GenAI has remained a top focus for cybersecurity vendors recently during the first half of the year, but plenty of other new products—including in SIEM, SASE and XDR—have debuted during the first half of the year.
The list of cybersecurity tools utilizing generative AI continued to balloon during the first half of the year, including the introduction of widely anticipated, GenAI-powered capabilities from security giant Palo Alto Networks. With the company’s Precision AI launch in May, GenAI and machine learning are now embedded in “every one of our products,” Palo Alto Networks CEO Nikesh Arora said during a launch event for the new suite of AI capabilities.
[Related: Here’s What 20 Top Cybersecurity CEOs And CTOs Were Saying At RSA Conference 2024]
Many vendors are tapping into GenAI capabilities for automating Security Operations Center (SOC) work, particularly around automating routine activities such as gathering threat information and automatically creating queries. “You can’t rely on the AI 100 percent to answer [a query] for you,” said Randy Lariar, big data and analytics practice director at Denver-based Optiv, No. 25 on CRN’s Solution Provider 500 for 2024. “But you can work with it, and it can help you to review a couple dozen articles to find the [threat indicators] that matter.”
Meanwhile, plenty of other new products from top channel-friendly cybersecurity companies have debuted during the first half of the year. Those include new offerings in key segments such as SIEM (security information and event management), SASE (secure access service edge) and XDR (extended detection and response) — from major vendors such as CrowdStrike, Cisco and Zscaler. We’ve collected the details on 10 of the new cybersecurity tools that have come onto our radar at CRN during the first half of 2024.
CrowdStrike, for instance, announced the general availability launch for its Falcon Next-Gen SIEM offering in May. As part of the launch, “we've gone from dozens of integrations to hundreds of integrations with different technology providers,” CTO Elia Zaitsev said, while CrowdStrike is now also “working with multiple MSSPs and GSIs that are standardizing on this platform.”
The new cybersecurity products and tools are arriving as threats continue to escalate: The first half of 2024 saw a string of major data extortion and ransomware attacks that were widely felt by businesses and consumers alike. High-profile cyberattacks included the disruption of U.S. healthcare services in connection with the ransomware attacks against prescription processor Change Healthcare and health system Ascension, as well as the widespread compromise of Ivanti VPNs and the Microsoft executive accounts breach — both of which impacted U.S. government agencies.
As CRN continues to follow new technologies that aim to help partners with protecting customers against growing threats, what follows are the key details on 10 of the hottest new cybersecurity tools and products in 2024 so far.
CrowdStrike: Falcon Next-Gen SIEM
CrowdStrike announced the general availability launch for its Falcon Next-Gen SIEM offering, as well as several new capabilities for the product. Falcon Next-Gen SIEM (security information and event management) has been updated with numerous additional integrations with third-party technologies as well as greater incorporation of the company’s Charlotte GenAI assistant, CrowdStrike CTO Elia Zaitsev told CRN.
In addition to unveiling “hundreds of integrations,” CrowdStrike has now “fully integrated the advanced AI capabilities of Charlotte to assist and operate the next-gen SIEM platform,” he said. As one example, the Charlotte AI Investigator can correlate related context around security incidents and provide GenAI-powered summaries of the incidents. “It'll surface related alerts and systems and users that it believes are part of the incident you're investigating — that you may not have added already — and gives you the ability to add that in real time into your incident workbench,” Zaitsev said.
Another key capability that hadn’t been previously available in Falcon Next-Gen SIEM was what the company describes as “multiplayer” functionality, Zaitsev said. “In the past, multiple analysts could be working an incident, but they weren't getting real-time updates and information from each other. Now as they're collaboratively working on these incidents in real time, changes are being streamed to each other,” he said. “People were using things like spreadsheets and Google Docs and other systems to try to keep track and collate all these information sources in one place. We're now giving them a single tool—with all the AI automation on top as well—to surge together, have this multiplayer SOC [Security Operations Center] experience.”
Palo Alto Networks: Precision AI
Palo Alto Networks unveiled its new Precision AI capabilities across its product portfolio, along with several tools for protecting the use of GenAI itself. “Today, the security we can give [to] customers is now enabled by various forms of machine learning and AI to make sure that we are using the bleeding-edge technologies to protect you — which we are concerned that bad actors might use to attack you,” CEO Nikesh Arora said during comments at the announcement event. “The only way to fight AI is with AI.”
Palo Alto Networks is working toward delivering on the vision of “real-time security” with its Precision AI capabilities, which include both GenAI and machine learning functionality. By leveraging Precision AI, “based on our rough analysis, it's about a 60X improvement in speed of knowing about new attacks,” Chief Product Officer Lee Klarich told CRN.
Meanwhile, Palo Alto Networks also announced a number of new tools for protecting the use of GenAI itself, including AI Access Security for securing the use of AI apps; AI-SPM (security posture management) for identifying vulnerabilities in AI models; and AI Runtime Security for securing against runtime threats such as prompt injections.
Additionally, Palo Alto Networks announced three copilot assistants powered by GenAI — Strata Copilot, Prisma Cloud Copilot and Cortex Copilot.
Cisco: Hypershield
Cisco Systems introduced Hypershield, a new architecture that can distribute security enforcement across three different layers — operating systems, servers and routers/switches. Hypershield can thus cover application services in the data center and Kubernetes clusters in the public cloud, while protecting every container and virtual machine, according to Cisco. “That allows you to [implement] security in very fine-grain detail, and you can put it kind of everywhere,” Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group, told CRN.
