Cybersecurity innovation on full display at Black Hat

SiliconANGLE Article by Jason Bloomberg

Cybersecurity professionals packed the Mandalay Bay Convention Center in Las Vegas this past week for the annual Black Hat USA confab, largely discarding their masks as they thronged into pre-COVID-style crowds.

Security vendors large and small plied their wares, giving enterprise security professionals plenty of products to add to their cyber shopping list.

Although many established players set up their full-size booths and handed out boxes of swag, my focus was uncovering the most innovative vendors at the show. The good news: There’s still plenty of innovation in the world of cybersecurity – innovation we all need if we’re going to keep up with the bad actors.

Here, then, are my top seven innovators at Black Hat this year. Whether each of them will be able to sign up customers may still be an open question – but such is the nature of disruptive product innovation.

My seven top Black Hat innovators

Armo Ltd. recently undertook a strategic pivot. Its Kubernetes security offering had a hard time finding an audience, as security people are still uncomfortable dealing with Kubernetes.

DevOps personnel, however, are fully on board with it – so Armo changed its strategy. It now offers Kubescape, a free, open-source tool for DevOps pros to scan their code quickly for misconfigurations and vulnerabilities. It also maps role-based access control to Kubernetes resources – in other words, who has access to what.

Kubescape’s combination of simplicity and utility (not to mention its free, open-source status) quickly catapulted it to popularity. Based on this early success, Armo is recasting itself as an open-source vendor.

What makes Armo interesting: The open-source deployment of Kubescape is fully featured, and Armo also offers a paid, hosted version that comes with enterprise support. Over time, the company expects to roll some of the functionality from its earlier, security-focused product into this enterprise offering.

BluBracket Inc. prevents, finds and fixes risks in source code by identifying sensitive information in the code itself.

Sensitive information can include secrets such as passwords, application programming interface keys and the like, but BluBracket goes well beyond secret detection. It can also identify personally identifiable information or PII as well as any data that may be a compliance risk — for example, health information or even noninclusive language.

For any code element, BluBracket determines what the code connects to, who has access to it and where is it going – including whether a vulnerability has already leaked the code in question. BluBracket also serves to protect the software supply chain from code creation through deployment.

What makes BluBracket interesting: Dealing with secrets in code requires different mitigation responses than other confidential information. It’s straightforward to change a password or rotate a key, but BluBracket must handle PII differently. After all, you can’t change your name every time a developer mistakenly hard-codes it somewhere.

Normalyze Inc. secures customers’ data in public clouds wherever they happen to be. It discovers all an organization’s structured, semistructured and unstructured data and then classifies those data to better understand their associated risks.

Normalyze determines who and what has access to which data, and then finally the platform combines all this information to assess the risks facing the organization’s data in the cloud.

What makes Normalyze interesting: It identifies data risk. For example, credit card numbers out of context are less risky, but when those numbers are in close proximity to names, expiration dates and CVV codes, then they would score as a much higher risk.

Pangea Cyber Corp. provides security building blocks for application developers so they can include hardened security capabilities in their code without having to code them themselves.

Most developers think of security as a necessary evil – it’s difficult, yet it’s imperative to get right. Furthermore, most application security functionality is basically the same from one app to another – the classic example being a login page.

Pangea addresses these challenges via cloud-based services that developers access via APIs, meaning that Pangea is language independent for all applications that leverage its APIs.

What makes Pangea interesting: The company’s API access makes incorporating Pangea capabilities into applications dead simple. For client-side applications — say, downloadable from an app store — Pangea also offers a more traditional software development kit that supports most popular languages. As a result, developers can still include Pangea modules with a single line of code even for client-side apps.

Slim AI Inc. scans container-based code at check-in, identifying vulnerabilities and unnecessary code – including superfluous libraries that may also contain their own vulnerabilities.

Slim AI offers its product as a cloud native, SaaS-based service accessible via APIs. As a result, developers can easily integrate it with their continuous integration and deployment or CI/CD pipelines in order to automate security scans at every code push.

The tool works with any type of container, not just on Kubernetes, and helps organizations both eliminate vulnerabilities in code as well as reduce the size of commits, thus saving cloud costs.

What makes Slim AI interesting: Developers have the choice of feeding pre-scanned code back into Git to reduce the size of future commits, or they can simply rescan all the code every time for simpler but more expensive deployment.

Spyderbat Inc. automates runtime security for cloud native workloads by building an interactive causal map of flagged events in real time.

The result is a single-dashboard view of compromises in progress, providing security analysts all the interactivity they need to understand what the bad actor is doing, what they’ll do next and how to stop them.

What makes Spyderbat interesting: The causal maps it creates follow two dimensions, cause and time, making it straightforward for the analyst to understand the attacker’s behavior in terms of cause and effect.

Traceable Inc. provides modern, cloud-native API security by focusing on the data flowing through APIs.

The platform categorizes risk based upon how accessible an API might be and how sensitive the data flowing through it are. It even uncovers ungoverned or “zombie” APIs the organization may not be aware of.

Traceable then provides standard API protection by scanning for known vulnerabilities, including the OWASP web and API top 10. Finally, it looks for unauthorized data exfiltration via APIs by uncovering anomalous behavior.

What makes Traceable interesting: Earlier generation API security tools focus primarily on REST-based APIs. Traceable also works with a variety of more modern API types, including Kafka endpoints, GraphQL and others.

Read the entire article here.

SHARE THIS: