Black Hat USA, one of the premier cybersecurity conferences held yearly, is prime time for vendors to announce new cybersecurity products, and this year was no exception.
Extended detection and response (XDR), an advanced way of collecting and correlating detection and activity across multiple security layers, was the topic of several announcements at this week’s Black Hat conference.
Optiv Security announced Optiv MXDR, a new XDR managed service it says can stop threats earlier in the attack lifecycle and minimize business impact. The cloud-based advanced threat detection and response service ingests data across various layers of technologies to correlate, normalize, enrich and enable automated responses to malicious activity in real time, according to the company. By automating incident investigation with actionable insights, organizations can detect threats faster and prioritize which ones to mitigate first, significantly reducing the attack surface, said John Ayers, an Optiv vice president.
Hunters, which developed an open XDR platform that amplifies true positive signals through its dynamic scoring and automatic investigation mechanism, announced new capabilities at the Black Hat conference that it said will make an even more viable alternative to security information and event management (SIEM) technology. New capabilities provide more context by enriching alerts with additional data correlated with information from external sources. Investigations now focus on the key entities involved in a specific activity and automatically provide explanations and insights on what happened. In addition, users can now add their own detection logic into the platform to query the data without having to write any SQL code.
Other interesting product announcements from the 2021 Black Hat conference include:
Real-time identification of new and existing dangerous internet infrastructure: DomainTools’ new technology helps organizations cross-check new domains against domains identified in a web proxy or DNS resolver to identify potentially harmful traffic. It does this by providing three different types of feeds: a daily feed of high-risk IP addresses hosting hostile domains that are observed to be active within a 24-hour window; a daily feed of all IP addresses known to be hosting domains; and a daily feed of all newly registered and newly observed domains.
Fast cloud security monitoring solution: Blumira introduced what it says is the industry’s fastest cloud security monitoring solution. The Cloud Collector, which uses a new proprietary detection system to increase speed, can now deliver real-time threat notifications in milliseconds, enabling companies to respond to cybersecurity threats more quickly, the company said.
SaaS version of augmented intelligence and conversational analytics platform: Night Shift Development is moving forward with its software-as-a-service (SaaS)-based version of ClearQuery, an augmented intelligence and conversational analytics platform often used to improve threat hunting and application performance. ClearQuery often works in concert with Elastic Stack, taking advantage of Elastic’s natural language query capabilities. The SaaS version, now in beta, is designed to make it easier for non-technical users to use the solution.