Infosec products of the month: March 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, Ordr, Permiso, Pentera, Portnox, Regula, Sentra, Sonatype, Spin.AI, Tenable, Tufin, Viavi Solutions, and Zoom.

AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights

AuditBoard revealed new AI, analytics, and annotation capabilities to help corporate risk, compliance, and assurance teams, including internal audit and SOX functions, improve collaboration with stakeholders, do more with less, and deliver more timely insights.

GitGuardian SCA automates vulnerability detection and prioritization for enhanced code health

GitGuardian SCA is specifically designed for use in DevSecOps environments. The latest addition to GitGuardian’s code security platform equips security and developer teams with a unified vulnerability remediation solution, capitalizing on cross-team collaboration, incident visibility, and context.

Delinea Privilege Control for Servers enforces least privilege principles on critical systems

In Privilege Control for Servers, session recording and auditing occur on the host, so data cannot be altered. As a shared capability, session, and audit data is unified and saved in the Delinea Platform, simplifying storage and access while taking advantage of Delinea’s AI-driven auditing (now in public preview) to reduce the time to identify potentially dangerous activities without manually reviewing hours of session recordings.

GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management

With the upgrades in GlobalSign’s PKIaaS Connector, ServiceNow users have expanded certificate lifecycle management capabilities for manual and automated certificate renewal, retrieve and update certificates, filter by expiration, send certificates in email and support expiry notifications via email.

Legato Security Ensemble helps organizations prevent breaches

Ensemble addresses the challenges businesses face in securing their networks and digital environments, standing out with its ability to correlate diverse security tools for increased visibility, simplified alert management, real-time reporting, asset intelligence, and seamless data correlation between SIEM and endpoint solutions.

Exabeam introduces new features to improve security analyst workflows

Exabeam announced two cybersecurity features, Threat Center and Exabeam Copilot, to its AI-driven Exabeam Security Operations Platform. Threat Center is a unified workbench for threat detection, investigation, and response (TDIR) that simplifies and centralizes security analyst workflows, while Exabeam Copilot uses generative AI to help analysts quickly understand active threats and offers best practices for rapid response.

SpinSPM for Salesforce identifies misconfigurations within SaaS applications

SpinSPM for Salesforce allows security professionals and IT administrators to proactively secure Salesforce environments. With complete configuration visibility, ongoing management, automated tools for incident response, and much more, organizations can reduce security, data loss, and compliance risks associated with the CRM application.

VIAVI enhances Observer Sentry’s exposure and vulnerability analysis

With traffic visibility, Observer Sentry goes beyond identifying unintended and potentially dangerous exposures, and enables SecOps, DevOps and cloud architects to determine if a vulnerability has been exploited.

Web Check: Open-source intelligence for any website

Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence.

Pentera Cloud empowers security teams to reduce exposure to cloud-native attacks

Pentera Cloud introduces automated pentesting designed for the scale of modern attack surfaces and the speed of dynamic cloud environments. Emulating real threat actor tactics and techniques, Pentera Cloud challenges security controls to identify exploitable gaps across AWS and Azure environments.

Check Point introduces Harmony SaaS for automated threat prevention

Leveraging behavior-based machine learning and the most complete repository of SaaS-related threat indicators and attributes, Check Point Harmony SaaS proactively prevents data theft, account takeover, file poisoning, and other SaaS attack vectors. Harmony SaaS automatically stops anomalous activity, ensuring the security of sensitive data.

Sentra Jagger provides real-time security insights and AI-assisted remediation guidelines

Security teams can use Sentra Jagger to get insights and recommendations on specific security actions through an interactive, user-friendly interface. In addition, customizable dashboards can be easily created based on user roles and preferences to optimize visibility into an organization’s data.

RiskInDroid: Open-source risk analysis of Android apps

RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques.

Cynerio extends Healthcare Cybersecurity Platform to improve patient data protections

With a focus on addressing critical cybersecurity challenges, Cynerio epands its Healthcare Cybersecurity Platform to safeguard patient data and combat escalating cyber threats.

DataDome Ad Protect detects fraudulent ad traffic

DataDome Ad Protect empowers marketers to allocate their campaign funds more effectively, focusing on genuine user engagement and reducing fraudulent clicks. This not only optimizes marketing budgets but also enhances the overall effectiveness of digital advertising campaigns.

