Best Practices Archives - Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors

National Insider Threat Awareness Month Quotes and Commentary from Industry Experts in 2025

William Jepma — Tue, 30 Sep 2025 18:14:46 +0000

For National Insider Threat Awareness Month 2025, the editors at Solutions Review have compiled a list of comments from some of the leading industry experts.

As part of this year’s National Insider Threat Awareness Month, we called for the industry’s best and brightest in Identity and Access Management and the broader cybersecurity market to share best practices, predictions, and personal anecdotes. The experts featured represent some of the top influencers, consultants, and solution providers with experience in these marketplaces, and each quote has been vetted for relevance and ability to add business value.

National Insider Threat Awareness Month Quotes from Industry Experts in 2025

Jake Bell, Engineer Team Lead at Object First

“This National Insider Threat Awareness month is a reminder that one of the biggest risks to an organization’s data often can come from within the company. Whether through malicious intent or simple human error, insiders can inadvertently open the door to catastrophic breaches. The most dangerous mindset for any organization is believing ‘it won’t happen to us.’ In today’s threat landscape, leaders must operate under the assumption that a breach is inevitable. This means that secure, tested, and adaptable backup strategies are a non-negotiable.

“This month, IT teams should ensure Zero Trust Disaster Resilience (ZTDR) practices are incorporated into their storage infrastructure. With ZTDR, admins can truly harden their data protection architectures by segmenting backup software and storage, creating resilience zones, and leveraging immutable backups as the final line of defense when attackers slip past defenses. Whether through shadow IT, evolving AI tools, or the click of an unsuspecting employee, with immutable backups and ZTDR principles in place, organizations ensure recovery remains possible even in worst-case insider threat scenarios. Awareness is important, but resilience is essential.”

Patrick Harding, Chief Architect at Ping Identity

“Insider threats have long been a security risk for organizations, but the attack surface is expanding into new territory: AI agents can now act like internal users with their own access and behavior patterns. With 79 percent of senior executives reporting that AI agents are already being adopted in their companies, we’re facing a very stark reality where determining human behavior from bot behavior might be the difference between securing your organization and falling victim to a nefarious attacker.

“Whether it’s a malicious insider, a negligent employee, or an ungoverned AI agent behaving unexpectedly, the fallout from insider threats can be disastrous and long-lasting. That’s why early detection, including identifying unusual patterns like unexpected login attempts or unusual data access, is critical. However, detection alone isn’t enough. Real‑time risk assessment is essential to immediately identify and prioritize the most urgent threats. Finally, decisive actions, including escalating to security operations or enforcing stricter policies, must follow. This month is an important reminder to recognize that every identity, human or AI, needs to be treated with the same level of caution and verification.”

Pete Luban, Field CISO at AttackIQ

“Insider threats, whether from disgruntled employees or compromised credentials, are challenging to detect and prevent with traditional security measures. Insider Awareness Month serves as a reminder to security teams about the importance of simulating real-world insider attack scenarios to assess the effectiveness of their security controls and response protocols.

“Recent spikes in shadow AI usage and a lack of proper cyber hygiene increase the likelihood of insider threats. Using unauthorized tools or platforms can unknowingly expose sensitive data or create exploitable vulnerabilities, as well as poor security practices, like maintaining outdated software or weak passwords.

“By integrating techniques, such as adversarial emulation, into the security lifecycle, organizations can uncover gaps in their detection and mitigation strategies before a real attack occurs. Simulated, continuous testing can ensure that security teams can mitigate attacks before insider threats sidestep defenses and steal valuable company data.”

Joshua Roback, Principal Security Solution Architect at Swimlane

“Insider threats have always been one of the hardest challenges for security teams because they originate from people with legitimate access. Unlike external adversaries, they don’t have to find a way in. They already have the keys. That makes their actions harder to spot and far more damaging when they turn malicious or careless.

“It’s up to organizations to ensure their security systems are well-protected, starting with determining who has access to which systems. Poorly managed access controls can create an environment for insider threats to sprout and thrive. Implementing a mature identity access management solution is the most powerful weapon in mitigating insider threat risks. User behavioural analytics (UBA) can provide proactive detection of anomalous user behaviors, giving security teams a leg up against unannounced attackers.

“The rise of insider threats has resulted in the development of security measures that can ensure that threats are monitored, analyzed, and neutralized before they escalate into catastrophic breaches. Building resilience has required organizations to combine continuous monitoring, automated response, and a strong security culture to reduce the window of opportunity for insider abuse.”

Bojan Simic, Co-Founder and CEO at HYPR

September marks Insider Threat Awareness Month, and this year’s theme, ‘Partnering for Progress,’ cuts to the core of what’s failing in enterprise security today.

“Insider threat mitigation is not an isolated security problem. It’s a company-wide imperative—and it starts with identity. Whether posed by a malicious actor or an employee simply making a user error, insider threats consistently compromise organizations by exploiting gaps in how users are verified at sign-in and throughout a session.

“Identity is rightly regarded as the new perimeter, yet it remains one of the most vulnerable points of access. This is because static credentials, one-time authentication, and siloed access controls leave too much room for misuse. Most systems validate an identity once and then blindly assume that risk has been mitigated. It hasn’t.

