Layered on top of existing protection in Bitdefender Mobile Security for iOS, Scam Alert proactively identifies attacks and prevents them from reaching the mobile user – providing iPhone and iPad users complete, layered protection.
SentinelOne Singularity App for Netskope secures remote work from endpoint to cloud
Employees today want the freedom to work where and how they perform best. SentinelOne and Netskope are joining forces to help customers deliver it in a secure way. The technology partners announced the launch of the SentinelOne Singularity App for Netskope, a joint solution that provides the comprehensive, context-rich visibility needed to detect, respond to, and mitigate threats across the ever-expanding attack surface opened by distributed work.
Security Onion 2.4: Free, open platform for defenders gets huge update
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It has been downloaded over 2 million times and is being used by security teams worldwide. Security Onion 2.4 comes with many updates, and the hotfix 2.4.10 release is available on GitHub
Kali Linux 2023.3 released: Kali NetHunter app redesign, 9 new tools, and more!
Offensive Security has released Kali Linux 2023.3, the latest version of its penetration testing and digital forensics platform. Kali Linux 2023.3 introduces a redesigned Kali NetHunter app and a completely new NetHunter Terminal.
ImmuniWeb introduces ImmuniWeb Neuron Mobile, an automated mobile app security testing solution
ImmuniWeb Neuron Mobile is a fully automated, AI-enabled mobile application security testing (MAST) solution designed to discover OWASP Mobile Top 10 vulnerabilities and weaknesses in iOS and Android mobile applications.
LOKKER launches On-demand Website Privacy Audit for healthcare organizations
LOKKER has revealed the availability of the new On-demand Website Privacy Audit, a feature within its Privacy Edge software suite, geared toward healthcare organizations. This audit summarizes the highest priority privacy risks on an organization’s website.
Kingston IronKey Keypad 200C hardware-encrypted USB Type-C drive released
Kingston Digital Europe has launched the Kingston IronKey Keypad 200C, a hardware-encrypted USB Type-C drive that ensures both security and convenience at your fingertips. Now, users can achieve seamless data protection and effortless compatibility without the use of adapters when using USB-C equipped devices.
Bitwarden launches E2EE Secrets Manager
Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT and DevOps teams store, manage, automate, and share secrets.
