BlackBerry, Proofpoint, McAfee, Palo Alto Networks and Spirion are among the companies making product announcements in San Francisco at the start of the annual RSA Conference.
The conference officially kicked off today with keynote speeches.
BlackBerry said it had added mobile device management to its Spark platform, creating what it calls a new unified endpoint management service for both desktop and mobile devices.
As a result, BlackBerry applications now offer grants visibility across desktop, mobile, server, and IoT (including automotive) endpoints to security teams as well as improved cyber threat prevention and remediation.
“It means there’s efficiencies, lower cost, better use of people’s time,” Nigel Thompson, BlackBerry’s vice-president of product solutions marketing, said in an interview.
Spark is a platform introduced in September 2018 that underlies BlackBerry applications and allows connectivity with third parties like Amazon AWS, Google, Microsoft Azure and device makers through a single dashboard. The goal is to deliver comprehensive security on one agent across all of a company’s endpoints through one console. Threat data from all endpoints can be combined into one “crowd-sourced” repository and managed in one cloud environment.
With the new capability, the security will have better visibility across all endpoints — both corporate and employee-owned — said Thompson. Meanwhile, IT staff can use the same BlackBerry tools they do now for endpoint protection but can add protection for mobile devices. These include Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), Mobile Threat Defense (MTD) and Continuous Authentication.
Data Loss Prevention (DLP) and Secure Web Gateway will be added soon.
BlackBerry said these capabilities work together seamlessly to share data for reporting, calculating risk scores and enabling policy controls. For example, EDR leverages EPP and MTD technologies to prevent malware across the organization. Continuous authentication uses data from MTD, EPP and EDR to create behavioural profiles. A detailed understanding of data from DLP helps to define the risks further.
Microsoft made several announcements of interest to CISOs.
Insider Risk Management is now available for organizations using Microsoft 365.
“By gathering signals from across Microsoft 365 and other third-party systems, Insider Risk Management can identify anomalies in user behaviour and flag high-risk activities,” the company said. “With privacy built-in by design, the system leverages AI and machine learning to mitigate insider risks and better protect and govern the organization’s data.”
It leverages policy templates and policy conditions that define what risk indicators are examined in Microsoft 365. These conditions include how indicators are used for alerts, what users are added in the policy, which services are prioritized, and the monitoring time period. New templates include Departing Employee Data Theft, Data Leaks and Offensive Language in Email.
Also now available for Microsoft 365 customers is Microsoft Threat Protection, which combines and orchestrates the capabilities of Microsoft Defender Advanced Threat Protection (ATP) for endpoints), Office 365 ATP for email, Azure ATP for identity, and Microsoft Cloud App Security for protecting applications. As a result, security teams can co-ordinate protection, detection, response, and prevention.
Added to the Azure Sentinel security information and event management (SIEM) suite is a connector for IoT devices, as well as the ability to import AWS CloudTrail logs into Azure Sentinel. These capabilities will be available at no additional cost from Feb. 24th until June 30th.
Proofpoint announced integrated, end-to-end solutions it says will address business email compromise (BEC) and email account compromise (EAC) attacks.
They combine the company’s secure email gateway, advanced threat protection, threat response, email authentication, security awareness training, and cloud account protection.
Broadly speaking BEC attacks are aimed at tricking an employee into sending money and data to fake accounts. Often the scam is aided by compromising the accounts of partner companies, and a number of firms and governments have lost millions in these cons.
No pricing was announced.
In addition, to help organizations combat advanced cyberattacks that use both email and cloud vectors, it also announced multiple Proofpoint Cloud App Security Broker (CASB) innovations to safeguard the cloud applications employees use every day such as Amazon Web Services, Box, Google G Suite, Microsoft Office 365, and Slack.
Spirion announced the release of its new SaaS platform, Data Privacy Manager.
Data Privacy Manager enables organizations to automatically discover, classify, understand, control and protect sensitive data to ensure compliance. It is said to provide optimal performance for ever-growing volumes of data to ensure high-precision discovery and classification of sensitive data types, both structured and unstructured, across on-premise and cloud-based environments.
The highly configurable platform is compatible with Windows, Apple OSX and Red Hat Linux, allowing organizations to build limitless agents that can search for sensitive data faster across the cloud and on-premise systems.
FireEye announced the availability of FireEye Mandiant Threat Intelligence Suite, which is comprised of curated threat intelligence subscriptions and services. Available via three tiers (Standard, Advanced and Enterprise) they are said to make it easy for organizations to select the option that best fits their needs.
Depending on the service users get access to published intelligence reports covering strategic and operational intelligence, cybercrime and cyber espionage threats, information operations, industrial control system threats and vulnerability intelligence; tailored, proactive monitoring and analysis of threats to your brand, your VIPs and your integrated partner community; and access to a dedicated analyst who can help pursue research and analysis.
Palo Alto Networks introduced Cortex XSOAR, an extended security orchestration, automation and response platform it says will empower security leaders with instant capabilities against threats across their entire enterprise.
Cortex XSOAR is an evolution of the Demisto platform, which was bought by Palo Alto just over a year ago. Demisto customers will be migrated to Cortex XSOAR upon general availability, expected next month, with an option to evaluate the new Threat Intel Management module at no additional cost.
XSOAR allows admins to standardize and automate processes for any security use case, adapt to any alert with security-focused case management, boost SecOps efficiency with real-time collaboration and take action on threat intelligence by aggregating disparate sources, customizing and scoring feeds, and matching indicators against a customer’s specific environment.
McAfee announced additions to its MVISION platform with the availability of Unified Cloud Edge, which protects enterprise data across devices, web and the Cloud; Cloud Native Infrastructure Security, which helps organizations protect the entire infrastructure and application stack of cloud-native applications; and a global Managed Detection and Response (MDR) offering.
Unified Cloud Edge protects data as it leaves a device, travels to and from the cloud and within Software-as-a-Service (SaaS) cloud services. It brings together the capabilities of McAfee’s Cloud Access Security Broker product, McAfee Web Gateway, and McAfee Data Loss Prevention offerings to deliver a unified environment to create and enforce data security and threat protection policies in the cloud, on the web and on the device.
Cloud-Native Infrastructure Security is designed to secure the full stack of cloud-native applications including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and container environments. Together, they enhance and simplify security by providing a core set of common security services that are cloud-native, unified and open.
It combines McAfee’s Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP) and Container Security technologies into one security management experience.