RSA Conference 2021 – Summary of Vendor Announcements
The 2021 edition of the RSA Conference — a fully virtual event this year — took place May 17-20 and several companies used the opportunity to announce new products, services, initiatives, and other resources.
To help cut through the clutter, the SecurityWeek team is providing a summary of the announcements made at RSA Conference 2021.
Products, services and initiatives
Arctic Wolf announced Managed Security Awareness, a new solution that it described as a security awareness and training program delivered as a concierge service. Its goal is to help organizations be more resilient to social engineering, credential theft and phishing attacks. The new solution includes security awareness microlearning, automated phishing simulations, and account takeover monitoring.
BigID announced the availability of Data Retention App, which provides automated retention management capabilities to help organizations reduce risk, automate data lifecycle management and achieve compliance.
Cisco unveiled improvements for its extended detection and response (XDR) solutions, including enhanced vulnerability management capabilities as a result of the acquisition of Kenna Security, better device visibility via SecureX, simplified transition from EDR to XDR, and expanded investigation and threat hunting capabilities.
The company also announced Secure Access Service Edge (SASE) improvements, specifically new integrations, a new protection layer, and a new package — all for its Umbrella enterprise network security solution. Other announcements related to network security include an update to Secure Firewall Threat Defense and the launch of Cisco Secure Firewall Cloud Native for Kubernetes.
CxO Trust is an initiative that aims to bring together C-suite executives to evolve cloud and cybersecurity understanding, knowledge, and solutions in response to enterprise challenges. Members will collaborate on developing practical privacy and governance models, training and certificate programs, mentorship and hiring best practices, regulatory/legislative programs, and product and services development.
CrowdStrike announced Falcon Fusion, a framework based on the Falcon platform that is designed to help organizations improve the efficiency of their security operation center (SOC). The company said Falcon Fusion can be used to orchestrate and automate complex workflows, simplify security operations, and accelerate incident triaging and real-time response.
As for the updates made to the CrowdStrike Falcon Platform, the company announced expanded macOS coverage, new Zero Trust capabilities, and a new Message Center for Falcon Complete and OverWatch.
Devo Technology introduced Devo Content Stream, a content delivery service designed to continuously provide security teams with curated alert content and threat intelligence.
Digital.ai has launched Essential App Protection, a low code solution that is designed to provide a first line of defense against application layer attacks. Essential App Protection provides visibility that security and DevOps teams can use to determine the level and type of application protection that is needed.
Fortinet has extended the capabilities of its FortiEDR endpoint detection and response (EDR) solution. FortiEDR now provides cloud-native endpoint security and integrated endpoint protection capabilities, as well as a managed detection and response service that delivers 24×7 threat monitoring, alert triage and remote response.
Hunters has launched Hunters XDR, the firm’s open extended detection and response platform. Hunters XDR is designed to ingest data from existing security tools and analyze threat signals to help organizations more efficiently respond to incidents.
McAfee announced a “significant expansion” of its MVISION XDR product by correlating telemetry of the company’s endpoint, SASE and threat intelligence solutions. MVISION XDR capabilities include threat detection, automated threat management tasks, and proactive threat hunting.
Palo Alto Networks unveiled SaaS Security, an integrated cloud access security broker (CASB) that enables security teams to automatically discover and control new SaaS applications, It also provides data loss prevention capabilities, helps prevent threats, and aids organizations in maintaining compliance.
SaaS Security is only one of the several new solutions from Palo Alto Networks for what the company calls Zero Trust Network Security. The company this week also announced a Cloud Identity Engine for verifying user identities, an Advanced URL Filtering service, and new firewall appliances.
ReversingLabs has unveiled its Malware Lab solution, which provides organizations a threat analysis engine and console designed for detecting, classifying, analyzing, and responding to malware and associated IoCs.
SecurID, an RSA business specializing in identity and authentication solutions, announced the launch of Interactive Experience, which enables customers to choose authentication methods, build access policies and configure rule sets.
ServiceNow announced new security integrations with Microsoft products. Specifically, it informed customers about ServiceNow Security Operations Solution Suite integrations with Microsoft Azure Sentinel, Microsoft Threat & Vulnerability Management, Microsoft Teams, and Microsoft SharePoint.
Synopsis announced the expansion of its Technology Alliance Partner (TAP) program and added new integrations for its Intelligent Orchestration solution, including with GitHub Actions and CloudBees.
Reports and other resources
Vectra has released a report on the top 10 threat detections across Azure AD and Office 365. In the case of Office 365, the list includes risky Exchange operations, suspicious download activity, suspicious sharing activity, external Teams access, suspicious Power Automate Flow creation, and suspicious mail forwarding. In the case of AD, the list includes suspicious operations and redundant access creation.
VMware has released a new threat landscape report that highlights the extent of threats evading perimeter defenses. Key findings include evasion of defense systems being the most encountered MITRE ATT&CK tactic used by malware, email being the most common attack vector for initial access, and the transmission of plain-text passwords over the network being the most common bad security practice.
One of the most interesting findings of the report is that hackers often start looking for vulnerable systems just minutes after the existence of a vulnerability is made public. In the case of the recent Microsoft Exchange flaws, for instance, it took hackers only 5 minutes to start scanning the web for vulnerable servers.
A survey of 250 security, DevOps and IT professionals showed that a majority believe DevOps and security teams will share AppSec responsibility. Roughly 90% also believe that integrating AppSec tools into DevOps pipelines through automation will be critical to the success of DevSecOps.
Sophos has published its Active Adversary Playbook 2021, which details attacker behavior and impact, as well as the TTPs seen in the wild by the company. The playbook can help security teams understand what adversaries do during attacks and how to spot and defend against such activity on their network.