10 risk-related security updates you might have missed at RSAC
AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture.
The annual RSA Conference held in San Francisco every spring is one of the largest, most prominent security conferences in the world. And every year there's one main theme or trend that stands out. It was no surprise that the predominant theme this year was AI.
Officially, 600 exhibitors participated in RSA Conference 2024 (RSAC). A good percentage of those security vendors announced AI enhancements of their existing products or new security products to protect AI workloads. In fact, this year's RSAC Innovation Sandbox winner, AI fraud detection startup Reality Defender, focuses on identifying AI-created deepfakes.
Looking beyond the AI noise and hype, another interesting trend caught my attention: In the weeks leading up to and during the conference, a number of security vendors announced new risk-related capabilities.
Prior to this year, the inclusion of risk capabilities in security products was rare and almost exclusively relegated to governance risk and compliance or third-party risk products. However, security vendors are reacting to the increasing pressure that CISOs and security teams are under as a result of the ever-increasing number of security incidents and breaches by adding risk-related capabilities to their products.
Security products that incorporate the measurement and reduction of risk within the organization tend to be more effective at identifying and remediating higher-impact security threats as opposed to security products that do not include any notion of risk. While not a security "silver bullet," seeing security vendors incorporating risk capabilities is encouraging news and a step in the right direction to help security teams reduce their organization's risk exposure.
Here are 10 security vendor announcements related to risk that have been released in recent months (listed alphabetically):
- Brinqa delivered a major update to its Risk Operations Center platform. The Brinqa platform, with its cyber-risk graph, unifies security findings with business and threat data to help organizations prioritize, remediate and report on risk. The new capabilities, first announced in April, are designed to accelerate time to value and simplify running a risk operations center.
- Cloudflare announced Cloudflare for Unified Risk Posture, a new risk management suite designed to streamline the process of identifying, evaluating and managing cyberthreats that pose risk to an organization, across all environments.
- CyberSaint, a cyber-risk management company, launched a NIST Cybersecurity Framework Benchmarking Feature, which enables CISOs and security teams to measure their NIST posture against industry peers through a historical maturity graph on their executive dashboard.
- Forescout Technologies announced Forescout Risk and Exposure Management, which provides enterprises with a new automated and multifactor risk prioritization approach to remediate vulnerabilities and strengthen their security posture across the attack surface.
- JupiterOne introduced its Continuous Threat Exposure Management platform with JupiterOne and WatchTowr in April. The tools proactively discover, assess, identify, validate, report and mitigate emerging threats before they impact the business.
- OX Security launched Attack Path Reachability Analysis, which provides a comprehensive view of potential attack paths within the OX application security posture management platform.
- Qualys announced CyberSecurity Asset Management 3.0, which integrates Qualys' vulnerability assessment capability and external attack surface management. The updates deliver an accurate, real-time view of the external attack surface that eliminates more false positives to mitigate the risk of unknown assets.
- Splunk added Splunk Asset and Risk Intelligence to its portfolio. The new software provides users with a continually updated inventory of assets and identities, eliminating duplicate or stale data for more accurate, comprehensive asset insights, reducing risk exposure.
- Trend Micro delivered AI-driven cyber-risk management capabilities across its entire flagship platform, Trend Vision One, which integrates more than 10 industry technology categories into one offering to help various IT teams manage risk proactively.
- Veracode introduced new repository risk visibility and analysis capabilities from Longbow Security, powered by Veracode, which speeds up remediation of application risk from code repositories to runtime images.
In the coming weeks, I'll be digging into my next research project on cyber-risk management. If you are a CISO, security leader, security champion or practitioner and are dealing with risk related to assets and attack surface visibility or cyber-risk reporting and mitigation in your organization, I'm interested in hearing how you are meeting these challenges. Feel free to reach out.
David Vance is a senior analyst covering risk and vulnerability management for TechTarget's Enterprise Strategy Group. He has more than 25 years of IT and cybersecurity experience helping clients be more successful in the market.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.