“But technology is only half the battle. True ‘Partnering for Progress’ means aligning IT, security, HR, and compliance. Without identity assurance embedded across these functions, insider threats will inevitably slip through. The companies that are preventing breaches are not just reacting to threats; they are proactively integrating identity into every strategic decision. They are the ones who are building a resilient, security-first culture from the inside out.”

Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka

“Insider Threat Awareness Month is a critical initiative for raising awareness about the unique security risks posed by internal actors. There have been several examples of insider threats wreaking havoc on major corporations, with Elon Musk’s X being the most prominent recent example.

“A malicious insider is a significant cybersecurity risk, as such individuals can steal intellectual property, exfiltrate confidential information, sabotage systems, or manipulate business operations for personal gain or in collusion with outside threats. The impact can range from financial losses and reputational damage to regulatory penalties and national security risks.

“Awareness about malicious insider activities is crucial because employees and stakeholders must understand the importance of safeguarding credentials and the necessity of reporting suspicious activity. By teaching employees to recognize the signs of suspicious behavior and reinforcing the importance of strict access controls and reporting protocols, organizations can transform their entire workforce into a crucial line of defense against internal threats. Employees’ role in this is not just important: it’s indispensable. They are the first line of defense, and their commitment to this cause will keep organizations secure.”

Steve Wilson, Chief AI and Product Officer at Exabeam

“The danger from insider threats continues to grow in the modern cyber landscape, particularly as AI accelerates their speed, stealth, and sophistication. With 64 percent of cybersecurity professionals now viewing insiders as a greater risk than external actors, Insider Threat Awareness Month is a critical opportunity to emphasize proactive defense strategies.

“While 88 percent of organizations have insider threat programs, many lack behavioral analytics needed to detect AI-enhanced attacks that exploit trusted access and mimic legitimate user behavior. As threats intensify across sectors like government, healthcare, and manufacturing, this initiative provides an opportunity to call for stronger governance, cross-functional collaboration, and real-time detection capabilities to stay ahead of both human and AI-driven insider risks.”

Mark Wojtasiak, VP of Product Research and Strategy at Vectra AI

“Insider Threat Awareness Month is a reminder that the challenge isn’t just at the perimeter; it’s inside organizations, where identities, networks, and everyday user behavior are constantly at play. Security teams are inundated with thousands of alerts daily, yet only a small fraction represent real threats. This noise leaves many analysts unable to review more than a third of alerts, and the fear of missing an attack is a weekly reality for most SOC professionals. Ultimately, this noise drowns out the signal that matters most—the activity rooted in how identities are used and how they traverse the network.

“Compounding this, recent industry research shows that insider threats, particularly non-privileged users whose accounts are compromised or misused, are now the most prevalent attacker profile. Nearly two out of five prioritized threats are tied to insider behaviors. The reality is that user and identity misuse is inevitable in today’s complex networks and environments. That’s why security leaders need to focus on detection and response strategies that look beyond the perimeter and zero in on how accounts, identities, networks, and data are actually being used. Reducing noise while elevating the signal that matters most is critical to empowering SOC teams to catch what could otherwise slip through the cracks.”

Want more insights like these? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!

The post National Insider Threat Awareness Month Quotes and Commentary from Industry Experts in 2025 appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

AI As a Double-Edged Sword for OT/ICS Cybersecurity

Vicky Bruce — Fri, 26 Sep 2025 19:52:21 +0000

Vicky Bruce, Global Capability Manager of Cybersecurity Services at Rockwell Automation, explains why AI can be a double-edged sword for OT/ICS cybersecurity. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Artificial intelligence (AI) is quickly transforming how industrial organizations think about cybersecurity. On one hand, it helps security teams spot threats earlier, automate responses, and reduce downtime. On the other hand, it gives cyber attackers tools to launch more targeted, convincing, and damaging attacks—often in seconds.

Cybersecurity threats are evolving as fast as the technologies meant to stop them. For cybersecurity teams tasked with protecting operational technology (OT) and industrial control systems (ICS), this is both a leap forward and a growing risk. In the field, the same AI model that helps prevent downtime one day can trigger a false positive —or worse, be manipulated—on another. Security teams face the challenge of tapping into AI’s potential without introducing new vulnerabilities.

The Expanding Cyber Risk Landscape

Industrial networks today look nothing like they did a decade ago. What were isolated, largely air-gapped, industrial networks are now interconnected ecosystems where OT and information technology (IT) converge. Meanwhile, cyber threats are growing in scale and complexity, and the convergence of IT and OT is increasing the attack surface. According to the SANS 2024 ICS/OT Cybersecurity Report, the cybersecurity risks in OT are growing, with 19 percent of organizations reporting one or more security incidents in just a year.

AI is accelerating progress on both sides of the cybersecurity equation. A recent survey of manufacturing leaders found that 49 percent plan to use AI and machine learning (ML) for cybersecurity in the next 12 months. But the same tools are also being used by threat actors to automate intrusions and evade detection. The challenge is to harness AI’s potential while keeping it from being weaponized against the systems it was designed to protect.

