By Todd R. Weiss
RSA CONFERENCE — New silicon-level, on-chip threat detection technologies from Intel and an enhanced cybersecurity incident response system from IBM Resilient are two of the most significant product announcements so far as the RSA 2018 security conference opened Monday in San Francisco.
Also unveiled were new products from a wide range of security vendors, including InfoSec Global, Fidelis, A10 Networks, RedLock and others, as the war on cyberattacks continues to gain new tools and technologies throughout the channel.
From Intel, the new Threat Detection Technology aims to help detect advanced cyberthreats and exploits on the heels of the Meltdown and Spectre vulnerabilities, revealed in January, that affected many chips from Intel and competitors including AMD.
The first capability offered as part of Intel Threat Detection Technology is Advanced Memory Scanning, which uses Intel’s integrated graphics processor to enable scanning while reducing impacts on main processor performance — a result of earlier memory scanning techniques.
“Early benchmarking on Intel test systems show CPU utilization dropped from 20 percent to as little as 2 percent,” according to Intel.
A second Intel Threat Detection Technology capability, called Advanced Platform Telemetry, was also unveiled at RSA 2018. It brings together platform telemetry with machine-learning algorithms to improve the detection of advanced threats, while reducing false positives and minimizing performance impacts, Intel said.
Cisco plans to integrate the Intel Advanced Platform Telemetry into its new Cisco Tetration data-center security and cloud workload protection platform, while Microsoft will integrate Advanced Memory Scanning into its Windows Defender Advanced Threat Protection antivirus services.
Intel also launched a new framework, Intel Security Essentials, that will standardize built-in security features across Intel processors to help ensure a consistent set of critical root-of-trust hardware security capabilities across the company’s Core, Xeon and Atom processors. The framework will add platform-integrity technologies for secure boot, hardware protections, accelerated cryptography and trusted execution enclaves to protect applications at runtime.
Designed to bring together multiple tools to battle cyberattacks, IBM’s Resilient division is enhancing its Resilient Incident Response Platform with new Intelligent Orchestration capabilities that will focus on improving security incident response using human and machine-based intelligence.
Using the enhanced Resilient IRP, security analysts “can orchestrate and automate time-consuming, repetitive, and complicated actions that previously required significant human intervention, while bringing in enterprise-grade, bidirectional integrations through a drag-and-drop business-process management notation workflow engine. These features allow security teams to build Dynamic Playbooks which enable a guided response, helped along by step-by-step assistance from the platform. IBM announced the acquisition of the former Resilient at RSA in 2016.
IBM also announced new partner integrations available through the IBM Security App Exchange. The IBM Resilient Orchestration Ecosystem features partners including Cisco, McAfee, Splunk, Carbon Black, Symantec and others, allowing customers to share data and actions between multiple technology products and security tools, the company said.
Other key RSA 2018 Conference product announcements include:
(continued on next page)