Our pick of the top cloud-focused cybersecurity announcements from the RSA conference 2020
The RSA Conference, one of the most anticipated digital security conferences of the year, kickstarted last week (23 - 27 Feb) in San-Francisco and was attended by over 40,000 attendees with nearly 700 exhibitors. The theme of this year’s RSA Conference was the Human Element. According to their blog post, “The goal of the RSA Conference is to help the industry mature while preparing individuals to grow into their roles as defenders of the world. When we recognize that cybersecurity is, fundamentally, about people protecting people, the world becomes a better, more secure place.”
At Panther, we understand that in a cloud-first world, traditional security tools no longer guarantee protection against new and emerging threats. The announcements at RSA also correlated with our vision and there were some interesting highlights focused on the growing importance of cloud security. In this article, we highlight the top offerings which caught our eye.
CISCO launched a cloud-native security platform, SecureX which provides organizations with better visibility across their security portfolio by integrating security analytics, and automated workflows. SecureX provides multi-domain orchestration and automation capabilities using a no/low-code approach and a drag-and-drop interface. It delivers pre-built playbooks, although you can also create your own playbooks tailored to your own environment of Cisco and non-Cisco products.
Per the official press release, “Cisco SecureX unifies visibility, identifies unknown threats, and automates workflows to strengthen customers’ security across network, endpoint, cloud, and applications. Because simplicity is essential to securing today’s digital transformation, Cisco SecureX is included with every Cisco Security product.”
SecureX will replace CISCO’s Cisco Threat Response (CTR) working as a standalone, web-based console; CTR will be a part of SecureX. Cisco SecureX will be available in June.
Palo Alto network built upon their recent acquisition of the Demisto platform, launching Cortex XSOAR, an extended security orchestration, automation and response platform. XSOAR simplifies security orchestration and operationalizes threat feeds by integrating threat intel data with SOAR capabilities - such as unified case management, automation, and real-time collaboration.
According to Michael Poddo, Director, Cyber Threat Analysis & Response, Emerson, "Threat intelligence without context is just threat data. In order for threat intelligence to be of use, the original context of the threat intel has to be applied appropriately and mapped to internal incidents and policies. However, doing this at scale and speed to keep pace with real-time threat feeds is tough without automation. SOAR applied to threat intelligence can help fully integrate it into all aspects of your incident response program."
Learn more about Cortex XSOAR here. The general availability of this platform is expected in March 2020.
F5 announced new additions to its application security portfolio at the RSA. F5’s application security portfolio spans four solution areas: Application Layer Security; Trusted Application Access; Application Infrastructure Security; and Intelligent Threat Services. Based on the areas above, F5 highlighted four new solutions:
- Essential App Protect: A SaaS-based solution that provides apps with protection against common web exploits, malicious IPs, and coordinated attacks
- Behavioral App Protect: Cloud-delivered solution uses machine learning and crowdsourced threat intelligence data to secure apps by detecting malicious behavior in real-time
- NGINX App Protect: It brings F5’s WAF technology to the NGINX platform. It simplifies the tool sprawl and enables security to be enforced closer
- Aspen Mesh Secure Ingress: It helps secure traffic entering Kubernetes clusters and streamlines how application developers can ensure app security
#4 Juniper Networks - Juniper ATP Cloud and SRX Series Firewalls
Juniper Networks announced two new additions to its Juniper Connected Security solution portfolio. First, they announced encrypted traffic analysis for Juniper Advanced Threat Prevention (ATP) Cloud and SRX Series firewalls. It detects malicious botnet traffic that is “going dark” via encryption. This will provide their customers with more visibility and policy control over encrypted traffic, without the need for resource-intensive SSL decryption.
Second, SecIntel is now integrated with the Mist platform for wireless access. Mist customers can now get threat alerts detected by Juniper SRX Series Firewalls and ATP Cloud within the Mist cloud-based management application, allowing administrators to quickly assess security risks.
Read more about Juniper Networks offerings here.
CrowdSrike added new capabilities to its Falcon platform targeted for its MSSP (Managed Security System Providers) partners. These include a modified endpoint protection system combining next-generation antivirus, endpoint detection and response, 24/7 threat hunting and threat intelligence.
Falcon also includes a self-service portal that allows MSSPs to request, provision and onboard new customers via the partner portal or via API. For technology alliance partners, CrowdStrike Store partners, and developers, CrowdStrike announced the CrowdStrike Developer Portal.
CrowdStrike also announced Endpoint Recovery Services, a new offering designed to help organizations resume business operations following an intrusion.
Read more about CrowdStrike’s new offerings here.
McAfee expanded its MVISION platform, with the addition of Unified Cloud Edge (UCE), providing unified data and threat protection from the device level to the cloud. UCE brings together the capabilities of McAfee Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and DLP in one cloud-native platform. It will be available March 2020.
The company also launched a global Managed Detection and Response (MDR) platform, with DXC Technology. This platform provides threat hunting, forensics and investigations, and 24x7 end-to-end managed endpoint threat detection and response.
VMWare made some power-packed announcements in line with its goal of building security-intrinsic products. The VMware Advanced Security for Cloud Foundation project will now integrate Carbon Black’s workload protection Real-time Workload Audit/Remediation technology as well as its Next-Generation Antivirus (NGAV) and Endpoint Detection & Response (EDR) solutions.
VMware Carbon Black will also be integrated with VMware vSphere to create an agentless solution that eliminates the need to insert antivirus and other agents. Additionally, VMware’s NSX Advanced Load Balancer with Web Application Firewall capabilities and NSX Distributed IDS/IPS can be added to VMware Cloud Foundation deployments. The NSX Web Application Firewall addition will help confirm that web servers have compute capacity for maximum security filtering even under peak loads. The NSX Distributed IDS/IPS will provide intrusion detection and advanced filtering.
#8 SECURITI.ai wins the Most Innovative Startup
At the RSA Conference Innovation Sandbox Contest 2020, SECURITI.ai was named as the “Most Innovative Startup” for its innovative ways to approach data privacy rights and protection capabilities. The company’s AI-powered platform ‘PrivacyOps’ helps organizations comply with privacy laws like GDPR in the European Union and CCPA in California by generating digital personas for individuals. It also finds copies of data shared across systems or with third-party vendors or partners. This platform automates and simplifies all major functions needed for privacy compliance using robotic automation and a natural language interface.
Securiti.ai raised a $50 million series B funding round led by General Catalyst, earlier this year.
Apart from various offerings released by security vendors, RSA 2020 also witnessed 29 keynotes and 520 sessions featured acclaimed speakers like Mary Barra, Chair and Chief Executive Officer of General Motors Company; Wendy Nather, Head of Advisory CISOs, Cisco; and many other experts from the cybersecurity industry.
If you missed out on attending the conference, you can check out RSA’s website for recorded programs, keynotes and sessions.