New Frontiers in Protecting Operational Technology

AI’s strength lies in its ability to process and act on vast amounts of data. When applied to industrial environments, it can recognize subtle changes before they become major disruptions or threats. Here’s where it’s making a difference:

Smarter Anomaly Detection

Traditional threat detection tools look for known signatures, but many of today’s most damaging threats don’t come with a fingerprint. AI-driven threat detection systems can flag subtle behavioral anomalies, such as a robotic arm cycling 0.4 seconds too fast or a PLC issuing a command slightly out of sequence. Even an unusual pattern in equipment startup time can signal misconfiguration caused by a compromised vendor laptop.

Predictive Maintenance as a Security Layer

AI-powered predictive maintenance can serve as an added layer of a strong cybersecurity strategy. A piece of equipment acting “off schedule” could be more than just wear and tear. It might be a symptom of malware or unauthorized configuration changes. Continuously monitoring maintenance data to flag irregularities can help teams identify potential failures before they happen.

AI-Assisted Network Segmentation

When a breach happens, the difference between a minor incident and a catastrophic shutdown comes down to speed. Seconds can determine whether a threat jumps to another cell or stays isolated. In a food and beverage plant, this could mean stopping a ransomware attack before it locks down a batching system. Instead of waiting for IT teams to intervene manually, AI confirms threats are contained in real-time.

When Cyber Defenses Become a Target

Of course, the same technology deployed to defend operations can be weaponized. Attackers are using AI to design malware that adapts, evades, and even changes itself, rendering traditional security technology relying on fixed threat databases increasingly less useful. At the same time, AI-generated deepfakes make phishing attempts more realistic than ever. Take a manager on the plant floor receiving a voicemail from their “CEO” authorizing a key system modification, then later learning that it was entirely AI-generated.

Attackers are also testing how far they can manipulate AI systems directly. By feeding adversarial data into detection models, they can suppress alerts or train systems to ignore certain behaviors. Without proper validation, a security model might learn the wrong lessons from the wrong data.

Recent high-profile ransomware incidents reinforce how quickly tactics are evolving. For example, a ransomware attack disrupted operations for thousands of U.S. car dealerships and led to a reported $25 million ransom payment. This example demonstrates how threat actors are employing more advanced tactics to cripple businesses and shut down entire industries. These are no longer isolated events, but industry-shaping moments.

Best Practices for AI in OT Cybersecurity

To safely deploy AI in critical infrastructure, organizations need more than just good intentions. They need good governance. This includes:

Implementing security frameworks. AI-driven security measures should follow industry best practices. By aligning with established frameworks like NIST 800-82 and IEC 62443, organizations can take a structured approach to safeguarding operational technology environments in the face of growing OT/IT convergence challenges.
Testing early and often. Without rigorous testing and validation, AI models can be tricked into ignoring or misclassifying real threats. Regular testing helps detect vulnerabilities and prevent adversarial manipulation. Organizations can also use AI to simulate intrusions, running AI-driven penetration tests to identify weaknesses before malicious actors can exploit them.
Embedding security from the start. Additionally, AI should be deployed using a “secure-by-design” approach, where security is embedded into AI systems from the outset rather than treated as an afterthought. The future of AI in cybersecurity isn’t just about a stronger posture—it’s about staying ahead of threat actors who are using the same methods.

Balancing AI Innovation and Risk

As OT/IT convergence continues to blur the lines between traditional IT networks and industrial systems, AI is reshaping industrial cybersecurity. However, it’s a double-edged sword. Used correctly, it can enhance threat detection, automate risk management, and keep OT environments safer than ever. If left unchecked, though, it can introduce new vulnerabilities and give threat actors even more powerful tools. Security leaders must keep their eyes open to this tension to confirm their organizations benefit from AI’s capabilities without becoming over-reliant or exposed to new forms of risk.

The secret is balance. Used wisely, AI is a strategic advantage. Industrial organizations can strengthen security by implementing AI responsibly, validating models, and staying ahead of emerging threats without sacrificing resilience. In today’s high-stakes cybersecurity landscape, that’s the kind of AI strategy that wins.

The post AI As a Double-Edged Sword for OT/ICS Cybersecurity appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

AI-Powered Cyber Threats: A CTO’s Perspective on Next-Generation Threat Intelligence

Prasobh Veluthakkal — Tue, 09 Sep 2025 21:05:48 +0000

Prasobh Veluthakkal, Focaloid Technologies‘ CTO, provides his perspective on the next generation of threat intelligence and AI-powered cyber threats. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

In 2025, the cybersecurity landscape will have taken on an entirely different level of sophistication: AI and machine learning will be the future attack vectors, and teams will need AI to master them. As a technologist who experienced the transition from signature-based detection to behavioral analytics, I see a significant shift in how attackers work, and our enterprise counterparts had better take notice. Recent industry intelligence shows a 19 percent climb in CISO concerns around AI-powered cyber threats, indicating that conventional security paradigms desperately need a strategic overhaul.

The Maturation of AI-Driven Attack Methodologies

The danger has progressed from traditional strike models into a more complex network of strategic, adaptive campaigns that use machine learning to seek the optimal target. Research shows that 62 percent of CISOs are now more worried about the social engineering threat vector—fuelled by AI—than they were in the past. This move presents a significant departure from the more conventional threat and highlights the impact of the threat being shifted away from a traditional perimeter focus.

