GenAI has continued to be a precedent for cybersecurity vendors recently in the first part of the year, however, many other new products, in addition to SIEM, SASE and XDR, disappeared in the first part of the year.
The list of generative AI from cybersecurity teams continued to grow in the first part of the year, adding the arrival of widely anticipated GenAI-based features from security giant Palo Alto Networks. With the company’s launch of Precision AI in May, GenAI and device learning are now being incorporated into “each of our products,” said Nikesh Arora, CEO of Palo Alto Networks, at a launch event for the new set of AI features.
[Related: Here’s What 20 Top Cybersecurity CEOs And CTOs Were Saying At RSA Conference 2024]
Many vendors are tapping into GenAI capabilities for automating Security Operations Center (SOC) work, particularly around automating routine activities such as gathering threat information and automatically creating queries. “You can’t rely on the AI 100 percent to answer [a query] for you,” said Randy Lariar, big data and analytics practice director at Denver-based Optiv, No. 25 on CRN’s Solution Provider 500 for 2024. “But you can work with it, and it can help you to review a couple dozen articles to find the [threat indicators] that matter.”
Meanwhile, plenty of other new products from top channel-friendly cybersecurity companies have debuted during the first half of the year. Those include new offerings in key segments such as SIEM (security information and event management), SASE (secure access service edge) and XDR (extended detection and response) — from major vendors such as CrowdStrike, Cisco and Zscaler. We’ve collected the details on 10 of the new cybersecurity tools that have come onto our radar at CRN during the first half of 2024.
CrowdStrike, for example, announced the release of the general availability of its Falcon Next-Gen SIEM supply in May. As part of the launch, “we went from dozens of integrations to a bunch of integrations with other generation providers,” CTO Elia Zaitsev said, while CrowdStrike “now also works with MSSPs and GSIs that standardize this platform. “
New cybersecurity products and equipment arrive as threats continue to rise – the first part of 2024 was marked by a series of primary knowledge extortion and ransomware attacks that were widely felt by both businesses and consumers. Some of the high-profile cyberattacks come with disruption. of healthcare in the US in connection with the ransomware attacks on prescription processor Change Healthcare and Ascension Health System, as well as the widespread compromise of Ivanti VPNs and the breach of Microsoft executives’ accounts, any of which affected US government agencies.
As CRN continues to keep up with new technologies that aim to help its partners protect their consumers from developing threats, here are the key takeaways on 10 of the new cybersecurity equipment and products in 2024 through moment.
CrowdStrike: Falcon Next-Gen SIEM
CrowdStrike announced the general availability launch for its Falcon Next-Gen SIEM offering, as well as several new capabilities for the product. Falcon Next-Gen SIEM (security information and event management) has been updated with numerous additional integrations with third-party technologies as well as greater incorporation of the company’s Charlotte GenAI assistant, CrowdStrike CTO Elia Zaitsev told CRN.
In addition to introducing “hundreds of integrations,” CrowdStrike has now “fully incorporated Charlotte’s complex AI features and leveraged the next-generation SIEM platform,” it said. For example, Charlotte AI Investigator can correlate context related to security incidents and provide GenAI-powered incident summaries. “It will bring up alerts, systems, and related users that you think are part of the incident you’re investigating, that you may not have uploaded yet, and give you the option to upload them in real time to your incident charts plan. “, Zaitsev.
Another key capability that hadn’t been previously available in Falcon Next-Gen SIEM was what the company describes as “multiplayer” functionality, Zaitsev said. “In the past, multiple analysts could be working an incident, but they weren’t getting real-time updates and information from each other. Now as they’re collaboratively working on these incidents in real time, changes are being streamed to each other,” he said. “People were using things like spreadsheets and Google Docs and other systems to try to keep track and collate all these information sources in one place. We’re now giving them a single tool—with all the AI automation on top as well—to surge together, have this multiplayer SOC [Security Operations Center] experience.”
Palo Alto Networks: Precision AI
Palo Alto Networks introduced its new Precision AI features in its product portfolio, as well as various equipment to protect the use of GenAI itself. “Today, the security that we can offer [to] consumers is now provided through diverse device learning bureaucracy and AI to make sure that we use state-of-the-art technologies to protect you, something that we are concerned that bad actors may use to attack you,” CEO Nikesh Arora said during remarks at the announcement event. “The only way to combat AI is with AI. “
Palo Alto Networks is striving to realize its vision of “real-time security” with its Precision AI capabilities, which come with GenAI and device learning capabilities. By leveraging Precision AI, “based on our rough analysis, this is about a 60x improvement in learning speed on new attacks,” Lee Klarich, lead product manager, told CRNA.
Meanwhile, Palo Alto Networks also announced a number of new equipment to protect the use of GenAI, adding AI Access Security to protect the use of AI applications; AI-SPM (security posture management) to identify vulnerabilities in AI models; and AI Runtime Security for protection against runtime threats, such as immediate injections.
In addition, 3 co-pilot assistants with GenAI technology from Palo Alto Networks: Strata Copilot, Prisma Cloud Copilot and Cortex Copilot.
Cisco: Hypershield
Cisco Systems brought Hypershield, a new architecture capable of distributing the security application across three other layers: operating systems, servers, and routers/switches. Therefore, Hypershield can cover applications in the data center and Kubernetes clusters in the public cloud, while protecting all containers and virtual machines, according to Cisco. “It allows you to deploy security down to the last detail, and you can deploy it anywhere,” Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group, told CRN.
