8 Important Cybersecurity Partnerships Debuting At Black Hat
The More, The Merrier
Cybersecurity is a team sport, with no point product on the market today able to provide customers with complete protection.
That's why vendors in the space are increasingly forging alliances with one another to either provide protection against a broader array of threat vectors or to address different phases in the cybersecurity life cycle (for example, one vendor might focus on prevention or detection, while the other focuses on mitigation or remediation).
Incident response was at the heart of thee of the eight cybersecurity partnerships unveiled during the Black Hat conference, while endpoint security was a focal point for two of the new alliances. The remaining partnerships addressed everything from social media-based threats and brand abuse to vulnerability testing to network security.
Here's look at eight cybersecurity partnerships that offer the potential to reshape the industry.
IBM And Qualys
IBM will integrate with the Qualys Cloud Platform to deliver customers an integrated vulnerability testing program that spans X-Force Red's proprietary testing framework.
As part of the partnership, IBM's X-Force Red team will deploy the Qualys Cloud Agent and Qualys Cloud Apps into customer environments across the globe, leveraging the breadth of Qualys' continuous visibility and the depth of X-Force Red's elite manual penetration testing services.
IBM will incorporate the integrated Qualys Cloud Platform into new services that extend security and compliance visibility into IoT connected cars, network testing and application testing. Powered by the Qualys API, these new services will enable the X-Force Red team to scale their vulnerability analytics services across rapidly changing hybrid infrastructure that powers DevOps initiatives.
Netskope And Cylance
Netskope and Cylance inked a product partnership, providing customers with the additional benefit of Cylance's artificial intelligence-driven threat detection through the Netskope Security Cloud.
Cylance's AI-based prevention technology adds an additional layer of protection that augments Netskope Threat Protection's malware detection, advanced heuristic analysis and dynamic sandbox analysis. The integration should make it easier to accurately detect zero-day and unknown threats across all of the cloud and web security use cases for any files and data inspected.
Netskope customers can achieve comprehensive protection of all user activity through the granular visibility provide by the Netskope Cloud XD technology. Combined with Cylance, this holistic security offering should enable enterprises to improve detection efficacy and reduce operational overhead for security teams.
Endgame And Red Canary
Endgame and Red Canary unveiled a strategic alliance to help organizations of all sizes detect and respond to the widest number of threats facing today's enterprises.
Red Canary and Endgame's products will be delivered to customers through both companies' SaaS offerings. Telemetry and alerts collected by the Endgame kernel sensor flows through the Red Canary platform to the Red Canary Cyber Incident Response Team (CIRT) for investigation and response.
From there, security teams can respond using Red Canary's response tooling integrated with the Endgame sensor. The Endpoint sensor offers powerful telemetry deep inside endpoint processes as well as the ability to customize blocking within the sensor, which Red Canary said is a capability it has had on its wish list for several years.
ForeScout And Digital Defense
ForeScout and Digital Defense have teamed up to enable real-time assessment, host analysis and policy-based mitigation of endpoint security risks.
The integration will provide joint customers with continuous visibility into connected devices, the ability to promptly block or quarantine endpoints with critical vulnerabilities, automated remediation actions, and the ability to provide on-demand scans.
The integration will automate the workflow process of identifying hosts and scanning for known vulnerabilities, thereby streamlining remediation efforts and improving organizational processes. In addition, assimilating data between ForeScout and Digital Defense is expected to bolster security by providing real-time visibility around both managed and unmanaged devices.
Recorded Future And FraudWatch
Recorded Future has leveraged a new partnership with FraudWatch International to provide takedown services as a part of the company's brand monitoring offering. This enhances the company's brand protection services, which includes items such as defending against social media brand abuse and typosquatting as well as detecting fraudulent websites.
With the partnership, Recorded Future customers can now report brand abuse directly to FraudWatch, which processes takedown requests and ensures fast resolution with an around-the-clock operations center.
Fake accounts, apps and websites can result in major damage to an organization's brand reputation, according to Recorded Future. These accounts can host inappropriate content or malware, and target customers with phishing scams such as attempting to trick them into giving away their credentials.
ZeroFox And Anomali, ThreatConnect And ThreatQuotient
ZeroFox unveiled new integrations with Anomali, ThreatConnect and ThreatQuotient to bridge the gap between social media and the larger threat landscape, making it easier for customers to prevent, detect, respond to and recover from social media-based threats.
The company can now offer organizations digestible social media threat data, which they can easily integrate into their existing Threat Intelligence Platform (TIP) to achieve a more complete security posture. In addition, the integration will allow customers to have a holistic view of their entire threat landscape, with ZeroFox specializing in the unique social media threat indicator space.
The integration provides enhanced visibility and context for unique attacks stemming across social media, as well as the ability to immediately integrate ZeroFox threat data into an organization's existing infrastructure.
Ixia And Endace
Ixia, a Keystone Business, and Endace have signed a technology partnership agreement that enables joint customers to better manage the performance and security of their networks.
The combined offering from Ixia and Endace provides enterprises with greater visibility into network activity, giving analysts the detailed, packet-level evidence they need to go back in time and resolve security and network or application performance issues.
Ixia's Vision portfolio of network packet brokers complements Endace's high-performance EndaceProbe Analytics Platforms by enabling control over how packets are managed and where they are delivered. Ixia's Vision ONE also offers Active SSL decryption, providing visibility into encrypted traffic and allowing it to be decrypted before it is recorded by and stored on EndaceProbes.
DomainTools and Maltego
DomainTools rolled out a new integration with Maltego to create a seamless view of data and provide an easy transition from SIEM alert to human analysis. The integration also preserves the results of analysts findings for future correlation, empowering security teams to map connected malicious infrastructure of domains and IPs on their network.
With the new integration, analysts using Maltego can now investigate indicators of compromise (IOCs) and indicators of attack (IOAs) observed on their network and profile domain-based threats using multiple attributes, such as domain risk scores from proximity, threat profile algorithms, active DNS, and website and SSL data.
The integrated approach should increase the productivity and efficiency of mitigating security incidents, according to the company.