July’s Application Detection and Response data revealed two standout events: a concentrated malicious campaign using multiple attack types against one organization, and an unprecedented spike that hit another organization with more than 2 million attacks in a single month. In both cases, ADR blocked every attempt in real time ... Read More

Insight No. 1 — The great CISO exodus: Why your top defenders are planning a silent escape What happens when your most critical security minds are quietly planning their exit? With 53% of cyber leaders exploring new roles, the cybersecurity industry faces a silent attrition problem rooted in the very ... Read More

Insight No. 1 — Fixing threat actor names Microsoft and CrowdStrike announced that they’ll work together on the headache of multiple  names for the same threat actors. But what matters most is who did it (if we know), what they accessed and what’s being done about it. That’s what customers, ... Read More

Insight No. 1 — Prioritize proof over promises in agentic AI SC World recently noted that there were three points missing from agentic AI conversations at RSAC. I agree. Many new technologies arrive with significant fanfare. Agentic AI is no exception. However, we must prioritize practical validation over promises. Without ... Read More

Insight No. 1 — Security vendor alert Regarding the open letter that hit a nerve at RSAC this year for calling out lack of reliability, accountability and transparency on the part of some security vendors, consider this: A security vendor that profits from providing the very data needed to detect ... Read More

Insight No. 1 — Echoes of aspiration, shadows of history for SWFT The Software Fast Track (SWFT) proposal for DoD echoes the aspirations of Memorandum M-24-15 from 2024, yet history suggests a repeat outcome. The reluctance of federal entities to conduct independent audits, even after policy shifts, wasn't due to ... Read More

Insight No. 1 — Know which vulnerabilities are active in production Consider this: your pre-production scans might flag hundreds of vulnerabilities, but which ones are actually being exploited in your live environment? The uncomfortable truth is that without visibility into your production runtime, you're operating in the dark, potentially focusing ... Read More

Insight No. 1 — Fast code, slow security? Think ADR Consider the scenario: Development teams are pushing code at unprecedented speeds, and vulnerabilities, whether human or AI-generated, are lingering far too long. What's the logical outcome? Increased exploitation in your production environment. The strategic imperative is clear: We must implement ... Read More

Insight No. 1 — CVE program’s near-death exposes security's single point of failure The recent near-halt of the CVE program due to funding issues highlights a critical vulnerability in our industry's reliance on single points of failure. While CISA's extension averted immediate crisis, it exposed the potential for security's foundational ... Read More

Insight No. 1 — How to survive without CISA As CISA scales back, it’s time for enterprises to wake up to a harsh reality: You can’t rely on the government to secure your infrastructure. The safety net is shrinking, and those still waiting for public-sector handholding are falling behind. Smart ... Read More