10 Hot SMB Cybersecurity Tools And Features To Watch In 2021
CRN examines 10 of the hottest new cybersecurity tools and features that were on display during XChange+ 2021 that solution providers and their SMB customers need to take a look at.
Securing The Future
From mapping assets and assessing and detecting vulnerabilities to encrypting emails and managing certificates, cybersecurity vendors attending XChange+ 2021 showed off a variety of innovative offerings that solution providers need to know about.
These products and services are helping small and mid-sized businesses defend against fraudulent or impersonation attacks, aggregate information that’s been collected across the enterprise, and satisfy requirements from regulators or third-party vendors.
Other cybersecurity offerings hitting the market in 2021 help MSPs reduce the number of tools they have to manage, protect outbound email in conjunction with data loss prevention (DLP) offerings, and keep up with the rapidly changing certificate requirements in DevOps and container environments.
CRN breaks down 10 of the hottest cybersecurity tools and features that were on display during XChange+ 2021 that channel partners and their SMB customers need to take a look at.
Armor Anywhere Platform
Armor has been trying to drive both tech consolidation and visibility for its MSP partners to give them a better line of sight into everything that’s occurring within their customer base, according to Chief Revenue Officer Bryan Hauptman. The company has focused both on giving MSPs a way to manage their visibility appropriately as well as tools to reduce the size of the workload partners have on their end.
Within the Armor security stack, Hauptman said the company has invested heavily in container security as well as different components of its endpoint detection and response (EDR) and antivirus strategy. The company has built many of the capabilities it offers itself such as intrusion detection, threat intelligence, workload protection, and network protection, while partnering in areas like EDR with Carbon Black.
Armor has security and compliance reviews that it can either provide on behalf of MSPs or alongside MSPs so that the solution provider can demonstrate the value they’re providing to their end customer. Hauptman said the company’s rapid readiness assessment both shows customers the vulnerabilities they have today as well as puts a strategy in place for addressing those issues.
Binary Defense SIEM Features
Binary Defense plans to add Security Information and Event Management features to its Managed Detection and Response platform by the end of 2021 to expand its capabilities for SMB customers, according to CEO Mike Valentine. SMB and mid-market customers are increasingly required by either regulators or others in their supply chain to have SIEM-like capabilities in place to protect their business.
Smaller customers aren’t prepared either financially or from a staffing perspective to deploy the existing SIEM tools available in the market today, and as a result, most of Binary Defense’s customers aren’t currently using a SIEM, according to Valentine. Adding SIEM features will allow Binary Defense to expand from the SMB to the mid-market and fulfill the supply chain requirements of larger customers.
Binary Defense clients want an easy, one-stop shop where they can shore up their environment, he said, and making SIEM capabilities available on the MDR platform should help achieve that. The company’s agent can be deployed on 1,000 endpoints in just 30 minutes, and Binary Defense’s Security Operations Center (SOC) provides around the clock monitoring and management for customers, Valentine said.
CyCognito Automated Red Team Activity
Red teaming is a largely manual activity today, with practitioners randomly scanning IP ranges to find open ports and using vulnerability scanners to find issues within networks, according to CyCognito Co-Founder and CEO Rob Gurzeev. But given that this process can take weeks, Gurzeev said red teaming in practice often just means that R&D teams ask for pen testing on a project they just completed.
As a result, Gurzeev said red team activity for many organizations is focused on just a very small piece of their overall attack surface. CyCognito within the next two months will deliver automated exploitation capabilities that allow customers to identify vulnerabilities across their entire attack surface, and with a single click, obtain network admin capabilities, exploit the flaws, and move laterally across the company.
CyCognito has invested in finding and validating exploits in databases and data sources as well as building out data models and UI workflows that connect specific exploits to vulnerabilities and niches within an organization. The company’s technology is able to identify specific attack vectors such as weak credentials that a red teamer could use to take over a device in just seconds, according to Gurzeev.
DataStream Insurance Vulnerability Assessment
DataStream Insurance has seen the pendulum shift dramatically over the past 12-to-18 months from where it was relatively easy for SMB to get cyber insurance coverage to where there are more rigorous requirements for underwriting, said CEO Andy Anderson. DataStream has built assessment tools that help ensure SMBs get a positive reception from carriers when they attempt to get underwritten, he said.
Before agreeing to underwrite an SMB, he said carriers are increasingly scanning for vulnerabilities in the company’s website and email posture as well as historic losses the organization has taken from security incidents. If the snapshot of an organization’s risk posture isn’t pretty, Anderson said the SMB will receive a red flag, making it very, very difficult for them to get coverage.
Anderson said DataStream’s tools make the process of applying for insurance very simple for SMBs. The company partners with MSPs to understand what level of protection they’re providing across their portfolio of customers. DataStream then combines the information provided by the MSP with company-specific data around revenue, industry, and amount of coverage sought to position the SMB effectively.
Evo Security Privileged Access And Password Management
Evo Security plans to debut a password manager and release an updated version of its privileged access management (PAM) offering in the fourth quarter of 2021, according to CEO Michael Both. SMBs have overspent on point products in the identity space and need to start thinking like enterprises, who’ve been engaged with identity from a more holistic sense, Roth said.
