The 10 Coolest New Cybersecurity Tools Of 2018

The 10 products making waves in the cybersecurity market have emphasized stronger detection and correlation of threat data as well as extending and centralizing device management.


Building A More Secure Future

See the latest entry: The 10 Coolest Cybersecurity Tools and Products in 2022 (So Far)

Vendors spent 2018 advancing protection everywhere from the cloud and network to the endpoint and smartphone, debuting tools that help assess risk, centralize management, automate security operations, and extend the breadth of devices under management.

Enhancements to detecting and analyzing threat data were a major area of focus in the year, with advancements around curating and labeling data, providing proportional enforcement, and correlating threat activity.

Sponsored post

Seven of the top 10 cybersecurity tools of 2018 came from companies based in the Bay Area, one came from a vendor based in Texas, one came from a vendor based in Massachusetts, and one came from a supplier based abroad. Read on to learn how vendors have gone about making their cybersecurity portfolio even more relevant to the channel.

Carbon Black Cb ThreatHunter

Carbon Black in October debuted Cb ThreatHunter to deliver new threat hunting and incident response capabilities to Security Operations Centers and incident response teams.

The Waltham, Mass.-based endpoint security vendor said Cb ThreatHunter collects unfiltered data, making it easier for security teams to proactively hunt threats, uncover suspicious and behavior, disrupt active attacks, repair damage quickly, and address gaps in defenses. Probes that often took days or weeks can now be completed in just minutes with Cb ThreatHunter, according to Carbon Black.

Most existing endpoint detection and response (EDR) and incident response tools collect only a limited set of historical data, according to Carbon Black. As a result, Carbon Black said SOCs and incident response teams struggle to get their hands on the information they need to investigate, proactively hunt, and remediate attacks.

Check Point CloudGuard

Check Point Software Technologies unveiled in February a family of cloud security products to address an increase in account hijacking and multivector attacks on cloud workloads and applications.

The San Carlos, Calif.-based platform security vendor said CloudGuard can protect enterprises against cyberattacks on cloud infrastructure workloads, as well as SaaS applications. CloudGuard integrates with IaaS cloud platforms and cloud-based SaaS providers to protect any cloud, service or application against sophisticated breaches, malware and zero-day attacks.

CloudGuard supports single-click SaaS deployment to help enterprises remain nimble and agile. In addition, dynamic policy updates and auto-provisioning allow for rapid scaling of IaaS cloud security that's in line with modern business requirements.

CrowdStrike Falcon X

CrowdStrike Falcon X was introduced in April to automate threat analysis and help deliver customized intelligence and Security Operations Center automation to large and small organizations.

The Sunnyvale, Calif.-based endpoint security vendor said Falcon X combines malware sandboxing, malware search and threat intelligence into an integrated offering that can perform comprehensive threat analysis in seconds instead of hours or days. The offering produces indicators of compromise for the threat that was actually encountered in the organization as well as all of its known variants.

Four months later, CrowdStrike released Falcon X Premium so that cybersecurity teams could automatically analyze malware found on endpoints, find related samples from a malware search engine, and enrich the results with cyber-threat intelligence.

FireEye Helix

FireEye in October rolled out a new Helix release that will help customers automate security operations and monitor cloud infrastructure on platforms like AWS, Azure, and Oracle Cloud.

The Milpitas, Calif.-based platform security vendor said the new version of FireEye Helix will combine integrated security information and event management (SIEM) capabilities with advanced security orchestration to help automate security operations. Helix offers customers a single platform to detect threats, automate response, and simplify compliance reporting, according to the company.

Legacy SIEM vendors often take a static approach to detection, the company said, leaving customers with too many alerts and no adequate tool for cloud users to respond to them. In response, FireEye Helix now applies pre-built playbooks to help analysts minimize manual, repetitive or error-prone steps such as alert validation or enrichment, according to the company.

Forcepoint Dynamic Data Protection

Forcepoint Dynamic Data Protection was unveiled in April to continuously assess risk and automatically provide proportional enforcement that can be dialed up or down. This capability is enabled through human-centric behavior analytics that understand interactions with data across users, machines and accounts.