Tenable enhances ExposureAI capabilities to directly query AI engine and reduce risk

Tenable has unveiled enhancements to ExposureAI, the generative AI capabilities and services within its Tenable One Exposure Management Platform. The new features enable customers to quickly summarize relevant attack paths, ask questions of an AI assistant and receive specific mitigation guidance to act on intelligence and reduce risk.

MobSF: Open-source security research platform for mobile apps

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation.

CloudGrappler: Open-source tool detects activity in cloud environments

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures (TTPs) of modern cloud threat actors like LUCR-3 (Scattered Spider).

Regula 4205D updates help border control authorities fight identity document fraud

Regula upgrades its Regula 4205D, a device designed to significantly enhance the efficiency and effectiveness of document verification processes. Equipped with 13 light sources and capable of 30x magnification, Regula 4205D streamlines the workflow of border officers, helping them make well-informed decisions.

Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain

Sonatype SBOM Manager provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s data and security research.

OrdrAI CAASM+ provides asset visibility with AI/ML classification

Building on its Asset Intelligence Platform with features such as the Ordr Discovery Engine for unified asset discovery, AI/ML classification and analytics, and automated policy creation and workflows, OrdrAI CAASM+ provides an option for organizations to manage their entire asset attack surface — including devices, users, installed software, cloud, and SaaS.

Tufin Orchestration Suite R24-1 enhances cloud security and compliance

Tufin released Tufin Orchestration Suite (TOS) version R24-1. The latest additions to Tufin’s solution enhance customers’ ability to manage cloud security controls from a centralized interface, making security policy management more effective. With TOS R24-1, Tufin enables complete visibility across today’s complex hybrid enterprise networks, helping teams maintain security and compliance.

Portnox Conditional Access for Applications improves data security for organizations

With Conditional Access for Applications, Portnox helps resource-constrained IT teams combat the rise in device-based attacks against enterprise SaaS and on-premises applications through a risk-based approach that is in lockstep with infrastructure and network security efforts.

Drata unveils Adaptive Automation for streamlined compliance

The launch of Adaptive Automation allows customers to expand beyond Drata’s pre-built tests and easily deploy custom tests that best match their security and compliance needs. In order to support the massive scale of test automation and complex use cases, Drata refactored its automation engine, allowing customers to collect and validate evidence across more sources using nested conditions.

Zoom Compliance Manager helps organizations fulfill regulatory requirements

Zoom announces Zoom Compliance Manager, an all-in-one offering that provides archiving, eDiscovery, legal hold, and information protection capabilities to help organizations fulfill regulatory requirements and mitigate organizational communications compliance risks across the Zoom platform.

Appdome launches Social Engineering Prevention Service to safeguard mobile users

Appdome has unveiled its new Social Engineering Prevention service on the Appdome platform. The new service includes several new real-time defenses against voice phishing (vishing), remote desktop control, FaceID bypass, fake applications, and SIM swapping, all of which protect user safety, brand reputation, business continuity, and revenue generation.

Legit Security launches enterprise secrets scanning solution

Legit Security has unveiled its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline. Security teams can now identify, remediate, and prevent the exposure of secrets across developer tools, such as GitHub, GitLab, Azure DevOps, Jenkins, Bitbucket, Docker images, Confluence, Jira, and more.

Malwarebytes adds AI functionality to ThreatDown Security Advisor

Using natural language processing and generative AI, the enhanced Security Advisor can understand the context of a query and identify relevant information. This helps ThreatDown administrators to identify threats they might miss with a traditional keyword-based search or being required to download, filter and sort through search results.

Bedrock Security protects sensitive data within one unified platform

Bedrock Security unveiled its data security platform, powered by data AI Reasoning (AIR) Engine. Through AIR’s technology, including data similarity, topic detection, and identity and activity analysis, Bedrock provides a clear picture of data usage and risk within one unified platform.

CyberArk Secure Browser helps prevent breaches resulting from cookie theft

Backed by intelligent privilege controls and simple to deploy across devices, CyberArk Secure Browser is purpose-built for a cloud-first world, providing secure, consistent access to both on-premises resources and SaaS applications. It allows visibility, control and governance for security teams, helping to prevent the malicious use of compromised identities, endpoints and credentials both at and beyond login.