Modern adversaries use generative AI to model massive datasets such as social media activity, communication patterns, or organizational structure and create attack vectors tailored to the victim from this information. However, these attacks work at scale, not at the level of one individual, which poses a serious threat to the conventional security awareness programs and human detection. The fact that sophisticated AI tools are becoming increasingly democratized, as is evident by the provision of advanced AI plugins for Cybercrime-as-a-Service platforms, has lowered technical barriers, allowing actors with basic AI knowledge to wage high-level attacks such as those carried out using FraudGPT and WormGPT.

Worst of all, the development of adaptive malware that uses machine learning to adjust behavior in real-time. By monitoring the efficacy of the defenders’ reactions, they tweak how they attack and operate at certain times when capture is ineffective. Conventional signature-based detectors are insufficient to detect polymorphic malware, which changes its code signature continuously to escape static analysis.

Intelligence-Driven Defense Architecture

Today’s increasing threats are not addressed using reactionary campaigns but result from proactive drivers likely to appear in new, disruptive, and strategic cyber events. Successful, resilient organizations have implemented continuous behavior monitoring that establishes a set of baseline patterns of network, application, and user activity. They use machine learning algorithms to analyze minor variations that could indicate a breach, such as spikes in entropy or irregular communication that portend the arrival of advanced persistent threat attacks.

Nowadays, threat intelligence platforms can ingest unstructured data from different sources, including dark web forums, social media channels, and global threat feeds, and correlate these separate indicators of compromise. With natural language processing power, security professionals will digest operational-level data from a sea of data about early warning for attack campaigns before they reach critical infrastructures.

The more sophisticated environments complement automatic responses with human decision-making, to ensure tactical decisions taken under the pressures of an attack are still in harmony with broader strategic perspectives. The ones that are the most aggressive in applying AI with cybersecurity operations are banking about $2.2 million, partly thanks to quicker response time than what they are used to without AI and better threat detection, on average.

Regulatory Compliance in the AI Era

The regulatory landscape has evolved significantly, with frameworks like CERT-In’s 2025 guidelines mandating comprehensive Bills of Materials (BOMs) that extend beyond traditional software components to include cryptographic elements, AI models, and hardware dependencies. These requirements demand visibility into entire technology stacks, including third-party integrations and cloud service dependencies.

Organizations must now implement continuous audit readiness, maintaining real-time asset inventories that include AI model provenance, training data sources, and algorithmic decision pathways. The six-hour breach reporting requirement has created operational pressure for automated detection and response capabilities, as manual processes cannot meet these stringent timelines.

Strategic Imperatives for Technology Leadership

From our vast experience deploying enterprise security architectures, three key success elements stand out for organizations preparing for the next wave of AI-powered cyber threats. First, you need a unified threat intelligence platform that combines behavioral analytics with global threat data to provide predictive instead of reactive security trends. Such systems must be capable of automated correlation but keep humans in the loop for complex decision-making.

The second is that zero-trust architecture tenants should be enforced—you should assume compromise and verify all transactions regardless of their origin. This model is crucial for combating AI-driven attacks that impersonate human activity and take advantage of perimeter-based security models. Companies must architect a system where access requests are always authenticated and authorized based on real-time risk evaluations.

Third, organizational capabilities for balancing AI adoption with managing risks must be established following an overall governance framework. Technology risk management leaders must ensure AI deployments improve security posture while complying with regulations and maintaining operational resilience. This demands a partnership between security, compliance, and business functions to derive the proper guardrails around the deployment and management of AI systems.

Conclusion

The collision of AI and cybersecurity is the most significant challenge and the biggest opportunity for enterprise technology leadership. Success is only possible with a threat-informed defensive and offensive strategy, including enterprise solutions and an organization committed to constant evolution. Companies that strike this balance will enjoy serious competitive advantages in the digital business world.

The post AI-Powered Cyber Threats: A CTO’s Perspective on Next-Generation Threat Intelligence appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Compliance-First AI: Building Secure and Ethical Models in a Shifting Threat Landscape

Sam Peters — Tue, 09 Sep 2025 16:12:29 +0000

Sam Peters, the Chief Product Officer at ISMS.online, explains how brands can build secure, ethical, and compliance-first AI models in today’s evolving threat landscape. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

As artificial intelligence becomes increasingly embedded in business operations, from customer service and inventory management to document automation and decision support, one thing is clear: AI is a critical asset, not a novelty. But as technology matures, so does its exposure to risk. And if organizations want to realize the full promise of AI without opening the door to adversarial attacks, they must start with one essential building block: compliance.

Compliance First: The Foundation for Secure and Ethical AI

Before deploying models, before layering on analytics, and long before marketing AI as a competitive differentiator, organizations must embed governance and security at the core of their AI initiatives. That’s where internationally recognized frameworks like ISO/IEC 42001 and ISO/IEC 27001 come in.

ISO 42001 provides a blueprint for responsible AI development. It helps organizations identify model-specific risks, implement proper controls, and govern AI systems ethically and transparently. It’s not just about protecting data, it’s about aligning AI with organizational values and societal expectations.

