The Next Frontier: Unveiling the Key Announcements from Black Hat USA 2023

Hundreds of companies and organizations showcased their cybersecurity products and services at the 2023 edition of the Black Hat conference in Las Vegas. The conference provided a platform for vendors to announce new products, updates to existing offerings, reports, and other initiatives.

### MELEE: Tool for Detecting Ransomware in MySQL Instances

One notable announcement at the conference was the release of the MELEE tool by F5. MELEE is a tool designed to detect ransomware infections in MySQL instances. It allows researchers, penetration testers, and threat intelligence experts to detect compromised MySQL instances running malicious code. The tool also enables research into malware targeting cloud databases. The development of this tool is a significant step in the fight against ransomware attacks, which have become increasingly prevalent in recent years.

### Abnormal Security: New Tool to Detect AI-Generated Attacks

Abnormal Security, an email security firm, launched the CheckGPT tool at Black Hat USA 2023. CheckGPT is designed to detect AI-generated email attacks, specifically those using generative AI. The tool determines the likelihood of a business email compromise (BEC) or other social engineering attack being created using generative AI. This technology is crucial in the battle against sophisticated cyber attacks, as criminals continue to use AI for malicious purposes.

### Adaptive Shield: Identity Threat Detection and Response Capabilities

Adaptive Shield unveiled its Identity Threat Detection and Response (ITDR) capabilities at the conference. These capabilities aim to help organizations mitigate identity-related threats, which are a common entry point for cyber attacks. The ITDR capabilities can be combined with Adaptive Shield’s SaaS Security Posture Management (SSPM) solution, providing a comprehensive approach to identifying and responding to identity-related cybersecurity risks.

### BigID: Data Risk Assessment for Hybrid Environments

Data security firm BigID announced a new data risk assessment reporting capability. This capability allows organizations to streamline data security posture reporting in hybrid environments. With the increasing use of cloud services and distributed architectures, assessing and managing data risk is becoming increasingly complex. BigID’s new reporting capability aims to provide organizations with the tools they need to effectively assess and address data security risks in these environments.

### Bionic: ASPM Product Innovations

Bionic, an application security posture management (ASPM) firm, introduced several product innovations at the conference. These innovations include a new ServiceNow Service Graph Connector, which provides security teams with a real-time configuration management database (CMDB) of their cloud applications, microservices, and dependencies in production. Bionic also unveiled Bionic Events, a feature that correlates application changes to overall security risk. These innovations enhance the capabilities of Bionic’s ASPM platform and provide security teams with better visibility and control over their application security posture.

### Cado Security: Enhanced Volatile Artifact Collection Tool

Cado Security presented the latest capabilities of its open-source volatile artifact collection (VARC) tool at Black Hat USA 2023. The tool now includes proactive scanning for malicious activity powered by YARA rules. This enhancement enables organizations to detect and respond to malicious activity more efficiently, improving their incident response and forensic analysis capabilities.

### Code42: Source Code Exfiltration Detection

Code42, an insider risk management firm, has improved its Incydr data protection solution to include source code exfiltration detection. This enhancement allows organizations to identify the origin and destination of source code, helping to prevent intellectual property theft. Code42 also announced integration with the no-code automation platform Tines, enabling automated incident response workflows and reducing response times.

### Cycode: New ASPM Platform Capabilities

Cycode introduced new capabilities for its Application Security Posture Management (ASPM) platform. These capabilities include hardcoded secrets detection in cloud-based workplaces, collaboration with Azure DevOps pipelines to ensure supply chain integrity, and a new IDE plug-in for VS Code integration. These enhancements further strengthen the ASPM platform’s ability to detect and mitigate application security risks, making it a valuable tool for organizations seeking to secure their software development lifecycle.

### Cybersixgill: Enhanced Generative AI Solution

Cybersixgill announced enhancements to its IQ generative AI solution. These enhancements include a new capability of factoring attack surface context to deliver insights specific to each customer, new custom report-building capabilities, and a new module for uncovering compromised credentials. Cybersixgill’s generative AI solution helps organizations detect and respond to cyber threats by analyzing large volumes of data and generating actionable intelligence in real-time.

### Cymulate: New Capabilities for Exposure Management and Security Validation Platform

Cymulate announced new and expanded cloud-focused attack simulation templates and resources for its exposure management and security validation platform. These additions cover all major public cloud providers, allowing organizations to assess their cloud security posture and identify potential vulnerabilities. Cymulate’s platform enables continuous security testing and validation, helping organizations stay one step ahead of cyber threats.

### CrowdStrike: Counter Adversary Operations Offering

CrowdStrike announced a new Counter Adversary Operations offering at Black Hat USA 2023. This offering combines Falcon Intelligence, Falcon OverWatch managed threat hunting teams, and telemetry events from the Falcon platform to detect, disrupt, and stop adversaries. The first Counter Adversary Operations offering focuses on Identity Threat Hunting, aiming to identify and neutralize threats targeting organizations’ identities.

