20 Coolest Cybersecurity Products At RSAC 2024 – Source: www.proofpoint.com

At RSA Conference 2024 this week, vendors are showcasing new products in categories including SASE, security operations and application security — with many touting newly released, GenAI-powered cybersecurity capabilities.

Big RSAC Product Announcements

Even as the cybersecurity industry continues to maintain its rapid growth pace — leading many vendors to roll out product announcements throughout the year — major makers of cybersecurity tools also continue to target the launch of new products and capabilities at the RSA Conference. RSAC 2024 kicked off Monday with a number of cybersecurity product moves by top companies including Microsoft, Google Cloud and Cisco.

[Related: 5 Big Cisco, Splunk Security Announcements At RSAC 2024]

Then on Tuesday, many more have joined the fray, with major product announcements from CrowdStrike and SentinelOne. Meanwhile, numerous vendors such as Palo Alto Networks, Zscaler, Fortinet and Netskope announced major new updates just ahead of RSAC 2024.

As the massive cybersecurity gathering got started Monday in San Francisco, the Moscone Center drew huge crowds seeking to hear more on the latest product launches (or at least to check out some of the elaborate booths, such as the “Wiz Mart” booth from cloud and AI security firm Wiz — see slide 5).

Key categories for the RSAC 2024 product announcements so far have included red-hot areas such as security operations, SASE (secure access service edge), application security, threat intelligence, email security and identity security.

For the second year in a row, RSAC is seeing a strong focus on utilizing generative AI — both in tools for security operations teams as well as many other product areas. CRN is on hand at RSAC 2024 and following the product announcements as they come out, and we’ve collected the details on 20 cybersecurity products at the conference that have grabbed our attention.

What follows are 20 of the coolest cybersecurity products being showcased at RSA Conference 2024.

CrowdStrike: Falcon Next-Gen SIEM

At RSAC 2024 on Tuesday, CrowdStrike announced the general availability launch for its Falcon Next-Gen SIEM offering, as well as several new capabilities for the product. Falcon Next-Gen SIEM (security information and event management) — which has until now been in limited availability — has been updated with numerous additional integrations with third-party technologies as well as greater incorporation of the company’s Charlotte GenAI assistant, CrowdStrike CTO Elia Zaitsev told CRN.

“We’ve gone from dozens of integrations to hundreds of integrations with different technology providers,” Zaitsev said, while CrowdStrike is now also “working with multiple MSSPs and GSIs that are standardizing on this platform.”

Meanwhile, “we’ve now fully integrated the advanced AI capabilities of Charlotte to assist and operate the next-gen SIEM platform,” he said. As one example, the Charlotte AI Investigator — which can correlate related context around security incidents and provide GenAI-powered summaries of the incidents — is now in beta and will soon be made generally available, Zaitsev said. “It’ll surface related alerts and systems and users that it believes are part of the incident you’re investigating — that you may not have added already — and gives you the ability to add that in real time into your incident workbench,” he said.

Another key capability that hadn’t been previously available in Falcon Next-Gen SIEM was what the company describes as “multiplayer” functionality, Zaitsev said. This is “In the past, multiple analysts could be working an incident, but they weren’t getting real-time updates and information from each other. Now as they’re collaboratively working on these incidents in real time, changes are being streamed to each other,” he said. “People were using things like spreadsheets and Google Docs and other systems to try to keep track and collate all these information sources in one place. We’re now giving them a single tool —with all the AI automation on top as well — to surge together, have this multiplayer SOC [Security Operations Center] experience.”

Palo Alto Networks: Prisma SASE 3.0

Just ahead of RSAC 2024, Palo Alto Networks announced the next version of its secure access service edge platform, Prisma SASE. The debut of Prisma SASE 3.0 includes a number of newly added features including around data security and app acceleration. In terms of data security, Prisma SASE 3.0 utilizes Large Language Models to boost the accuracy of data classification, the company said. “Our LLM-powered data classification agent can classify data much better,” said Anupam Upadhyaya, vice president for product management at Palo Alto Networks, in an interview with CRN. “And since it can classify data better, it can protect data in a much more robust fashion.”

In terms of app acceleration, Palo Alto Networks said it can offer an up to “5X boost” in the performance of applications, when compared to accessing the apps directly over the web. Prisma SASE 3.0 thus becomes the “first” SASE platform to accelerate apps on an individual basis for each user, with the help of patented “app-aware technology,” the company said.

Additionally, Palo Alto Networks said that its secure enterprise browser, the Prisma Access Browser, has gotten a major update through the addition of support for unmanaged devices. “So now, without the additional burden of managing an unmanaged device, IT is getting all the benefits — consistency of policy, consistency of visibility,” Upadhyaya told CRN.