ISO 27001, meanwhile, offers a comprehensive approach to managing information security risks. It provides controls for safeguarding the infrastructure AI depends on: secure data storage, encryption, access controls, and incident response. Together, these two standards equip businesses to protect their AI systems and demonstrate diligence in a rapidly evolving legal and regulatory environment.

Navigating a Fragmented Regulatory Landscape

U.S. federal lawmakers have yet to pass a comprehensive AI regulation. For now, oversight is happening at the state and local levels, resulting in a patchwork of rules and requirements. With the AI mandate removed from The One Big Beautiful Bill, Congress has effectively left AI governance to individual jurisdictions for now.

For multi-state or national businesses, this decentralized approach creates compliance complexity and regulatory uncertainty. Companies can get ahead of domestic variability and future global mandates by aligning with international frameworks like ISO 42001 and ISO 27001.

Consider the EU’s recently adopted Artificial Intelligence Act, which categorizes AI systems by risk and sets strict requirements for high-risk applications. Similarly, the UK has signaled its intent to regulate the most powerful AI models. For U.S. companies operating globally or simply preparing for what’s next, proactive compliance isn’t just prudent. It’s essential.

The Expanding Attack Surface: How AI is Being Exploited

Even as AI enhances productivity and efficiency, it’s becoming a new target for cyber-criminals. Threat actors are no longer just using AI but attacking it directly.

Common adversarial techniques include:

Data poisoning, where attackers manipulate training data to corrupt outputs or embed bias.
Model inversion, which allows threat actors to reconstruct sensitive training data.
Trojan attacks implant hidden behaviors into models that activate under specific conditions.
Model theft, enabling competitors to reverse-engineer proprietary algorithms.
Output manipulation, particularly risky for content-generating systems, can be forced to produce offensive or misleading content.

The implications go beyond technical failure. Attacks on AI can erode public trust, introduce legal liabilities, and cause real-world harm. That’s why security must be included from the start, not retrofitted once a breach occurs.

AI’s Double-Edged Role in Cybersecurity

Ironically, AI is both part of the solution and part of the problem. Security teams increasingly rely on AI to automate threat detection, triage incidents, and surface anomalies. But bad actors are doing the same.

AI enables cyber-criminals to scale attacks with greater speed and sophistication, whether through deepfake social engineering, generative phishing, or malware obfuscation. It’s creating a new arms race that is already underway. The best defense is a clear governance framework that outlines not only how AI is deployed, but how it’s monitored, tested, and updated to withstand both known and novel attack vectors.

Training the Whole Business: Compliance is Cultural

A successful security strategy can’t live in the SOC alone. It requires cultural buy-in across the organization, and that starts with training. As AI introduces new ethical and technical challenges, security awareness programs must evolve. Yes, employees still need to spot phishing attempts and protect passwords, but they also need to understand AI-specific risks, like hallucinations, bias amplification, and synthetic media threats.

Training should also address ethical use: how to detect and report unfair outcomes, escalate questionable outputs, and stay aligned with the organization’s risk posture. In short, a compliance-first mindset must permeate every level of the business.

A Security Strategy That Starts with Compliance

For enterprises racing to adopt AI, the path forward may seem complex. And it is. But establishing a strong compliance foundation is a clear starting point. To do so means implementing internationally recognized standards, staying current with emerging regulations, and educating teams on new risks and responsibilities.

The alternative, delaying governance until after deployment, invites operational inefficiency, reputational damage, and legal risk. In a fragmented regulatory environment, proactive compliance is more than a box to check. It’s a shield, a signal of trust, and a competitive advantage.

Businesses that treat compliance as core infrastructure, not an afterthought, will be the ones best equipped to innovate responsibly and defend decisively in the age of intelligent systems.

The post Compliance-First AI: Building Secure and Ethical Models in a Shifting Threat Landscape appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

A Clear and Present Danger: Preparing for Cyberwarfare

Nadir Izrael — Tue, 05 Aug 2025 14:23:13 +0000

Nadir Izrael, Co-Founder and CTO of Armis, outlines why cyberwarfare is “a clear and present danger” to their companies across industries. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

According to recent research from Armis, nearly nine in ten (87 percent) IT leaders are concerned about the impact of cyberwarfare on their organization. There is mounting evidence that China, Russia, and North Korea continue to attack the critical infrastructure sectors of the U.S. These nation-state cyberattacks, which are advanced persistent threats (APTs), have roots that stretch back nearly two decades.

Preventing these attacks is challenging because of how well-resourced our adversaries are compared to the average cybersecurity team. APTs only need to find one weak point, such as a vulnerable asset or exposed credentials, but cybersecurity teams triage hundreds of alerts. Consequently, even though 81 percent of IT leaders say moving to a proactive cybersecurity posture is a top goal for their organization in the year ahead, 58 percent of organizations admit that they currently only respond to threats as they occur, or after the damage has already been done.

Furthermore, AI is transforming how threat actors can conduct cyber-attacks with greater speed and efficiency. Nearly three-quarters (73 percent) of IT leaders are specifically worried about nation-state actors using AI to develop more sophisticated and targeted cyber-attacks. Security leaders need to be aware of AI-powered cyberwarfare and how they can help secure their organizations moving forward, which begins with understanding the nature of the threat.

