Here are the top cybersecurity tools, platforms, capabilities, services, and technologies launched at Black Hat USA 2023 that you need to know about.
Black Hat USA 2023 served as launchpad for a host of cybersecurity products and services, with many notable vendors as well as up-and-coming startups showcasing their innovations at the annual conference, held this week in Las Vegas.
The CSO team has put together a list highlighting the most significant debuts at the show -- which, along with the RSA Conference, is one the premier global cybersecurity events. This summary of top security technology illustrates the diversity of security products at the show, including generative-AI based cybersecurity tools, extended detection and response (XDR) software, threat hunting and Security Operations Center (SOC) automation, application security products, and vulnerability management programs.
CrowdStrike: Counter Adversary Operations
Identity Threat Hunting is the first new service to be released under a new Crowdstrike program called Counter Adversary Operations, which brings together products and services that aim to not only identify threats but also to disrupt adversaries and attacks. The program includes CrowdStrike's Falcon Intelligence, Falcon Overwatch managed threat hunting teams and Falcon's most recent telemetry to detect and inhibit adversary activities. Identity Threat Hunting is immediately available as part Falcon OverWatch Elite. The feature will allow security teams to identify and remediate compromised credentials, track lateral movement, and outpace adversaries with always-on, 24/7 coverage. The service is available to new and existing CrowdStrike Falcon Overwatch Elite customers for no added cost and was scheduled to be demonstrated in booth #1620 at Black Hat.
Skyhawk Security: Shift-left CDR
Skyhawk’s new patent-pending cloud threat detection and response (CDR) capability is powered with generative AI (ChatGPT and GPT API) and machine learning to shift the threat detection process to the “left,” or the perimeter, of the network. This involves Skyhawk's CDR use of generative AI to make a contextual analysis of the infrastructure and determine potential paths hackers could take to them. This predictive information will enable security teams to identify serious threats much earlier in the attack cycle and prioritize incidents, reducing the noise created by false alarms in existing systems, according to the company. Skyhawk demonstrated the shift left CDR technology in booth #SC503 at Black Hat with plans to make it available in the third quarter. Product pricing will be based on the size of the cloud infrastructure and number of cloud assets enrolled. The feature is meant to be used with Skyhawk’s threat detection and response platform, which includes cloud security posture management (CSPM) and cloud infrastructure entitlement management (CIEM).
Cado: New timeline view
Cado's Timeline is a unified view of multiple data sources across cloud-provider logs, disk, and memory to support viewing cross-cloud evidence items during incidence response within the company’s namesake incident response platform. The new revamped feature is aimed at making Timeline more intuitive to navigate as it moves from card view to tabular view. The update also allows for faceted and saved searches. Cado has also added new capabilities to its open-source volatile artifact collection (VARC) tool for faster and more efficient incident investigation. The new features were showcased at Black Hat USA, booth #SC120.
Cycode: Extended ASPM, IDE plugin
Cycode, an application security posture management (ASPM) system, has expanded its hard-coded secrets detection capabilities to encompass support for Confluence, AWS S3 buckets, and Azure environments, as well as a new IDE plugin for integration with VS Code. The plugin helps developers detect as well as remediate hard-coded secrets from within one system. Additionally, a new Cycode-Azure collaboration allows Cycode Cimon -- a free CI monitoring solution designed to secure CI/CD pipelines -- to operate with Azure DevOps pipelines to enable SLSA (Supply Chain Levels for Software Artifacts) attestation generation. All new capabilities will be available immediately after Cycode's showcases them from booth #1875 at the event. Cycode did not immediately disclose pricing for the new capabilities.
Netrise: New SBOM features and KEV support
NetRise has added ingestion support for two major software bill of materials (SBOM) formats, SPDX and CycloneDX, to its namesake extended internet of things (XIoT) security platform. The features allow users to export data in either format and is designed to enrich SBOMs with vulnerability information. Overlaying CISA's key exploited vulnerabilities (KEV) catalog data on the information gathered in the platform can help to simplify identifying, addressing, and prioritizing known exploits, according to the company. The new features are included in the current pricing model for no additional charges and will be available from August 9. The company showcased the features at booth #SC118.
