BlackBerry, Microsoft, Proofpoint, McAfee, Palo Alto Networks and Spirion are among the companies making product announcements in San Francisco at the start of the annual RSA Conference.
The conference officially kicked off today with keynote speeches.
BlackBerry said it has added a new unified endpoint security layer to its Spark platform, creating what it calls a new unified endpoint management and unified endpoint security service for both desktop and mobile devices.
As a result BlackBerry applications now offer grants visibility across desktop, mobile, server, and IoT (including automotive) endpoints to security teams as well as improved cyber threat prevention and remediation.
“It means there’s efficiencies, lower cost, better use of people’s time,” Nigel Thompson, BlackBerry’s vice-president of product solutions marketing, said in an interview.
Spark is a platform introduced in September 2018 that underlies BlackBerry applications and allows connectivity with third parties like Amazon AWS, Google, Microsoft Azure and device makers through a single dashboard. The goal is to deliver comprehensive security on one agent across all of a company’s endpoints through one console. Threat data from all endpoints can be combined into one “crowd-sourced” repository and managed in one cloud environment.
With the new capability, the security will have better visibility across all endpoints — both corporate and employee-owned — said Thompson. Meanwhile IT staff can use the same BlackBerry tools they do now for endpoint protection but can add protection for mobile devices. These include Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), Mobile Threat Defense (MTD) and Continuous Authentication.
Data Loss Prevention (DLP) and Secure Web Gateway will be added soon.
BlackBerry said these capabilities work together seamlessly to share data for reporting, calculating risk scores and enabling policy controls. For example, EDR leverages EPP and MTD technologies to prevent malware across the organization. Continuous authentication uses data from MTD, EPP and EDR to create behavioural profiles. Detailed understanding of data from DLP helps to further define the risks.
Microsoft made several announcements of interest to CISOs.
Insider Risk Management is now available for organizations using Microsoft 365, the company’s cloud-based service that includes Windows 10, Office 365 and Enterprise Mobilty.
“By gathering signals from across Microsoft 365 and other third-party systems, Insider Risk Management can identify anomalies in user behavior and flag high-risk activities,” the company said. “With privacy built-in by design, the system leverages AI and machine learning to mitigate insider risks and better protect and govern the organization’s data.”
It leverages policy templates and policy conditions that define what risk indicators are examined in Microsoft 365. These conditions include how indicators are used for alerts, what users are included in the policy, which services are prioritized, and the monitoring time period. New templates include Departing Employee Data Theft, Data Leaks and Offensive Language in Email.
Insider Risk Management is now part of the top-level E5 subscription package.
Also now available for Microsoft 365 customers is Microsoft Threat Protection, which combines and orchestrates the capabilities of four separately-sold security products: Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email, Azure Active Directory ATP for identity, and Microsoft Cloud App Security for protecting applications.
Microsoft Threat Protection gives a focused view of the data from all those products through a list of prioritized alerts. Admins can also set automatic remediations. There’s no charge for this capability: It comes free with the purchase of two or more of the security products.
The Azure Sentinel security information and event management (SIEM) suite gets more capability with the addition of a connector for data from IoT devices. Also for a limited time Microsoft is allowing subscribers to import AWS CloudTrail logs into Azure Sentinel at no charge.
Proofpoint announced integrated, end-to-end solutions it says will address business email compromise (BEC) and email account compromise (EAC) attacks.
They combine the company’s secure email gateway, advanced threat protection, threat response, email authentication, security awareness training, and cloud account protection.
Broadly speaking BEC attacks are aimed at tricking an employee into sending money and data to fake accounts. Often the scam is aided by compromising the accounts of partner companies, and a number of firms and governments have lost millions in these cons.
No pricing was announced.
In addition, to help organizations combat advanced cyberattacks that use both email and cloud vectors, it also announced multiple Proofpoint Cloud App Security Broker (CASB) innovations to safeguard the cloud applications employees use every day such as Amazon Web Services, Box, Google G Suite, Microsoft Office 365, and Slack.
Spirion announced the release of its new SaaS platform, Data Privacy Manager.
Data Privacy Manager enables organizations to automatically discover, classify, understand, control and protect sensitive data to ensure compliance. It is said to provide optimal performance for ever-growing volumes of data to ensure high-precision discovery and classification of sensitive data types, both structured and unstructured, across on-premise and cloud-based environments.
The highly configurable platform is compatible with Windows, Apple OSX and Red Hat Linux, allowing organizations to build limitless agents that can search for sensitive data faster across the cloud and on-premise systems.
FireEye announced the availability of FireEye Mandiant Threat Intelligence Suite, which is comprised of curated threat intelligence subscriptions and services. Available via three tiers (Standard, Advanced and Enterprise) they are said to make it easy for organizations to select the option that best fits their needs.
Depending on the service users get access to published intelligence reports covering strategic and operational intelligence, cybercrime and cyber espionage threats, information operations, industrial control system threats and vulnerability intelligence; tailored, proactive monitoring and analysis of threats to your brand, your VIPs and your integrated partner community; and access to a dedicated analyst who can help pursue research and analysis.
Palo Alto Networks introduced Cortex XSOAR, an extended security orchestration, automation and response platform it says will empower security leaders with instant capabilities against threats across their entire enterprise.
Cortex XSOAR is an evolution of the Demisto platform, which was bought by Palo Alto just over a year ago. Â Demisto customers will be migrated to Cortex XSOAR upon general availability, expected next month, with an option to evaluate the new Threat Intel Management module at no additional cost.
XSOAR allows admins to standardize and automate processes for any security use case, adapt to any alert with security-focused case management, boost SecOps efficiency with real-time collaboration and take action on threat intelligence by aggregating disparate sources, customizing and scoring feeds, and matching indicators against a customer’s specific environment.
McAfee announced additions to its MVISION platform with the availability of Unified Cloud Edge, which protects enterprise data across devices, web and the Cloud; Cloud Native Infrastructure Security, which helps organizations protect the entire infrastructure and application stack of cloud-native applications; and a global Managed Detection and Response (MDR) offering.
Unified Cloud Edge protects data as it leaves a device, travels to and from the cloud and within Software-as-a-Service (SaaS) cloud services. It brings together the capabilities of McAfee’s Cloud Access Security Broker product, McAfee Web Gateway, and McAfee Data Loss Prevention offerings to deliver a unified environment to create and enforce data security and threat protection policies in the cloud, on the web and on the device.
Cloud-Native Infrastructure Security is designed to secure the full stack of cloud-native applications including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and container environments. Together, they enhance and simplify security by providing a core set of common security services that are cloud-native, unified and open.
It combines McAfee’s Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP) and Container Security technologies into one security management experience.
(This story has been updated from the original by adding more detail to the Microsoft announcements)