SentinelOne: Singularity Operations Center

During the second day of RSAC 2024, SentinelOne announced what it’s calling a “new unified security console” with the general availability launch of the Singularity Operations Center. In a news release, SentinelOne said that the offering delivers on the longtime promise of providing users a single, centralized and unified dashboard for security. The offering “represents a massive leap forward in simplifying the analyst experience by unifying alert triage and workflows across all event collections,” said Ric Smith, SentinelOne’s chief product and technology officer, in the release.

Singularity Operations Center offers consolidation of security management through enabling unified alerts along with inventory management and a correlation engine — alongside a “contextualized” Singularity Graph “to accelerate detection, triage and investigation,” the company said.

Wiz: AI-SPM

For fast-growing cybersecurity firm Wiz, recent major additions to its cloud and AI security platform have included native AI security capabilities with its AI-SPM (AI security posture management) offering. Wiz’s AI-SPM aims to protect the use of AI tools during the software development process. The cloud security vendor has also extended its AI-SPM support to include the OpenAI API Platform. Wiz has said it’s the first CNAPP (cloud-native application protection platform) provider to secure customers of OpenAI, the maker of ChatGPT.

Microsoft: Integrations Of Copilot For Security

Microsoft announced at RSAC 2024 that it is now making progress on integrating its Copilot for Security offering “across our security product portfolio.”

“Greater integration of Copilot across the Microsoft security portfolio and beyond provides richer embedded experiences and Copilot capabilities from familiar and trusted products,” said Vasu Jakkal, who is corporate vice president for security, compliance, identity and management at Microsoft, in a blog post. The newly announced Microsoft Copilot for Security integrations include Purview, Azure Firewall and Azure Web Application Firewall, as well as “new partner plugins” that were not specified. “These integrations provide your security teams with real-time guidance, deeper investigative insights, and expanded access to data from across your environment,” Jakkal said in the post.

Abnormal Security: New Cloud Account Integrations

At RSAC on Tuesday, Abnormal Security announced the expansion of its AI-powered behavioral analysis capabilities to additional segments outside of email. The vendor announced a number of new cloud account integrations beyond email — including with products in the areas of identity (Microsoft Azure Active Directory, Okta and Ping Identity) and collaboration (Salesforce, Google Drive, ServiceNow, Zoom, Atlassian, Box, DocuSign, Dropbox, Slack, Workday and Zendesk). Additionally, Abnormal announced new integrations with the three major cloud infrastructure providers — AWS, Microsoft Azure and Google Cloud. Ultimately, the new cloud account integrations will provide security teams with “a consolidated view of all account activity within each connected platform,” the company said in a news release. “If malicious activity is found, administrators can remediate compromised accounts with a one-click ‘Identity Disconnect’ button.”

Abnormal also announced the expansion of its account takeover protection capabilities to cloud applications, which will enable security teams to “build a behavioral baseline for each user across all integrated applications,” the company said. Meanwhile, Abnormal announced what it’s calling an “AI coworker for every security team” with the debut of AI Security Mailbox, which will provide a customized response to employees who report a potential attack about whether the reported email was determined to be malicious — as well as “how a determination was made,” the company said.

Cisco: XDR, Splunk, Hypershield, Duo Updates

Cisco Systems has announced a number of product updates at RSAC 2024, including a major advancement related to its acquisition of security operations stalwart Splunk. First announced at last year’s RSAC, Cisco’s XDR (extended detection and response) platform is getting a big boost through a much-awaited integration with Splunk’s systems. “Splunk has the broadest context of any security tool in [our] inventory,” said Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group. “Splunk sees systems that XDR will not see.” By feeding Splunk’s telemetry into Cisco XDR — which provides greater capabilities for spotting potential threats in real time — Cisco will be able to provide an unprecedented level of detection and response, Gillis said.

Other major updates announced by Cisco included the addition of new functionality to its recently debuted Hypershield architecture, which will now be endowed with capabilities for detecting and stopping attacks exploiting unknown vulnerabilities. Meanwhile, Cisco also unveiled new features for Duo Security, which will remove the need for users to continually authenticate by keeping track of sessions at the operating system level, Gillis said.

Proofpoint: Pre-Delivery And Adaptive Email Security

At RSAC 2024, Proofpoint announced new capabilities for its email security offerings including LLM-based detection that provides “pre-delivery” analysis of threats to Microsoft 365 and Google Workplace inboxes. The detection capability “interprets a threat actor’s message intent regardless of word variation or language used,” delivering proactive protection against email threats, the company said in a news release.

