IDC - Experts & Thought Leaders

Rapid7, Inc., a pioneer in threat detection and exposure management, announced the launch of Incident Command, a powerful new next-gen SIEM extending the capabilities of its Command Platform, purpose-built to transform how security teams detect, investigate, and respond to threats. Incident Command unifies preventative attack and exposure management together with threat detection and response, all powered by Agentic AI workflows trained on playbooks designed by Rapid7’s own SOC experts, and refined through continuous real-world application. Intelligence Hub to deliver a seamless user experience Incident Command brings attack surface context through Surface Command and curated threat intelligence Built on the Command Platform’s data mesh, Incident Command brings attack surface context through Surface Command and curated threat intelligence with Intelligence Hub to deliver a seamless user experience that enables every analyst to operate like an expert, every action to be informed by context, and every response to be faster, smarter, and simpler. "The launch of Incident Command is a leap toward our mission to simplify access to security outcomes," said Corey Thomas, CEO of Rapid7, adding "Security teams are under scrutiny to deliver measurable impact across their risk and response programs. We built the Command Platform to unify all customer data — not just what we collect — so that organisations get the facts from the beginning and reduce their time to action." Key features of Incident Command Corey Thomas added: "Incident Command, our upgraded next-gen SIEM, gives customers the benefit of the Command Platform plus broadened access to our decades of SOC expertise with agentic AI integrated within the workflows they use every day." With Incident Command, security teams operate within a closed-loop feedback model, combining AI-powered threat detection with deep exposure visibility, automating triage with 99.93% accuracy, and saving 200+ SOC hours per week. Key features of Incident Command include: Agentic AI, built by and for the SOC: Unlike black-box “AI” tools, Rapid7’s AI is trained on years of detection, investigation, and response data from its 24/7 MDR operations, enabling transparent, analyst-assistive triage and investigation workflows with 99.93% benign disposition accuracy. It doesn't just classify, it guides, recommends, and adapts with every use. Unified analyst experience: Incident Command brings together historically siloed SIEM, SOAR, ASM, and threat intelligence functions into one intuitive interface. Analysts can investigate with deep threat, exposure, and asset context in a single view — no context switching required. Open and integrated data mesh: Powered by Surface Command and the Command Platform’s data mesh, customers can unify Rapid7 and third-party telemetry without complex integrations, gaining end-to-end visibility across their hybrid environments. Deeply embedded threat intelligence: Expertly vetted threat intelligence is integrated within Incident Command for the most actionable, relevant, and context-rich insights for targeted detection, threat hunts, and incident response. Threat intelligence and AI automation "With Incident Command, Rapid7 is marrying exposure management capabilities with threat detection and this is a differentiator in a crowded SIEM market," said Michelle Abraham, Senior Research Director at IDC. Michelle Abraham adds, "By bringing detection automation, internal and external attack surface visibility, threat intelligence, and AI automation into one platform, Rapid7 is offering security analysts a solution that reduces complexity, connects data, and streamlines investigations, which improves analyst workflows." Rapid7 is showcasing Incident Command at Black Hat USA, August 6-7 in Las Vegas, both in the Business Hall (Booth #5042) and at The Border Grill in Mandalay Bay from 9 am to 6 pm on August 6.