A Field Guide to APTs

APTs and cyberwarfare go hand in hand. Volt Typhoon has been attributed to China, Cozy Bear to Russia, and Reaper to North Korea, just to name a few.

Volt Typhoon conducts reconnaissance of network architectures, gains initial access through vulnerabilities, and aims to obtain administrative access. The security industry refers to these as tactics, techniques, and procedures (TTPs). Understanding the most common TTPs is vital to preventing these attacks.

The risk of cyberwarfare is not limited to China. Cozy Bear is an example of a notable Russian APT that has been targeting U.S. government systems for more than a decade. The SolarWinds breach, which elevated awareness of supply chain risks, was purportedly conducted by Cozy Bear. Their TTPs tend to focus on gaining access through credentials via phishing or cached RDP access.

Unfortunately, whether discussing vulnerable assets, exposed credentials, or social engineering, threat actors have learned that AI can make their attacks more successful.

How APTs Use AI

AI-enabled attacks have the potential to be more adaptive, evasive, and impactful than the last generation of attacks. Security researchers have demonstrated the effectiveness of AI-enabled phishing attacks.

Given Cozy Bear’s penchant for social engineering, it should be concerning that they could now automate highly personalized messages for large-scale phishing attacks against the U.S. government. Likewise, consider Volt Typhoon’s affinity for targeting vulnerable assets. AI models can be trained to scan for specific vulnerabilities or unleashed on a single target to identify their weaknesses.

AI can even automatically execute attacks when it finds vulnerabilities, without human intervention. Furthermore, AI can automate the development of malware to dynamically generate code to evade detection. And frankly, this is just the tip of the iceberg. We know these are the most obvious scenarios because we are already beginning to observe them.

Shifting Left of Boom

The time to act is now. Organizations cannot change the nature of the threat, but they can change how they respond. And with most organizations still responding to attacks only after they occur, it’s imperative that security leaders shift their programs left of boom.

Preemptive security begins with complete visibility across IT, OT, IoT, IoMT, and cloud environments. It’s more than just discovering assets and creating an asset inventory; it’s also understanding how they are connected and if they are vulnerable to prioritize and remediate risks. The good news is that AI-enabled security solutions offer various features to combat cyberwarfare. For example, behavioral analysis is an AI capability that detects deviations from normal behavior patterns.

This is a call to arms. Just as our adversaries can automate the discovery of vulnerabilities and the execution of attacks, AI-enabled cybersecurity can identify blind spots, discover vulnerable assets, automate threat hunting, and even reconfigure security settings in real-time to respond to threats before they cause disruption.

The post A Clear and Present Danger: Preparing for Cyberwarfare appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

How to Make Application Security Just Another Software Quality Issue

Ravid Circus — Thu, 24 Jul 2025 15:07:40 +0000

Ravid Circus, the Co-founder and Chief Product Officer at Seemplicity, outlines how application security can become a software quality issue. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Application security hasn’t failed, but it’s built on assumptions from a slower, more predictable era. Traditional models were designed for monolithic environments and infrequent releases, not today’s fast-moving, cloud-native applications assembled from hundreds of components.

As the pace of releases accelerates and complexity grows, legacy security review cycles and siloed testing tools simply can’t keep up. What’s needed now is a more cohesive, holistic approach to managing application security; one that matches the speed and scale of modern software development.

The Limits of Legacy AppSec and the DevSecOps Wake-up Call

Despite the shift-left push, most teams still rely on tools and processes that don’t deliver on the shift-level promise. DevSecOps promised collaboration, but in practice, it’s introduced more tooling, more data, and little in the way of unified action.

Security findings are scattered across scanners, CI/CD pipelines, cloud platforms, and ticketing systems. Teams work in silos, often duplicating effort or missing critical issues altogether. Developers are flooded with findings that lack context, while security teams chase down ownership and manually triage alerts.

The problem isn’t visibility; it’s cohesion. Without a way to transform big lists of problems into digestible “security backlogs,” the implementation layer is stalled. A unified approach is needed to tie these pieces together and drive action across teams. That’s where application security posture management (ASPM) comes in—not as another tool but as a framework for regaining control.

The Rise of Application Security Posture Management (ASPM)

ASPM isn’t just a new category; it’s a new mindset. ASPM is about stepping back and building a deeper understanding of application risk. It reframes the problem from “how do we find more vulnerabilities?” to “how do we continuously understand, prioritize, and address the ones that matter most?”

Conversations often focus on centralization, prioritization, and visibility. However, there needs to be more emphasis on operationalizing. For example, moving from a list of problems to a list of solutions, thinking about the “fixer experience,” how to reduce noise, and providing remediation guidelines.

This context is what enables meaningful prioritization. ASPM platforms evaluate risk based on exploitability, exposure, business criticality, and compensating controls. The result is a ranked, focused queue that helps teams act with confidence, not guesswork.

Equally important is that ASPM is an orchestration layer. It routes remediation tasks to the right teams through the systems they already use, whether Jira, ServiceNow, or GitHub. It automates policy enforcement, so security standards are met by design, not afterthought. It enables audit-ready tracking and metrics without pulling developers out of their flow.

