10 Cool Network And Endpoint Security Products Unveiled At Black Hat USA 2018
Getting Back To Basics
Vendors attending Black Hat USA 2018 have continued to keep network and endpoint security front and center, debuting offerings that protect against signatureless malware while infusing stronger threat intelligence and vulnerability assessments into the ecosystem.
Cybersecurity companies have doubled down on everything from securing removable media on the endpoint to meeting the high security demands of multi-cloud, the Internet of Things and the enterprise edge, to inspecting encrypted traffic without compromising on performance.
Integration also has played a key role in moving the ball forward, with vendors infusing endpoint capabilities into pre-existing threat detection and response modules and wrapping managed services around their existing endpoint security tools.
Here's a look at what 10 Black Hat USA 2018 network and endpoint security vendors are doing to block suspicious traffic, zero-day attacks and advanced persistent threats.
CrowdStrike Falcon Device Control
CrowdStrike released a new device control module to enable visibility into removable media activity, which the company said is critical for organizations looking to replace their legacy anti-virus with next-generation endpoint protection.
Falcon Device Control enables the safe utilization of USB devices across organizations by uniquely providing extensive visibility and granular control over those devices, the company said. It offers security and IT operations teams full understanding of how devices are being used, as well as the ability to precisely control and manage that usage.
Customers using Falcon Device Control have visibility into detailed device information and history, increased control over mass storage devices, and greater context into host activity to see what's happening in environments. This makes it easier for administrators to implement controls that protect critical data, the Sunnyvale, Calif.-based company said.
Digital Guardian Managed Security Program For Endpoint Detection And Response
Digital Guardian's Managed Security Program for Endpoint Detection and Response (EDR) provides organizations with state-of-the-art technology supported by a global team of security experts around the clock, according to the Waltham, Mass.-based company. MSP for EDR offers resource-constrained organizations the opportunity to significantly enhance their security posture and level of protection.
With MSP for EDR, customers can be protected from advanced threats, including fileless malware, polymorphic malware, zero-day attacks, advanced persistent threats (APTs), ransomware, insider threats, and advanced data exfiltration methods. And bundling that program with MSP for Data Loss Prevention provides customer with full data protection from insider threats and external attackers.
Digital Guardian's MSP program is the fastest-growing area of its business, with more than 1 million agents under management across customers ranging from the Fortune 100 to the midmarket.
Pulse Policy Secure 9.0
Pulse Policy Secure 9.0 makes it easier for enterprises to mitigate malware, data breaches and compliance risks through three dozen new features and enhancements that advance visibility, usability, endpoint and Internet of Things security, and threat response capabilities.
Policy Secure 9.0 boosts compliance enforcement with broader endpoint discovery mechanisms, vulnerability assessment to prevent malware attacks such as WannaCry, as well as OS and patch management verification to safeguard Windows and macOS devices.
The San Jose, Calif.-based company’s offering streamlines the user experience by incorporating host checking caching, directory, and authentication and firewall integration techniques to reduce login prompts, authorization and device compliance time. Pulse Policy Secure also can share identity and endpoint information with network and security infrastructure, as well as receive network policy enforcement requests from external offerings.
AlienVault USM Anywhere
AlienVault introduced endpoint detection and response (EDR) capabilities in its USM Anywhere automated threat detection and response product.
The San Mateo, Calif.-based company said delivering EDR capabilities as part of a unified solution for threat detection, response and compliance enables businesses of all sizes to detect and respond to threats quickly while eliminating the need for additional point products.
Although endpoints are critical to a comprehensive security strategy, AlienVault said many organizations struggle with the cost and complexity of EDR point products. The new EDR capabilities in USM Anywhere are fully integrated and provided to every customer without a subscription upgrade or update required.
USM Anywhere specializes in detecting aggressive threats, the company said, particularly those designed to evade detection by traditional perimeter security and signature-based detection technologies.
Signal Sciences Network Learning Exchange
Signal Sciences Network Learning Exchange (NLX) is the first trusted web application attack feed that informs enterprise customers of suspicious traffic from sources that have been confirmed to be malicious elsewhere.