Entrust, the pioneer in identity-centric security solutions, announced the Entrust Cryptographic Security Platform, the industry’s first unified, end-to-end cryptographic security management solution for keys, secrets, and certificates.  Cyberattacks on data security and identity systems are exploding in scale and sophistication. Securing data and identities Traditional approaches to securing data and identities aren't working, and in digital-first environments, every connected device, application, and system is at risk without a secure cryptographic foundation. And the fragmented tools for managing cryptographic sprawl – including encryption keys, secrets, and certificates – have made it nearly impossible to confidently manage cryptography at an enterprise scale.  Deployment of cryptographic solutions Security, IT, and DevOps require the control and agility they need to simplify the deployment of solutions The Entrust Cryptographic Security Platform addresses this challenge by providing comprehensive visibility and manageability across the entire cryptographic estate, including public and private cloud environments, endpoints, applications, and networks. Security, IT, and DevOps now can have both the control and agility they need to simplify deployment of cryptographic solutions and the centralised inventory and visibility to manage increasingly complex operations and to prepare for the shift to post-quantum cryptography.  Aspects of cryptographic security For the first time, security pioneers, IT, and development organisations have a unified platform from which to manage all aspects of cryptographic security. The Entrust Cryptographic Security Platform integrates market pioneering capabilities to deliver unified compliance management, PKI deployment and operation, lifecycle management for keys, secrets, and certificates, secured with Entrust nShield and third-party hardware security modules (HSMs), and interoperable with top security, identity, and IT management systems through extensive integrations, providing for unmatched protection.  Foundation of data and identity security Entrust Cryptographic Security Platform integrates market-pioneering abilities to deliver management "Siloed cybersecurity tools are no longer enough in a world where keys, secrets, and certificates are increasingly being targeted by AI-enhanced attacks. We’re seeing an explosion of data and devices that need to be secured by cryptography, and we’re in the midst of a multi-year transition to quantum-secure cryptography." "It’s clear that every organisation must place a heightened focus on cryptographic estate management as the foundation of data and identity security,” said Bhagwat Swaroop, President of Digital Security at Entrust. “With our new Cryptographic Security Platform, Entrust and our partners are helping organisations protect their cryptographic foundations.” Cryptographic estate monitoring and observability "With the inevitable ‘Q-day’ getting closer and closer—when quantum computers can quickly break traditional encryption -- cryptographic management needs to keep pace. Businesses need to have complete cryptographic estate monitoring and observability while also maintaining flexibility to ensure they're keeping pace with the technology landscape," said Jennifer Glenn, IDC Research Director for Information and Data Security. "Organisations are seeking a comprehensive, long-term solution that will adapt to the future of security." Entrust Cryptographic Security Platform The Entrust Cryptographic Security Platform lets customers take control and mitigate the potential for disruption in these vast and complex transitions, providing: Enterprise-Wide Visibility: monitor cryptographic assets, audit changes, and receive alerts for enhanced security oversight, all from a centralised dashboard. Cryptographic Risk Management: automatically assess cryptographic risk posture, enforce policy, and secure keys, secrets, and certificates across distributed functions, divisions, and teams.   Scalable Architecture: deploy high-performance, future-proof cryptographic solutions supporting the latest standards, with on-prem and managed service options. Interoperable: enable extensive integrations with top security, identity, and IT management systems while enabling customisation through open APIs. The Entrust Cryptographic Security Platform will be available in May 2025.

DigiCert, Inc., a pioneering global provider of digital trust, released its 2024 State of Digital Trust Survey that checks in on how enterprises around the world are managing digital trust in their organisations. While digital trust overwhelmingly remains a critical focus for all enterprises, the latest report shines a light on the growing divide between the ‘leaders’ --those who are getting it right, and the ‘laggards’ -- those who are struggling. Benefits of the IoT The difference between leaders and laggards revealed some clues and potential best practices when it comes to digital trust. The top 33% of digital ‘trust leaders’ enjoyed higher revenue, better digital innovation and higher employee productivity. They could respond more effectively to outages and incidents, were generally better prepared for Post Quantum Cryptography and were more readily taking advantage of the benefits of the IoT. The top 33% of digital ‘trust leaders’ enjoyed high revenue, digital innovation and worker productivity Meanwhile, the bottom 33% of ‘laggards’ performed comparatively poorly in all those categories and found it harder to reap the benefits of digital innovation. In addition, the leaders were more likely to centrally manage their certificates, more likely to employ email authentication and encryption (S/MIME) technology, and generally employed more mature practices in digital trust management. Range of digital trust metrics The 2024 survey included a series of questions to determine how well (or poorly) each respondent was doing across a wide range of digital trust metrics. After the scores were totalled, the respondents were split into three groups: leaders, laggards, and those in the middle. Comparing the results between leaders, laggards, and those in the middle, notable differences emerged: Leaders exhibited far fewer issues on core enterprise systems (no system outages, few data breaches, and no compliance or legal issues) and experienced no IoT compliance issues, whereas half (50%) of the laggards did so. Leaders also have significantly fewer issues due to software trust mishaps, for example, none of the leaders experienced compliance issues or software supply chain compromises, compared to 23% and 77% of the laggards, respectively. Life cycle of digital trust technologies "As the threat landscape continues to expand, so does the gap between organisations who are pioneering the way in digital trust and those who are falling behind,” said Jason Sabin, CTO at DigiCert. "Those who fall within the ‘leaders’ group and those who are a ‘laggard’ are well aware of who they are. The danger, however, is those organisations who fall in the middle and are not taking action due to a false sense of security.” "For organisations to be champions of digital trust, they must understand and actively implement the structure, processes, and activities that make it possible,” said Jennifer Glenn, Research Director, Security and Trust Group, IDC. “This includes keeping up with changes to industry standards, maintaining compliance with regulatory requirements in each geography, managing the life cycle of digital trust technologies, and extending trust into digital ecosystems. Companies that focus their efforts on digital trust — and make it a strategic imperative for the business — the benefits are notable, including reliable uptime, reduced risk of data compromise, and improved user trust.”