In short, ASPM turns scattered signals into structured action.

Best Practices for Implementing ASPM

ASPM aims to create a security operating model that can scale with your development velocity, not bottleneck it. That means moving beyond just better prioritization and toward actual execution. Here are a few key principles to keep in focus when implementing ASPM:

Start with signal consolidation, not just more data. Aggregate findings across scanners, clouds, pipelines, and ticketing systems into one place. Fragmented signals slow you down; consolidation is step one toward clarity.
Enrich data with context. Consolidated data is only useful when you can make sense of it. Layer on metadata, asset ownership, exploitability, and business impact so teams can understand what matters and why.
Prioritize risk based on real-world impact. Focus on what’s exploitable and impactful, not just what scores the highest. But prioritization alone doesn’t move the needle if those priorities sit idle.
Automate remediation workflows without disrupting dev teams. Security teams must go beyond identifying risk to orchestrating action. That means routing the right issues to the right people, with the proper context, and doing it without friction or delay.
Meet developers where they work. Embedding security into developer workflows ensures fixes happen where code gets written, not weeks later in disconnected tools or review processes.
Make governance and reporting effortless. Automate policy enforcement and keep audit trails, SLAs, and trend data up to date. That way, proving compliance becomes a byproduct of doing the work, not another task on the security team’s to-do list.

ASPM isn’t a silver bullet, but it is a way to operationalize security at the speed of modern software. The challenge is no longer just understanding risk—it’s ensuring that risk gets addressed, efficiently and continuously, across the organization.

Signs You’re Ready for ASPM

If you’re seeing any of the following, it may be a sign your organization is ready for ASPM:

You’re juggling multiple tools but frustratingly still lack a unified view of application risk.
Vulnerabilities and exposures pile up faster than they can be triaged, and ownership is unclear.
Friction, such as noisy alerts that lack actionable context, overwhelms developers.
Security policies exist, but enforcement and tracking require manual workarounds.
Reporting on risk posture, SLA compliance, or trends is slow and takes days, not minutes.

Know what “good” looks like

An ASPM-aligned approach is not just about visibility and prioritization—it should drive action and measurable progress. Rather than just analyzing risk, this approach reduces risk by seamlessly connecting security and engineering. If you’re evaluating platforms or building internal processes, ask the following:

Does it correlate findings across security scanning tools, or just list them?
Does it add context?
Can it prioritize based on exploitability and business impact?

And most importantly:

How well does it integrate into existing workflows and ticketing systems?
Is policy enforcement built in?
Can you track what’s improving over time?

Prioritization is just the midpoint. A strong ASPM foundation ensures that security efforts don’t stall at triage—they get delivered, tracked, and improved.

Think architecture, not just tooling

ASPM is a shift in how you structure application security operations. Even if you’re not adopting a formal ASPM platform today, you can start applying its principles: centralizing signals, enriching with context, enforcing policy at scale, and automating remediation. The right tools can support that, but only if your operating model is ready for it.

Security leaders are under pressure to do more with less while proving their effectiveness to the business. ASPM provides the structure and strategy to do both if you know what to look for and how to implement it with intent.

To Sum it Up: Securing What You Build, at the Speed You Build It

Application development keeps accelerating, and security must evolve in parallel. It’s no longer enough to surface more findings or shift left alone. What’s needed is a structured, end-to-end approach that unifies signals, prioritizes real risk, and works within developer workflows. ASPM provides the model to do just that. Adopting ASPM principles isn’t just a technical upgrade but a strategic change that brings security back into line with how modern software is built.

The post How to Make Application Security Just Another Software Quality Issue appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Navigating the Security Challenges of AI

Russell Fishman — Tue, 22 Jul 2025 16:08:25 +0000

Russell Fishman, the Global Head of Solutions Product Management for AI, Virtualization, and Modern Workloads at NetApp, discusses the security challenges AI can introduce to modern companies. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

AI is transforming industries. But with its immense potential comes serious responsibility. For organizations leveraging AI, securing these systems isn’t optional—it’s foundational. This year is set to be a pivotal moment as businesses race to innovate with AI while addressing its growing security risks.

Drawing from insights in NetApp’s 2024 Data Complexity Report and emerging market trends, I’m sharing a practical roadmap for navigating AI’s most pressing security challenges. Expect clear steps to help protect your data, safeguard your innovations, and maintain a competitive edge.

The Two Fronts of AI Security

AI opens doors to incredible possibilities, but those doors must stay locked from threats. Successful organizations will tackle security on two critical fronts:

1) Securing AI Development and Deployment

Building and deploying AI systems securely is non-negotiable. Here are two key challenges businesses must confront head-on:

Security in Pre-Trained Models

Many enterprises rely on pre-trained foundation models or customize them further with techniques like fine-tuning or retrieval-augmented generation (RAG). While these models save time, the question remains: Is your AI model secure?

Before adoption, organizations must ensure that external models meet rigorous security standards. This reduces risks such as exploitation by malicious actors or the injection of harmful biases.

Safeguarding Proprietary Data

Fine-tuning models often leverages proprietary or sensitive data. When training AI, your data may pass through third-party platforms, increasing the risk of unauthorized access. To mitigate this, businesses must:

Encrypt data during training.
Enforce robust governance policies.
Ensure tight access controls across workflows.