### Critical Start: Managed Cyber Risk Reduction

MDR firm Critical Start introduced Managed Cyber Risk Reduction (MCRR), an evolution of MDR that provides a comprehensive managed solution to address risks, vulnerabilities, and threats. MCRR goes beyond traditional MDR services by offering a holistic approach to risk reduction, combining threat detection and response with proactive risk management and vulnerability remediation. This approach helps organizations reduce their overall cyber risk and improve their cybersecurity posture.

### eSentire: New MDR Agent for SMBs

MDR firm eSentire enhanced its SMB-focused XDR platform with a new MDR Agent. This agent provides full-scale threat prevention, detection, response, and investigation capabilities for small and medium-sized businesses. By integrating these capabilities into a single agent, eSentire aims to simplify the security operations of SMBs and provide them with enterprise-grade cybersecurity protection.

### IBM and Cloudflare: Collaborating to Mitigate Bot-Based Threats

IBM and Cloudflare announced their collaboration on Cloudflare Bot Management on IBM Cloud Internet Services. This new offering enables users to better manage and mitigate bot-based threats by applying multiple detection methods. The Bot Management feature is available for IBM CIS clients using the CIS Enterprise Premier plans, providing them with enhanced protection against malicious bot activity.

### Ironscales: GPT-Powered Phishing Simulation Testing

Cloud email security firm Ironscales launched a beta version of a GPT-powered phishing simulation testing capability. This capability uses generative AI to create realistic phishing emails for testing and training purposes. Ironscales also introduced a new accidental data exposure capability, which alerts employees when they send potentially sensitive information, helping organizations prevent inadvertent data breaches.

### Microsoft: Cloud Security Offering Enhancements

Microsoft announced enhancements to its cloud security offering, Microsoft Defender Cloud Security Posture Management (CSPM). These enhancements include multicloud posture management capabilities for Google Cloud Platform (GCP), extending sensitive data discovery capabilities to GCP Cloud Storage, and expanding agentless scanning, data-aware security posture, cloud security graph, and attack path analysis capabilities to GCP. These improvements strengthen Microsoft’s cloud security offering and provide organizations with better visibility and control over their cloud environments.

### NetRise: SBOM Management and CISA KEV Support

XIoT security firm NetRise unveiled new capabilities for working with Software Bill of Materials (SBOMs) and support for CISA’s Known Exploited Vulnerabilities (KEV) catalog. These capabilities help organizations manage and understand risks associated with software components in the firmware of connected devices. By leveraging SBOMs and KEV information, organizations can improve their vulnerability management processes and proactively address potential risks.

### NetSPI: AI Pentesting Capabilities

NetSPI, an offensive security firm, introduced its AI-powered machine learning (ML) pentesting solution. This solution focuses on two components: identifying and remediating vulnerabilities in ML systems and providing recommendations and guidance for ensuring security throughout the design and implementation phases of ML-based products. With the increasing adoption of ML in various industries, this AI pentesting solution provides organizations with the tools they need to secure their ML systems effectively.

### OCSF: New Open Data Schema

The Open Cybersecurity Schema Framework (OCSF) announced the general availability of its schema at the conference. OCSF aims to deliver a simplified, extensible, vendor-agnostic taxonomy for cybersecurity operations. The framework can be integrated into any environment, application, or solution to complement existing security standards and processes. OCSF provides organizations with a standardized approach to cybersecurity operations, enabling better collaboration and interoperability.

### OPSWAT: 2023 Threat Intelligence Survey Results

OPSWAT published the results of its 2023 threat intelligence survey, which revealed that only 22% of organizations have a fully mature threat intelligence program. The survey also highlighted the need for additional investments in threat intelligence, as 62% of respondents recognized the importance of these investments. Additionally, the survey found that only 11% of organizations currently use AI for threat detection, but 56% of respondents are optimistic about its future use. These survey results emphasize the importance of developing mature threat intelligence programs and harnessing the power of AI in cybersecurity.

### Panorays: Smart Match AI Capability

Panorays added a Smart Match capability to its AI-powered third-party security risk platform. This new capability accelerates response times and simplifies risk analysis for users. Smart Match uses AI algorithms to match security questionnaires with security controls, enhancing the efficiency and effectiveness of third-party risk assessments. By automating the matching process, Panorays enables organizations to quickly identify and mitigate potential security risks in their supply chains.

### Protect AI: Bug Bounty Program for AI/ML

Protect AI acquired bug bounty platform Huntr and launched an AI/ML bug bounty program. This program provides a bug hunting environment, targeted bug bounties, monthly contests, collaboration tools, and vulnerability reviews. With the increasing reliance on AI and ML technologies, it is crucial to identify and address any vulnerabilities or weaknesses in these systems. Protect AI’s bug bounty program aims to incentivize researchers to discover and report AI/ML-related vulnerabilities, ultimately improving the security of AI-driven technologies.