Hypershield relies on open source eBPF, or “building blocks,” to attach cloud-native workloads into hyperscale cloud environments, according to Cisco executives. Cisco completed its acquisition of Isovalent, a leading provider and co-creator of eBPF for enterprises in April.
Overall, Hypershield is “pretty unique,” Gillis said. Something that runs on a server, a switch, or the operating system. There’s only one company in the world that can do that, and that’s Cisco. “
SentinelOne: Singularity, Purple AI Updates
SentinelOne debuted a major new automated investigation capability on its Singularity Platform, powered by its Purple AI technology. Auto-Investigation is “where Purple is conducting the investigation on your behalf,” Ric Smith, SentinelOne’s chief product and technology officer, told CRN. Today, Security Operations Center teams are “hyper-burdened with alerts,” Smith said. “We’re trying to make it such that this [technology] can go through and deal with the investigation on behalf of the analyst. It’s basically burning down that backlog and burning down risk, which has never been done before.”
SentinelOne also announced what it calls a “new unified security console” with the general availability launch of the Singularity Operations Center. The provision delivers on a long-standing promise to provide users with a single, centralized and unified security dashboard, according to the company.
Netskope: SASE for Midmarket
Netskope has introduced a new edition of its secure access service that better meets the desires of mid-market customers. In an exclusive interview with CRN, Netskope co-founder and CEO Sanjay Beri said the vendor’s new offering aims to fuel SASE’s expansion from the company, where the technique has become popular in recent years, to “at the mid-market level. ” . Netskope SASE’s mid-market supply also stands out with features and pricing tailored to MSPs and MSSPs, who are expected to play a leading role in delivering generation to mid-market customers, Beri said.
Service providers “want to offer a single-vendor platform, as long as it’s undeniable to their customers,” he told CRN. Netskope designed its mid-range SASE offering to offer “the right price, the right features, in fact integrated, delivered from our global infrastructure” and with the needs of MSPs and MSSPs at the forefront, Beri said.
Zscaler: SASE Zero Trust
Zscaler introduced a new SASE offering in the first part of the year, with the launch of its Zscaler Zero Trust SASE. As part of the launch, Zscaler announced its first SD-WAN offering, allowing the company to offer a single solution. vendor’s SASE platform for the first time. The company’s SD-WAN appliance is established as a component of other SD-WAN providers by routing traffic from on-premises environments through Zscaler’s Zero Trust Exchange platform. to provide secure connections to enterprise programs and data, Zscaler CTO Syam Nair told CRN. Zscaler’s approach, even with SD-WAN, is: “We need to leverage Zero Trust Exchange,” Nair said. “That’s the unique differentiator. “
Other key capabilities for the Zscaler Zero Trust SASE include using the company’s adaptive AI technology to continually analyze the potential risk across users, devices, content and destinations, according to the company.
Cato SASE Cloud Extension
Cato Networks has expanded its Cato SASE Cloud platform with the inclusion of risk detection and incident reaction. Cato Cato also brought in a SASE-managed endpoint protection platform (EPP) as the company expands its SASE platform beyond networking, risk prevention and knowledge coverage, Frank Rauch, head of the Cato global channel.
“The explanation for why [partners] are excited about this announcement is essentially [because] it’s just a built-in platform. The feedback from partners right now is that the platforms are winning. . . Cato is, in fact, the antidote to the complexity of security. Rauch said.
Wiz: AI-SPM Updates
For fast-growing cybersecurity firm Wiz, major additions to its cloud and AI security platform have included native AI security capabilities with its AI-SPM (AI security posture management) offering. Wiz’s AI-SPM aims to protect the use of AI tools during the software development process. The cloud security vendor has also recently extended its AI-SPM support to include the OpenAI API Platform. Wiz has said it’s the first CNAPP (cloud-native application protection platform) provider to secure customers of OpenAI, the maker of ChatGPT.
Overall, the AI revolution is happening in the cloud, said Assaf Rappaport, co-founder and CEO of Wiz, in a recent interview with CRN. Almost “all AI workloads would run in the cloud and primarily as a cloud service,” Rappaport said. “The cloud is the next infrastructure for the organization, and that’s where it needs to be. ”
Fortinet: FortiOS 7. 6
Fortinet has launched the latest edition of its flagship FortiOS platform, which already combines network operations and security, and comes with “hundreds” of new features, adding generative AI and knowledge protection. The company’s FortiOS 7. 6 includes SD-WAN, Secure Access Service Edge (SASE), wireless LAN and AI capabilities, among others, John Maddison, Fortinet’s lead marketing director, told CRN.
The upgrade integrates GenAI with FortiAI’s on-premises inclusion in Fortinet’s core knowledge lake, FortiAnalyzer, and its unified control console, FortiManager. The integrations in FortiOS 7. 6 will put research and response at risk, according to the company.
Secure Security: Risk-Based Third Party Management
Safe Security has expanded into the area of third-party threat control with the launch of the company’s new Safe TPRM (Third-Party Risk Management) module. The offering stands out by quantifying the risk of expressed threats, such as ransomware and data exfiltration, to Third Party Providers in an “actionable” way, Saket Modi, co-founder and CEO of Safe Security, told CRN. For example, Safe TPRM offers a real ransomware dollar threat at any given time. A third, Modi said. “We quantify the threat in a way that the company can understand. “
In addition to providing enhanced third-party threat monitoring to existing vendors in the space, Safe Security also combines third-party signals with the SaaS and first-party threat awareness the company has already offered, according to Modi. As a result, “in a single dashboard, you can bring your first-party, third-party, and SaaS [threat] applications into one,” he said.