The annual RSA Conference, held in San Francisco every spring, is one of the largest and most prominent security conferences in the world. Each year there is one major theme or trend that stands out. It was not surprising that the prevailing topic this year was artificial intelligence.
Officially, 600 exhibitors participated in RSAC 2024. A good percentage of these security vendors announced AI enhancements to their existing products or new security products to protect AI workloads. In fact, Reality Defender, winner of this year's RSAC Innovation Sandbox Award, is focused on identifying AI-generated deepfakes.
Looking beyond the AI ​​hype and hype, another interesting trend caught my attention: In the weeks leading up to and during the conference, a number of security solutions vendors announced new risk-related capabilities.
Prior to this year, the inclusion of risk capabilities in security products was rare and was almost exclusively attributed to governance and compliance (GRC) risk or third-party risk products. However, security vendors are reacting to the increasing pressure on CISOs and security teams as a result of the ever-increasing number of security incidents and breaches by adding risk-related capabilities to their products.
Security products that include measuring and mitigating risks within an organization tend to be more effective in identifying and addressing high-impact security threats than security products that do not include any insight into risk. While this is not a silver bullet for security, seeing security vendors integrating risk capabilities is encouraging news and a step in the right direction to help security teams reduce their organizations' risk exposure.
Here are 10 risk-related security vendor announcements made in recent months (listed alphabetically):
Brinqa has introduced a major update to its Risk Operations Center platform. Brinqa's platform with Cyber ​​Risk Graph unifies security findings with business and threat data to help organizations prioritize, address and report. The new capabilities, first announced in April, are designed to accelerate the time to assessment and streamline the operation of the Risk Operations Center. Cloudflare announced Cloudflare for Unified Risk Posture, a new risk management suite designed to simplify the process of identifying, assessing and managing cyber threats that pose a risk to the organization, across all environments. CyberSaint, a cyber risk management company, has launched the Benchmarking feature of the NIST Cybersecurity Framework, which allows heads of IT departments and security teams to measure their standing at NIST compared to their industry peers through a historical maturity graph on their executive dashboard. Forescout Technologies announced Forescout Risk and Exposure Management (REM), which provides organizations with an automated, multi-factor approach to risk prioritization to address vulnerabilities and strengthen their security posture across the attack surface. JupiterOne introduced its Continuous Threat Exposure Management platform with JupiterOne and Control Tower in April. The tools proactively detect, assess, identify, validate, report and mitigate emerging threats before they impact the business. OX Security has launched Attack Path Viability Analysis that provides a comprehensive view of potential attack paths within OX's Application Security Posture Management (ASPM) platform. Qualys announced CyberSecurity Asset Management 3.0, which integrates Qualys's ability to assess vulnerabilities and manage the external attack surface. The updates provide an accurate, real-time view of the external attack surface that eliminates further false positives to mitigate the risk of unknown assets. Splunk has added Splunk Asset and Risk Intelligence to its portfolio. The new software provides users with a constantly updated inventory of assets and identities, eliminating duplicate or outdated data for more accurate and comprehensive asset insights, reducing risk exposure. Trend Micro has introduced AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One, which integrates more than 10 categories of industry technology into a single offering to help different IT teams proactively manage risks. Veracode has introduced new repo risk visibility and analysis capabilities from Longbow Security, powered by Veracode, that accelerate application risk remediation from code repositories to runtime images.
In the coming weeks, I will be digging into my next research project on cyber risk management. If you are a CISO, security leader, security champion, or practitioner who deals with asset risks and attack surface visibility or cyber risk reporting and mitigation in your organization, I would be interested in hearing how you address these challenges. Do not hesitate to contact us.
David Vance is a senior analyst covering risk and vulnerability management for TechTarget's Enterprise Strategy Group. He brings over 25 years of experience in IT and cybersecurity to help clients achieve greater success in the market.
Enterprise Strategy Group analysts have business relationships with technology vendors.