As the attack surface accelerates toward MSPs and their SMB customers, clients need to adopt a similar mentality as their enterprise brethren and find a way to look at disparate parts of their IT infrastructure. Evo Security overhauled its elevated access tool to address the needs of key channel stakeholders, and the works follows investments the company made into multi-factor authentication and single sign-on.
In 2022, Roth said Evo Security plans to focus on enriching the collection of information that’s been aggregated into the company’s technology to help the company take proactive and pre-emptive action. Aggregating and centralizing the rich insights derived from integrations with IT infrastructure vendors will make it easier for Evo customers to determine how they can most effectively strengthen security.
Fluid Attacks Vulnerability Detection
Fluid Attacks has invested in a lot of money to create technology that reduces that false positive and false negative rates associated with vulnerability detection tools, according to Mauricio Gomez, a management team member at Fluid Attacks. The company creates scripts to find vulnerabilities, with 70 percent of its work done by humans and the remaining 30 percent done by machines, Gomez said.
The company is looking to reduce false negatives by implementing artificial intelligence during the triage process and prioritize where in code vulnerabilities can be found quickly, Gomez said. Customers can incorporate Fluid Attacks’ capabilities into their own technology to assist with vulnerability detection, according to Gomez.
Fluid Attacks provides tools to review source code, scan ports to verify if they’re open or closed, as well as technology to block application-based attacks, according to Gomez. The company’s AI model helps defenders prioritize which vulnerable code or areas within an organization would be most appealing to hackers, Gomez said.
Inky Email Encryption Tool
Inky plans to expand in the coming months beyond phishing into encryption and outbound email protection as well as rolling out a new user portal for MSPs, according to Solutions Engineer Vincent Hardick. The MSP portal will launch in the next quarter or so, and is expected to ease provisioning, billing, and all-around management of the Inky product for managed service providers, Hardick said.
The company has historically focused on advanced phishing threats, brand and CEO impersonation attempts as well as spear phishing attacks, but Hardick said encryption has increasingly become a “must have” for any type of email security platform. A lot of the demand for email encryption came from MSPs, Hardick said, and becoming a full-featured email platform will allow for the displacing of existing tools.
Inky today protects inbound emails and can scan both internal and external emails, and Hardick said adding outbound email protection will make the company’s advanced security email offering more complete. The outbound email protection feature will be unique in its capability to both work in conjunction with third-party data loss protection (DLP) tools as well as on its own, according to Hardick.
Red Sift Lookalike Domain Services
Red Sift plans to launch services for brand protection and lookalike (or cousin) domains later this year to build upon the defense against fraudulent attacks it already provides to domains owned by clients, said Senior Vice President of Strategy Chuck Swenberg. Given Red Sift’s strength in working with DNS-based security and large-scale data protection, Swenberg said attackers are migrating to lookalike domains.
Adversaries are trying to impersonate legitimate domains by – for instance – replacing a “1” with a “l” in the domain name, Swenberg said. In response, Red Sift plans to apply a tremendous amount of automated capacity to scanning domains for minor typographical changes as well as aggressively report to authorities any lookalike domains spotted in hopes of getting them taken down, Swenberg said.
It’s very easy for adversaries to register and set up a lookalike domain, and then use that malicious domain as a launch point for phishing attacks or seeding malware, Swenberg said. Most organizations already register domains that are associated with their brand, but impersonation attempts don’t necessarily have to take place on a domain owned by the victim, complicating things for defenders.
Sectigo Certificate Management
Sectigo has seen 50 percent year-over-year growth in its certificate management business due to shorter certificate lifespans, faster depreciation, and more cryptographic standards, according to Chief Compliance Officer Tim Callan. IT departments must know what certificates are and be able to swap any or all of them out with a day’s notice regardless of environment, device time or location in the world.
As DevOps becomes the norm, Callan said the need to provision and manage certificates in an automated fashion has exploded since DevOps certs are often needed for just two hours. Adversaries that inject their own containers into a victim’s environment achieve nearly unlimited access, meaning that companies also must put a digital certificate on every single one of their containers, Callan said.
The National Institute of Standards and Technology (NIST) intends to put together new encryption algorithms that can withstand quantum computers, meaning that organizations will have to swap out all their certificates by the end of 2023 at the latest, he said. In preparation for new certificate standards, Callan expects to see wholesale adoption of certificate management tools within the next 24 months.
SOCSoter Asset Mapping
SOCSoter released a new module in its platform that allows for asset mapping and asset management so that businesses can see how their devices are routed to the internet and where they’re interconnected to one another, according to Director of Channel Eric Pinto. There’s lots of emphasis now on knowing what every connected device is doing at any given time and if it previously had access to sensitive data.
The company has looked at different ways to audit cloud access, confirm user identities, and monitor what users are doing in the cloud, according to Pinto. As a result, Pinto said SOCSoter has rolled out modules to ingest data from Microsoft 365, Cisco, and endpoint security products like Sophos and SentinelOne to get more visibility into how users are engaging in the cloud.
SOCSoter wants to go beyond just providing network, endpoint, and cloud security products by letting small customers in verticals like manufacturing tap into resources that’ll help them prepare for new compliance standards like CMMC, Pinto said. The company offers security assessments, pen testing, and compliance reviews to give customers the reporting needed to satisfy regulatory requirements, he said.