Cisco XDR

Based on a “ground up” approach, Cisco has unveiled a new extended detection and response (XDR) platform, according to executive vice president and general manager of security and collaboration Jeetu Patel of Cisco. According to Patel, the Cisco XDR platform offers “cross-domain telemetry” in a manner unmatched by competitors in the industry by combining network detection and response (NDR) with endpoint detection and response (EDR). According to him, the system is distinct from security information and event management (SIEM) offerings in that it provides threat detection and prioritization in “near real-time.”

Furthermore, according to him, Cisco XDR stands out by offering high-fidelity data from all of the company’s security products, including Cisco Secure Client for endpoint. Many other well-known third-party security products, including email security, next-generation firewalls, SIEM, NDR, and EDR, are also integrated into the XDR platform.

Securonix SIEM for Unified Defense

CEO Nayaki Nayyar of Securonix told CRN that the company has announced a new SIEM platform that symbolizes “the next wave of the journey that we have in our sim platform.” Using data feeds from Snowflake’s data lake, Securonix’s Unified Defense SIEM aims to better handle the enormous amounts of security-relevant data that contemporary businesses generate using a cloud-native strategy. The platform has access to “hot” accessible data from the Snowflake Data Cloud for a full year, “something no other vendor does,” according to Nayyar.

According to the business, doing this enables a single-tier storage approach that can handle extensive searches and removes many of the data management problems associated with a traditional tiered-storage strategy, in addition to improving visibility into potential threats.

Additional important features include Threat Content-as-a-Service, which offers content curated by Securonix that is up to date on the newest threats, and a Threat Content Analyzer function that aids in understanding gaps in threat detection. Through features like Autonomous Threat Sweeper—which Securonix claims is the only product to proactively search for signs of compromise as well as adversary tactics, techniques, and procedures—the Unified Defense SIEM also facilitates proactive cyberdefense.

Risk360 by Zscaler

Risk360 is a risk assessment and visualization tool that Zscaler released with the goal of assisting enterprises in making faster and better decisions about lowering their security risk. Jay Chaudhry, the founder and CEO of Zscaler, told CRN that the tool is a significant advancement since it helps businesses understand what aspects of their security posture are most important. According to him, the application uses Zscaler’s vast data sets to give users an overall risk score for their entire business and for each of their major risk areas.

Users may view risks across four major entities—the workforce, assets, apps, and third parties—and acquire risk scores for various stages of a cyber incident in real time by using Risk360. According to Zscaler, the framework also provides reporting and visualization features, emphasizing the primary causes of cyber risk and estimating financial exposure. According to the firm, Risk360 also offers guided processes and remediation recommendations so that the most urgent issues can be resolved right away.

Purple Sentinel One AI

SentinelOne first unveiled Purple AI, a GenAI technology, as a tool for threat hunting. Purple AI, according to SentinelOne’s chief product and technology officer Ric Smith, gives threat hunters the ability to query a system using natural language, saving a ton of time and allowing security teams to respond to more warnings and intercept more threats. SentinelOne has extended Purple AI recently to include use cases other than threat hunting. For example, Smith stated that the program can now suggest questions and actions for a security analyst to help speed up issue resolution.

George Kurtz, co-founder and CEO of CrowdStrike, unveiled Charlotte AI, a GenAI helper for security analysts that is “going to revolutionize security.” According to Kurtz, Charlotte’s greatest innovation is its capacity to “[turn] that person into a Tier 3 analyst” from a Security Operations Center Tier 1 analyst, as CRN reported. According to him, the gadget will enable users to complete their job responsibilities, which could take up to eight hours each day, in ten minutes or less.

XSIAM 2.0 by Palo Alto Networks

The company Palo Alto Networks unveiled Cortex XSIAM, a second generation AI-driven security operations solution that offers enhanced user experience and support for customized machine learning (ML) models. The company has positioned XSIAM (extended security intelligence and automation management), which was first released in October 2022, as a cutting-edge substitute for antiquated SIEM (security information and event management) systems. Palo Alto Networks “did not rewrite the product” with XSIAM 2.0, according to senior vice president of Cortex products Gonen Fink.