The Austin, Texas-based platform security vendor said the product applies an anonymous and continuously updated behavioral risk score to establish a baseline of “normal” behavior for each end user on a corporate or unmanaged network. Forcepoint's intelligent systems, informed by the individual risk assessment, then apply a range of security countermeasures to address the identified risk.

With the industry’s first automated enforcement capability that dynamically adapts, Forcepoint Dynamic Data Protection frees up security analysts to focus on higher-value activities.

Fortinet FortiOS 6.0

Fortinet in February packed more than 200 new features and capabilities into FortiOS 6.0, the third generation of the Sunnyvale, Calif.-based company's security fabric. FortiOS 6.0 offers centralized management across the entire portfolio from a management analytics and SIEM perspective.

Fortinet's SD-WAN toolset looks at applications more than packets, leveraging path-aware intelligence to ensure customers are getting appropriate service to their most important applications. FortiOS 6.0 also expands the cloud connectors to include visibility into private clouds such as Cisco ACI and VMware NSX, public clouds such as Amazon Web Services and Microsoft Azure, and SaaS clouds such as and Office 365.

Fortinet also introduced tagging in its FortiOS 6.0 release, enabling objects, interfaces, firewalls and devices to be marked using a color-coded system. From there, Fortinet would like users to be able to apply a broad policy to ensure unsecured mobile devices never have access to intellectual property.

McAfee MVision

McAfee in July re-emerged as a mobile security player and introduced new endpoint, automation and orchestration offerings that scale to meet the needs of larger businesses.

The Santa Clara, Calif.-based platform security vendor said its new MVision line of products extended the breadth of devices under management and make McAfee's portfolio more simple, inclusive and comprehensive. The MVision mobile, endpoint, and ePO (ePolicy Orchestrator) tools have been bundled together and offered to customers as an annual subscription, according to McAfee.

Three months later, the company debuted MVision EDR (endpoint detection and response), which takes context and data present at the endpoint and moves it up to the cloud to allow for the introduction of analytics and automation. The company also introduced cloud and unified data protection offerings under the MVision banner to increase visibility across the whole ecosystem.

SonicWall Capture Cloud Platform

The SonicWall Capture Cloud Platform debuted in April, tightly integrating security, management, analytics and real-time threat intelligence across the Milpitas, Calif-based company’s portfolio of network, email, mobile and cloud security products.

Machine-learning algorithms are used to analyze data, classify and block known malware before it can infect the network. Unknown files are sent to the SonicWall Capture Cloud Platform, where they are analyzed using hypervisor analysis, emulation and virtualization technology, blocking zero-day malware in near-real-time.

One of the cornerstones of the platform is the SonicWall Capture Security Center, which allows for the governing of SonicWall's security operations and services from a single pane of glass.

Sophos Intercept X

Sophos in January rolled out the latest version of its Intercept X anti-exploit application, incorporating deep-learning technology to boost malware detection rates.

The Oxfordshire, England-based platform security vendor adding deep learning will allow Intercept X to curate and label data more accurately since it's now able to process hundreds of millions of samples rather than just tens of millions of samples. As a result, Intercept X will be able to make more accurate predictions at a faster rate with fewer false-positives as compared with traditional machine learning.

Nine months later, the company introduced endpoint detection and response (EDR) to Intercept X to make threat tracking accessible to businesses with more limited resources. Sophos said providing organizations of all sizes with the capabilities you'd find in a Security Operations Center (SOC) will reduce the amount of time criminal hackers can hide in their network.

Symantec Managed Cloud Defense

Symantec in October unveiled Managed Cloud Defense, which detects, protects and responds to issues in the cloud by correlating cloud-based attack activity with its Global Intelligence Network.

The Mountain View, Calif.-based company said Managed Cloud Defense also performs remote investigations, manages threat hunting, and contains cloud instances. Native integration with Amazon Web Services and Microsoft Azure provides increased visibility and allows Managed Cloud Defense to monitor cloud platforms, according to Symantec.

The offering also delivers cloud user and application monitoring for shadow IT, Symantec said, as well as remote incident investigation, containment, and threat hunting for rapid response. S3 permission monitoring on Managed Cloud Defense, meanwhile, can help protect the storage of critical cloud-based data, Symantec said.