Other new capabilities announced at RSA include Adaptive Email Security, which provides AI-based detection of behavioral activity to protect against “advanced” threats, Proofpoint said. The offering provides “easy-to-understand explanations about behavioral anomalies observed,” while automatically quarantining “high-confidence” threats and delivering coaching through warning banners that alert users about potential risks, the company said.

HPE Aruba Networking: Security Observability, FWaaS, SWG

During RSAC 2024, HPE Aruba Networking introduced a number of new capabilities Tuesday. Newly launched, AI-powered security observability and monitoring within HPE Aruba Networking Central aim to assist with addressing IoT security threats, according to the company. Meanwhile, the vendor also debuted a new firewall-as-a-service (FWaaS) offering as part of HPE Aruba Networking SSE (security service edge), which aims to “extend protection wherever data and devices are, without the expense or complexity of an appliance,” HPE said. Additionally, the company announced it is integrating SD-WAN functionality with SWG (secure web gateway) with the aim of to accelerating adoption of SASE. The integrated SWG capability in HPE Aruba Networking EdgeConnect “delivers comprehensive protection from web-based threats for all types of users and devices,” which includes unmanaged as well as IoT devices, the company said.

Google Threat Intelligence

At RSAC 2024, Google Cloud announced the launch of its newly unified threat intelligence service, based on the integration of threat intel capabilities from Mandiant, VirusTotal and Google itself. The result is Google Threat Intelligence, which provides improved correlation of threats by combining and analyzing these three massive sources of telemetry, said Eric Doerr, vice president of engineering for Google Cloud Security.

While Mandiant, Google and VirusTotal each have long brought a strong track record for threat intelligence individually, “when you add them together, they’re even more valuable. The correlation makes [threat intelligence] more actionable,” Doerr told CRN. For instance, “sometimes you’ll see threats that you couldn’t see without the triangulation across these data points,” he said.

Google Threat Intelligence ultimately represents a major advancement in the space, Doerr said. The service can be licensed as a standalone offering, he noted, though it’s also “deeply integrated” into the Google Security Operations platform (formerly Google Chronicle Security Operations). As part of Google SecOps, the new Google Threat Intelligence offering will enable use cases such as automated threat hunting — “where we see a new threat [that’s] present in your environment, and we flag that for you. You don’t have to do anything,” Doerr said. “That kind of thing is really magic.”

Recorded Future AI Updates

Threat intelligence specialist Recorded Future announced a number of updates to its product portfolio, including what the company says are unique new capabilities for its Recorded Future AI offering. New features include AI Conversation, which enables threat analysts to pose questions to the company’s Intelligence Graph with text prompts, Recorded Future said. A second new feature, AI Insights, allows analysts to generate summaries from massive amounts of data, the company said. “I think it’s a huge boost to threat intel,” said Colin Mahony, president of Recorded Future. The benefits are significant to threat analysts of being able to access information more efficiently and engage more interactively with the platform through simple text-based questions, Mahony said.

Meanwhile, Recorded Future also debuted a new capability for its Collective Insights offering that aims to provide a more holistic view for analysts, he said. The new feature “takes our external intelligence graph, takes this telemetry data, and actually brings the graph into the organization so that we can fully close the loop on the prevention aspect — and really tie it down to the specific actions,” Mahony said.

Additionally, Recorded Future introduced new and enhanced Intelligence Cards, which analysts can reference to “easily see the most important information as an analyst that you need during an actionable investigation,” he said. “You can get it all in one view.”

Netskope: GenAI-Powered SaaS Security

Netskope recently disclosed new updates to its CASB (cloud access security broker) offering that brings greater GenAI capabilities to protecting SaaS usage. With the addition of generative AI to its CASB offering on the Netskope One platform, the vendor said it is the “first” security service edge (SSE) provider to combine CASB with GenAI. The functionality includes the incorporation of a GenAI-powered engine into Netskope’s SaaS security risk categorization, which enables the offering to extract app context and then correlate that information with more than 50 SaaS app attributes, the company said.

Snyk: AppRisk Pro

Building on the debut last year of Snyk’s application security posture management (ASPM) offering, AppRisk, the developer security platform vendor announced ahead of RSAC that it has now launched an AppRisk Pro version. The offering includes key capabilities such as being able to trace back insecure portions of apps “to the specific code components that must be addressed in order to fix the issue,” the company said in a news release. Other major capabilities include the combination of “a unique level of prioritization with proven developer-first tools for vulnerability prevention and remediation, all underpinned and enabled by AI,” Snyk said.

