Top cybersecurity product news of the week

Stream Security announces Cloud Twin cloudsecops platform

November 14: Stream Security (formerly Lightlytics) has announced three new features for its Cloud Twin engine, a cloud security operations (cloudsecops) platform that can help detect and investigate threats and exposures in their cloud environments. The company claims it can now map cloud dependencies in real-time rather than periodically, allowing security and operations teams to better cooperate to address security gaps.

The new features, which will be automatically available to existing customers, are:

• Azure integration: Cloud Twin now supports Microsoft Azure, which Stream Security claims allows it to model all the possible paths and traffic between different cloud platforms.
• Vulnerability correlation: The platform can help security teams prioritize efforts by correlating vulnerabilities with their exploitability level.
• Threat anomaly detection: Cloud Twin now has threat anomaly detection capabilities to identify malicious behavior and unauthorized access.

Kasada launches KasadaIQ attack prediction services

November 14: Threat detection and management firm Kasada has launched a new attack prediction platform designed to counter bot fraud. The KasadaIQ suite debuted with its first service, KasadaIQ for Fraud, with plans to add more capabilities in the future.

KasadaIQ for Fraud is designed to provide businesses with insight into how bots target digital channels and customer data by offering visibility into non-traditional data sources and adversary communities through the “capability to detect attacks before they happen and confirm threats that would otherwise go undetected,” the company said.

Core functions of KasadaIQ for Fraud include:

Unconventional sourcing: Kasada monitors activity within non-traditional sources — including resale marketplaces, fraud groups, proxy providers, account generation groups, and hosting providers.

Early warnings: Kasada’s analysts first identify and vet current and emerging threats within its data system, then send out advance alerts. 

Bot acquisition and analysis: Kasada secretly purchases bots in circulation and extensively analyzes how they work.

Stolen credential analysis: Kasada purchases and evaluates stolen credential sets from criminal marketplaces to help the customer remedy security gaps and online fraud.

Dedicated analyst hours: Customers receive a set amount of analyst hours for Kasada to investigate what’s most relevant to their needs, such as intel on fraud groups or reverse-engineering attacks.

Professional services: Kasada will scope custom requirements and provide expert guidance on how to best achieve the desired outcomes.

Cycode debuts ConnectorX with application security posture management capability

November 14: Application security posture management (ASPM) provider Cycode has launched its click-and-consume third-party ASPM connector platform ConnectorX and announced significant enhancements to its risk intelligence graph (RIG) for risk-based prioritization. The platform aims to foster improved collaboration between security and development teams. It includes more than 40 software development lifecycle integrations, including the introduction of support for Wiz and Black Duck.

The Cycode platform provides companies with the choice to use its native ASPM tools or maximize investments in their existing AppSec tools. Companies can plug in any AppSec solution and “within minutes,” gain accurate, real-time visibility into their security posture, according to the company.

DirectDefense ThreatAdvisor 3.0 aims to streamline security operations with SOAR technology

November 14: Information security services company DirectDefense has launched ThreatAdvisor 3.0, a major update to its proprietary security orchestration, automation, and response (SOAR) platform. ThreatAdvisor 3.0 is designed to improve the speed, efficiency, and accuracy of DirectDefense’s Security Operations Center (SOC), the company said in a press release.

The platform offers customized continuous security monitoring and management, automates manual processes, and includes an extensive knowledge base for compliance, security events and mitigation techniques. ThreatAdvisor 3.0 integrates with other solutions to provide a single interface for threat management with more data and better context, the company claims. The platform collects and processes vulnerability and asset data from several sources and compiles them into a holistic view of an organization’s security posture, supporting penetration testing, operational technology (OT) and industrial control systems (ICS) assessments, vulnerability management, managed detection and response (MDR), compliance assessments, and enterprise risk management.

Lacework Code Security expands coverage to full application lifecycle 

November 14: Cloud security firm Lacework has added the Code Security product to its infrastructure-as-code (IaC) suite to unify code and cloud security with the aim of allowing enterprises to innovate and deliver secure cloud-native applications with increased speed.

Lacework Code Security introduces two forms of static program analysis — software composition analysis (SCA) targeted at third-party code in customers’ repositories, and static application security testing (SAST) targeting first-party code. The Lacework platform now encompasses code as it is written, infrastructure as code, containers, identity and entitlement management, and runtime across clouds.

Lacework added that customers will have access to always-up-to-date software bills of materials (SBOMs) for every application and continual visibility into their software supply chain, as well as an understanding of open-source license risk.

Palo Alto Networks updates Cortex XSIAM

November 13: Palo Alto Networks has announced Cortex XSIAM 2.0, an updated version of its existing product that now has a command center, MITRE ATT&CK Coverage Dashboard and bring your own ML (BYOML) among other updates.

The new features are:

• XSIAM Command Center: With a more user-friendly design, XSIAM Command Center offers a comprehensive overview of SOC operations, including visibility into all data sources being consumed by XSIAM, security alerts and incident information, such as the number of resolved or open security incidents.
• MITRE ATT&CK Coverage Dashboard: This is designed to allow mapping coverage directly to MITRE ATT&CK, providing detailed visibility of detection and prevention coverage across tactics and techniques into the MITRE ATT&CK framework.
• Bring your own ML: For organizations that want to build their own custom ML model, XSIAM ingests complete security data across hundreds of supported sources to enable better out-of-the-box AI/ML analytics. SOCs can use this to create and customize ML models as well as integrate their own models.
• Contextual in-product help assistant: Access to product help and documentation without the need to navigate out of the product.
• New security protection: Improve detection and protection coverage capabilities with new modules for early detection of threats targeting macOS ransomware, Kubernetes(K8s) and master boot records (MBRs).
• Network detection (NDR) coverage: Expand the network coverage of the endpoints with over 50 new detectors covering generic and specific protocol-based threat detection.
• Advanced Local Analysis for macOS and Linux: Provides enhanced coverage for local analysis of macOS and Linux file systems, leveraging ML models to provide accurate and adaptive responses to evolving threats.
• Free text search: A simplified search that enables analysts to query the entire security data set, without the need to craft specific XQL queries.
• New attack surface management (ASM) policies: New ASM policies added to the existing library of over 700 policies.