The Culver City, Calif.-based company’s NLX recognizes attack patterns across Signal Sciences' customer network to proactively alert and defend other enterprise web applications and APIs. The application has created a resilient, protective layer that uses data to continually advance detection intelligence, resulting in some 95 percent of customers having blocking mode enabled on their production sites.
NLX eliminates the need to send signatures that cause false positives, instead delivering alerts when confirmed malicious sources are present on a customer's website.
FireEye MalwareGuard
FireEye MalwareGuard is designed to help detect and block cyberthreats, including never-before-seen threats, providing customers with a more robust way to protect their information, sensitive data and intellectual property. The tool is integrated into the FireEye Endpoint Security agent and is available to current customers at no additional cost.
MalwareGuard is the result of a two-year research project from FireEye data scientists, as well as testing in real-world incident responses. The model is trained using advanced machine-learning techniques that enable MalwareGuard to make intelligent malware classifications on its own without human involvement.
FireEye, Milpitas, Calif., reviews hundreds of millions of malware samples, resulting in first-hand knowledge of the threat landscape that's not available to any other organization. The FireEye data science team has real-world experience analyzing cyberthreats, and they use FireEye's using data to train MalwareGuard to detect new threats.
Fortinet Advanced Malware Protection
Fortinet, Sunnyvale, Calif., has integrated its Antivirus and FortiSandbox Cloud offerings into a single Advanced Malware Protection service to keep organizations safe from known and unknown threats. While signature-based anti-virus technologies remain critical for identifying known threats, organizations also need an offering designed to identify zero-day threats and attacks leveraging advanced evasion tactics.
The Advanced Malware Protection service includes IP botnet domain protection and mobile security, as well as Content Disarm and Reconstruction (CDR) and Virus Outbreak Protection Services (VOS). VOS closes the gap between anti-virus updates by leveraging the latest threat analysis to detect and stop malware threats discovered between signature updates before they can spread around the company.
CDR, meanwhile, addresses threats that use advanced techniques to evade traditional signature-based and reputation-based security prevention measures.
A10 Networks Harmony Controller 4.1
An upgrade to the Harmony Controller has expanded A10's security and intelligence capabilities through new Harmony Apps that support A10 offerings around SSL Insight, convergent firewall, and carrier-grade networking.
Harmony Controller 4.1 provides unique visibility and insight into application traffic, thereby increasing security efficacy, shortening troubleshooting times, and enabling simplified capacity planning for reduced total cost of operations. The platform also introduces a framework to run use-case specific applications on top of Harmony.
The Harmony Apps, meanwhile, offer the ability to augment analytics with third-party data to provide complete visibility in specific application use cases. The modular and extensible nature of the apps also makes it easier to optimize data collection from third-party sources, according to San Jose, Calif.-based A10 Networks.
Juniper SPC3 Advanced Security Acceleration Card
Juniper Networks' new SPC3 Advanced Security Acceleration Card is designed to help service providers, cloud providers and enterprises meet the diverse and high security demands of multi-cloud, Internet of Things, 5G and the enterprise edge while continuing to provide customers with investment protection with their existing installed base.
The SPC3 card allows customers to secure their networks without sacrificing performance or scale, delivering high-scale security gateway capability for service providers and proven VPN capability for the largest enterprises. With SPC3, the Sunnyvale, Calif.-based company said customers can reduce their energy and cooling costs through more efficient operations and power usage.
SPC3 also allows organizations to minimize their downtime and focus on running their infrastructure thanks to an extensible and flexible architecture with high reliability, modular design, and the opportunity to upgrade without service interruptions.
Check Point 23900 Security Gateway
The Check Point 23900 security gateway combines comprehensive threat prevention with purpose-built hardware, making it possible to inspect SSL-encrypted traffic without compromising on performance, uptime or scalability.
The 23900 appliance offers all-inclusive security that consolidates threat prevention network protections, according to Check Point Software Technologies, Tel Aviv, Israel. Specifically, the 23900 makes it possible to deploy consolidated technologies across high-performance data centers or highly trafficked enterprise networks straight out of the box.
The 23900 security gateway offers maximum security performance with 128 Gbps of firewall throughput and delivers powerful hardware for SSL encrypted traffic inspection. It also supports the fastest connectivity standards of up to 100 GbE and features modular expansion options with up to 42 network interfaces.