Fortinet: GenAI-Powered Security Tools

Last week, just ahead of RSAC 2024, Fortinet announce what it’s calling the industry’s “first” GenAI assistant for IoT security. The new tool in FortiManager offers a conversational interface powered by the vendor’s GenAI technology, FortiAI, which can assist with detection and troubleshooting of IoT vulnerabilities, Fortinet said. Meanwhile, the company also announced new capabilities in FortiManager for GenAI-assisted scripting within CLI and Jinja. And in the realm of threat hunting, Fortinet disclosed it is “deepening” the integration of its FortiAI technology inside of FortiAnalyzer with the inclusion of new dictation capabilities. The update simplifies threat hunting and analysis of events by accepting commands for data queries along with identifying threats and generating reports, Fortinet said in a news release.

Securonix EON

In advance of RSAC, Securonix last week debuted a suite of AI-powered capabilities, Securonix EON, using Large Language Models from Amazon Bedrock and Anthropic Claude 3 to extend the company’s Unified Defense SIEM. EON provides new “psycholinguistics” capabilities to assist with hunting for insider threats and adaptive threat modeling, which utilizes machine learning to uncover previously unknown attack chains in “near real-time.” Other key updates include InvestigateRX, a tool that pulls together content into a “context-aware” summary, the company said.

Zscaler: ZDX Copilot

Zscaler announced several new offerings ahead of RSAC including a new AI assistant, ZDX Copilot, for its Zscaler Digital Experience (ZDX) platform. The GenAI-powered tool rapidly analyzes data from a massive store of data covering activities from users, devices, applications and networks — ultimately providing IT and security teams with previously unavailable insights, according to Zscaler. ZDX Copilot allows users to ask questions “to review high-level trends and progressively narrow results down to specific actionable insights,” the company said. Other new launches announced by Zscaler for its Digital Experience platform included Hosted Monitoring — for enabling continuous monitoring of availability and performance of apps and services — and Data Explorer, which provides the ability to build and share customized reports between teams, the company said.

Safe Security: Risk-Based Third-Party Management

Safe Security recently disclosed to CRN that it’s expanding into the third-party risk management space — a move that was formally announced Tuesday at RSAC 2024. The company’s new Safe TPRM (third-party risk management) module will stand out by quantifying the risk of specific threats — such as ransomware and data exfiltration — for third-party vendors in an “actionable” manner, Saket Modi, co-founder and CEO of Safe Security, told CRN. For instance, Safe TPRM will provide an actual risk measured in dollars of ransomware occurring at a certain third party, Modi said. “We actually quantify the risk in a way the business can understand it.”

On top of offering improved third-party risk management compared to existing vendors in the space, Safe Security will also combine the third-party signals with the data on first-party and SaaS risk that the company has already offered, according to Modi. As a result, “in one dashboard you can get your first party, your third-party and your SaaS applications [risk] all converged into one,” he said.

SonicWall: New Cybersecurity Management Platform

Ahead of the RSA Conference, SonicWall unveiled a new cybersecurity management platform aimed at bolstering the efforts of MSPs and MSSPs. Thew new SonicPlatform seeks to “unify SonicWall products into a single integrated interface,” the company said in a news release. The platform delivers “deep” product integration that allows contextual data to be shared across all points, SonicWall said. Key capabilities of SonicPlatform include a unified console and consolidated visibility of system health, as well as improved security management and inventory management, according to the company. SonicPlatform ultimately enables MSP and MSSP partners to “efficiently manage multiple client environments, automate key tasks, reduce operational costs, enhance service delivery, and garner valuable insights—all through a single, user-friendly interface,” SonicWall said in the release.

Critical Start: MDR For OT (Operational Technology)

Managed detection and response (MDR) provider Critical Start announced ahead of RSAC 2024 that it’s debuting a new MDR service focused on operational technology (OT). The offering brings together monitoring of threats and vulnerabilities with risk and management to give organizations a “risk-based approach” in their OT security program, Critical Start said in a new release. Critical Start MDR for OT is a ultimately a “comprehensive and flexible service that combines OT-specific threat detection capabilities,” the company said in a news release, while also offering the option to utilize a customer’s existing infrastructure and tools through ingestion of security-relevant logs.

Cloudflare For Unified Risk Posture

Ahead of RSAC 2024, Cloudflare unveiled a suite of capabilities for security risk management, Cloudflare For Unified Risk Posture. The offering can “help enterprises with automated and dynamic risk posture enforcement across their expanding attack surface,” the vendor said in a news release. Key capabilities include evaluation of risk across applications and users; exchanging of risk indicators with “best-in-class” partners; and enforcement of automated risk controls, Cloudflare said.