Hypershield is built on open-source eBPF, or “building blocks” for connecting and protecting cloud-native workloads in hyperscale cloud environments, according to Cisco executives. Cisco closed its acquisition of Isovalent, a major provider and co-creator of eBPF for enterprises in April.
All in all, Hypershield is “pretty unique,” Gillis said. “Something that runs in a server, a switch or in the OS — there's only one company in the world that could do that, and it’s Cisco.”
SentinelOne: Singularity, Purple AI Updates
SentinelOne debuted a major new automated investigation capability on its Singularity Platform, powered by its Purple AI technology. Auto-Investigation is “where Purple is conducting the investigation on your behalf,” Ric Smith, SentinelOne’s chief product and technology officer, told CRN. Today, Security Operations Center teams are “hyper-burdened with alerts,” Smith said. “We're trying to make it such that this [technology] can go through and deal with the investigation on behalf of the analyst. It’s basically burning down that backlog and burning down risk, which has never been done before.”
SentinelOne also announced what it’s calling a “new unified security console” with the general availability launch of the Singularity Operations Center. The offering delivers on the longtime promise of providing users a single, centralized and unified dashboard for security, according to the company.
Netskope: SASE for Midmarket
Netskope launched a new version of its secure access service edge offering that caters more effectively to the needs of midmarket customers. In an exclusive interview with CRN, Netskope Co-Founder and CEO Sanjay Beri said that the vendor’s new offering aims to accelerate the expansion of SASE from the enterprise, where the approach has become popular in recent years, to the midmarket level. The Netskope SASE for midmarket offering also stands out providing capabilities and pricing tailored to MSPs and MSSPs, which are expected to play a leading role in delivering the technology to midmarket customers, Beri said.
Service providers “want to package a single-vendor platform offering that's simple to their customers,” he told CRN. Netskope has designed its midmarket SASE offering to include “the right price points, the right functionality, truly integrated, delivered from our worldwide infrastructure” and with the requirements of MSPs and MSSPs at the forefront, Beri said.
Zscaler: Zero Trust SASE
Zscaler unveiled a new SASE offering during the first half of the year, with the launch of its Zscaler Zero Trust SASE. As part of the launch, Zscaler announced its first SD-WAN offering, enabling the company to offer a single-vendor SASE platform for the first time. The company’s SD-WAN device stands out from other SD-WAN offerings by routing traffic from on-premises environments through Zscaler’s Zero Trust Exchange platform to provide secure connections to corporate apps and data, Zscaler CTO Syam Nair told CRN. Zscaler’s approach, even with SD-WAN, is that “we still want to leverage the Zero Trust Exchange,” Nair said. “That's the unique differentiator.”
Other key capabilities for the Zscaler Zero Trust SASE include using the company’s adaptive AI technology to continually analyze the potential risk across users, devices, content and destinations, according to the company.
Cato SASE Cloud Expansion
Cato Networks expanded its Cato SASE Cloud platform with the inclusion of threat detection and incident response. Cato XDR, what the company is referring to as "the world's first SASE-based, extended detection and response (XDR)" offering, further highlights how Cato is continuing to build out its platform with incident response in mind, the company said. Cato also introduced a SASE-managed endpoint protection platform (EPP) as the company grows its SASE platform beyond networking, threat prevention and data protection, Frank Rauch, Cato's global channel chief, told CRN.
"The reason that [partners] are excited about this announcement is basically [because] it's just more of an integrated platform. The feedback from partners right now is that platforms are winning … Cato really is the antidote to security complexity," Rauch said.
Wiz: AI-SPM Updates
For fast-growing cybersecurity firm Wiz, major additions to its cloud and AI security platform have included native AI security capabilities with its AI-SPM (AI security posture management) offering. Wiz’s AI-SPM aims to protect the use of AI tools during the software development process. The cloud security vendor has also recently extended its AI-SPM support to include the OpenAI API Platform. Wiz has said it’s the first CNAPP (cloud-native application protection platform) provider to secure customers of OpenAI, the maker of ChatGPT.
By and large, the AI revolution is happening in the cloud, Wiz Co-founder and CEO Assaf Rappaport said in a recent interview with CRN. Nearly “every AI workload would run in the cloud and mainly as a cloud service,” Rappaport said. “Cloud is the next infrastructure for the organization, and this is where you want to be.”
Fortinet: FortiOS 7.6
Fortinet released the newest version of its flagship FortiOS platform that already combines networking and security operations is being infused with “hundreds” of new features, including generative AI and data protection. The company’s FortiOS 7.6 release includes SD-WAN, secure access service edge (SASE), wireless LAN and AI features, among many others, John Maddison, Fortinet’s chief marketing officer, told CRN.
The update integrates GenAI with the inclusion of FortiAI natively within Fortinet’s central data lake, FortiAnalyzer, and its unified management console, FortiManager. The integrations in FortiOS 7.6 will improve threat analysis and response, according to the company.
Safe Security: Risk-Based Third-Party Management
Safe Security expanded into the third-party risk management space with the debut of the company’s new Safe TPRM (third-party risk management) module. The offering stands out by quantifying the risk of specific threats — such as ransomware and data exfiltration — for third-party vendors in an “actionable” manner, Saket Modi, co-founder and CEO of Safe Security, told CRN. For instance, Safe TPRM provides an actual risk measured in dollars of ransomware occurring at a certain third party, Modi said. “We actually quantify the risk in a way the business can understand it.”
On top of offering improved third-party risk management compared to existing vendors in the space, Safe Security also combines the third-party signals with the data on first-party and SaaS risk that the company has already offered, according to Modi. As a result, “in one dashboard you can get your first party, your third-party and your SaaS applications [risk] all converged into one,” he said.