### Radiant Security: AI-Powered SOC Co-Pilot

Radiant Security emerged from stealth mode with an AI-powered SOC co-pilot. This platform is designed to boost SOC effectiveness and productivity by streamlining and automating various SOC processes, including alert triage, incident investigation, incident containment and remediation, escalation and approval workflows, and resiliency improvements. By leveraging AI, Radiant Security’s SOC co-pilot enables security teams to work more efficiently and effectively, ultimately enhancing overall cybersecurity operations.

### Sevco Security: New Vulnerability Hunting Capabilities

CAASM platform provider Sevco Security added new vulnerability hunting capabilities to its platform. These capabilities enable organizations to assess vulnerabilities across different asset classes and evaluate mitigating controls against identified vulnerabilities continuously. By providing real-time risk and exposure management directly in the cloud-native asset intelligence platform, Sevco Security helps organizations understand their actual risk and take proactive steps to mitigate potential vulnerabilities.

### SecurityScorecard: Managed Cyber Risk Services

SecurityScorecard announced new managed cyber risk services to help organizations operationalize third-party cyber risk management and mitigate zero-day and critical supply chain vulnerabilities. These services provide organizations with the tools and expertise they need to effectively manage and mitigate cyber risk throughout their supply chains. By leveraging SecurityScorecard’s managed services, organizations can strengthen their security posture and reduce the risk of cyber attacks.

### SentinelOne: Vulnerability Management Solution

SentinelOne launched Singularity Ranger Insights, a vulnerability management solution that helps organizations discover unmanaged assets, evaluate and prioritize threats, and mitigate risk using a single console and agent. This solution simplifies and centralizes vulnerability management processes, enabling security teams to identify and address vulnerabilities more efficiently. With the increasing complexity of modern IT environments, having a comprehensive vulnerability management solution is crucial for maintaining a strong cybersecurity posture.

### Sonet.io: Data Loss Protection for Generative AI

Sonet.io, a secure onboarding and remote worker management firm, announced support for data loss protection, monitoring, and observability capabilities for ChatGPT and other generative AI tools. These capabilities enable organizations to detect when sensitive data is downloaded, uploaded, copied, pasted, or typed into generative AI tools. With the growing use of AI tools, it is essential to have robust data loss prevention measures in place to protect sensitive information.

### Stack Identity: Shadow Access Impact Report

IAM firm Stack Identity published its inaugural Shadow Access Impact Report, which provides insights into the state of access controls and permissions in cloud environments. The report highlights several key findings, including that only 4% of identities are human, 5% of identities in the cloud have admin permissions, 75% of policies used in cloud environments include write permission, and 28% of policies in the cloud have some level of permission management. These findings emphasize the need for organizations to improve their access controls and permissions management practices in cloud environments.

### Syxsense: AI Engine for Endpoint Management

Unified security and endpoint management firm Syxsense introduced Cortex Copilot, an AI engine that simplifies and speeds up the process of creating endpoint management and security workflow automation. Cortex Copilot uses natural language queries to automate smart task generation and intelligent scripting, enabling IT and security teams to be more efficient and proactive in managing and securing their endpoints. This AI-powered solution enhances organizations’ ability to manage their endpoints effectively and respond to security incidents in a timely manner.

### ThreatConnect: Intelligence Requirement Capability

ThreatConnect added a new intelligence requirement capability to its threat intelligence operations (TI Ops) platform. This capability enables customers to define, manage, and track intelligence requirements and requests for information more effectively. By streamlining the intelligence requirement process, ThreatConnect helps organizations improve the accuracy and efficiency of their threat intelligence operations.

### ThreatX: Sensitive Data Exposure Capabilities for APIs

API and application security firm ThreatX unveiled new capabilities designed to detect and protect high-risk APIs containing sensitive user and authentication data. These new capabilities enhance organizations’ ability to secure their APIs and prevent data breaches. With the increasing reliance on APIs for data exchange and integration, it is critical to have robust security measures in place to protect sensitive information.

### Tenzir: Security Data Pipeline Platform

Tenzir launched a security data pipeline platform that optimizes SIEM, cloud, and data costs. The platform is available as an open-source developer edition, a free Community Edition, and a commercial Enterprise Edition. By providing organizations with a cost-effective and efficient way to manage security data, Tenzir helps them improve their threat detection and response capabilities, ultimately enhancing their overall cybersecurity posture.

### XM Cyber: Continuous Exposure Management Enhancements

Cloud exposure management firm XM Cyber enhanced its continuous exposure management capabilities. The enhancements extend customers’ ability to address hybrid cloud Active Directory attacks and prioritize and remediate threats. By continuously monitoring and assessing exposures, XM Cyber’s platform empowers organizations to proactively address potential vulnerabilities and protect their environments from cyber threats.

In conclusion, the Black Hat USA 2023 conference showcased numerous advancements and innovations in the cybersecurity industry. These announcements demonstrate the ongoing efforts of companies and organizations to create effective solutions for detecting and mitigating cyber threats. However, with the ever-evolving nature of cyber attacks, it is crucial for individuals and organizations to remain vigilant and continuously update their security measures to stay one step ahead of cybercriminals.