ThreatConnect: Intelligence requirement capabilities
ThreatConnect has enhanced its machine-learning powered TI Ops Platform for threat intelligence operations with new intelligence requirement capabilities. The new feature is aimed at helping customers define, manage, and track their intelligence requirements (IRs), priority intelligence requirements (PIRs) and requests for information (RFIs), and solve the problem of threat intelligence being produced ad-hoc and siloed without input from stakeholders. It’s designed to give security professionals the ability to create optimally defined requirements and use them to identify relevant intelligence within the customer’s own threat library and ThreatConnect’s global intelligence system. The capability is included within the current pricing model and is available to existing and new customers from August 7. ThreatConnect demonstrated the capability from booth #2940 at Black Hat.
Ironscales: Phishing Simulation Testing, ADE
GPT-powered phishing simulation testing (PST), now in beta launch, is designed to help employers generate highly personalized spear-phishing simulation campaigns to combat hard-to-detect, advanced phishing attacks. Phishing simulation messages are crafted utilizing PhishLLM, Ironscales' proprietary LLM trained on Ironscales' community data, which is part of the Ironscales multimodule platform. Additionally, accidental data exposure (ADE) is being rolled out as Ironscales' new capability for alerting employees when they send potentially sensitive information. Ironscales showcased the new capabilities in booth #2810D and has made them available under beta to limited users until general availability planned for later this year. Pricing for the capabilities is to be decided based on the feedback from the beta launch.
Bionic: ServiceNow integration, Bionic Events
Bionic's application security posture management (ASPM) platform connector now integrates with Service Graph from ServiceNow to provide engineering teams a real-time configuration management database (CMDB) of their applications, microservices, and dependencies in production. Also added to the platform is Bionic Events, which correlates application changes to overall security risk, providing an inventory of specific events with which users can investigate security changes. All the new features are generally available for no additional cost and have been showcased at Black Hat USA at booth #2840.
Huntr is an machine-learning based, open-source bug bounty platform focused on protecting AI open-source software (OSS), foundational models, and ML Systems. The platform offers security researchers an AI/ML bug hunting environment with navigation, targeted bug bounties with streamlined reporting, monthly contests, collaboration tools, and vulnerability reviews. The first contest is focused on Hugging Face Transformers and offers an impressive $50,000 reward. ProtectAI exhibited Huntr at booth #2610 of BlackHat USA 2023.
Cybersixgill: Enhancements to Cybersixgill IQ
The generative-AI based threat intelligence platform Cybersixgill IQ embeds an attack surface management (ASM) module on an organization's existing cyberthreat intelligence (CTI) workflow to deliver contextual business insights. The platform has now added a custom report builder to streamline data collection, analysis, and dissemination. The threat entity navigator has also been improved with correlation and cross-referencing feature for threat entities. Additionally, a credential module has been added to consolidate stolen credentials from repositories and stealer logs. All the enhancements are already available and were demonstrated at Black Hat USA at booth #485.
eSentire's extended detection and response (XDR) SaaS offering has added a new managed detection and response (MDR) agent for the small and medium enterprise (SME) business sector. The agent will be offered as part of the XDR platform, with features including one-push install, expert onboarding, resource management, 24/7 security, and in-house threat intelligence. eSentire is running waiting list for users looking to use the MDR and has yet reveal its plans for general availability. The company has showcased the agent at Black Hat USA, booth #2823.
Cado: New timeline view
Cado's Timeline is a unified view of multiple data sources across cloud-provider logs, disk, and memory to let users view cross-cloud evidence items during incidence response within the company’s namesake incident response platform. The new revamped look is aimed at making Timeline more intuitive to navigate as it moves from card view to tabular view. The update also allows for faceted and saved search. Cado has also added new capabilities to its open-source volatile artifact collection (VARC) tool for faster and more efficient incident investigation. The new features were showcased at Black Hat USA, booth #SC120.