Without these safeguards, companies risk exposing critical intellectual property and customer data.

2) Managing Third-Party App Risks

Even if you build secure AI tools internally, third-party applications bring external risks into your ecosystem. For example, employees using generative AI tools for productivity could unknowingly upload sensitive data. This might lead to the exposure of trade secrets, intellectual property, or confidential business information.

Combatting these risks requires trained employees, proactive data monitoring tools, and clear policies around third-party AI usage. By addressing these vulnerabilities, businesses can protect themselves from staggering potential risks and remain ahead.

The Evolution of AI Security

The rise of AI has highlighted the critical need for robust cybersecurity measures, particularly as technologies like agentic AI come into play. Unlike earlier AI applications, agentic AI acts more dynamically, akin to a “read/write” system. This significantly amplifies potential risks, as agents can process and act on data autonomously. The damage from unintended or malicious actions in these systems could far surpass what we’ve seen with other GenAI tools.

Here’s how forward-thinking organizations are navigating this evolving landscape:

1) AI for Threat Detection and Protection

Cyber-criminals increasingly leverage AI, and businesses must counteract with equally sophisticated tools. AI-driven cybersecurity systems can analyze massive datasets to identify vulnerabilities, detect anomalies, and respond to threats in real-time. Implementing AI for cybersecurity isn’t just proactive; it’s essential to staying ahead of emerging risks.

2) Securing Agentic AI at the Data Level

Agentic AI raises the stakes for securing data. Safeguarding systems start with controlling the data fed into AI models and ensuring that only the correct data is accessible. This proactive, policy-driven approach to securing data at its source prevents the inconsistent and reactionary methods often seen when security policies are fragmented across multiple platforms. Simplified, unified controls eliminate the “whack-a-mole” challenge of decentralized governance.

3) Cross-Functional Collaboration is Key

Managing AI security isn’t a siloed effort. Success depends on collaboration between teams, from AI developers to cybersecurity experts, compliance officers, and data scientists. Unified, interdepartmental strategies ensure that AI systems are resilient to evolving threats without compromising innovation.

Organizations that adopt these practices mitigate risks and lay the groundwork for trust, accountability, and innovation. It’s clear that in the age of agentic AI, robust security frameworks aren’t optional; they’re fundamental to enterprise success.

The Foundation for Securing AI

Tackling these challenges starts with the proper infrastructure. Scalable, intelligent solutions are essential to balancing innovation with security. Here’s how organizations can effectively manage AI complexity:

Unified Data Access: Securing data at the source is no longer optional. Rather than relying on a patchwork of application-level solutions, businesses must implement consistent, policy-driven safeguards directly at the data level. Think of it this way: replicating data security measures across multiple tools is like playing Whac-A-Mole, where gaps and vulnerabilities are inevitable. A unified, policy-driven approach ensures security is seamless, scalable, and designed to evolve with the organization’s needs.
AI-Optimized Environments: AI thrives on robust infrastructure. Encryption, data protection, and cross-platform compatibility create safer and more efficient systems.

For enterprises looking to simplify complex AI implementation, intelligent tools are the key to enabling progress without sacrificing security.

Bridging Innovation and Trust

AI offers unparalleled opportunities to innovate, elevate industries, and compete globally. But with such power comes an undeniable need for trust. The businesses best positioned for the future are those that weave security into every layer of their AI workflows. It’s not just about mitigating risks. It’s about fostering trust with customers and stakeholders while preparing for the possibilities AI unlocks.

The question for every business leader today is clear yet profound: How will you protect the innovations that define your success?

The post Navigating the Security Challenges of AI appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

The Internet Blind Spot: Why APM Alone is Insufficient for Modern Enterprises

Mehdi Daoudi — Thu, 17 Jul 2025 15:56:53 +0000

Mehdi Daoudi, the CEO and co-founder of Catchpoint, explains why APM is no longer sufficient for modern enterprises. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

In the wake of recent ChatGPT outages, occurring roughly once a month since the start of the year, and with the latest incident causing significant ripple effects across industries, enterprise leaders are once again reminded of an inconvenient truth: the Internet, though invisible to most IT teams, is now critical infrastructure and an extension of their internal systems. In fact, the major outage on January 23rd overwhelmed OpenAI’s infrastructure and exposed cascading system failures, triggered by a third-party database outage and faulty health-check logic (issues that traditional APM can easily miss).

Even the most robust internal systems are vulnerable without visibility into external dependencies. That’s where Internet Performance Monitoring (IPM) comes in: it extends observability beyond the application, helping teams detect, diagnose, and respond to disruptions inside and beyond the firewall, across the broader Internet Stack before they impact end-users.

For years, Application Performance Management (APM) tools have been the standard for tracking application health, monitoring internal code execution, server performance, and cloud environments. These tools are valuable and necessary, but they are no longer enough. As the modern digital experience increasingly relies on complex, multi-cloud architectures and third-party services consumed via APIs delivered over the public Internet, APM alone leaves a dangerous blind spot.

Unlike internal infrastructure, the Internet is not something any single enterprise owns or controls. It’s a vast, decentralized, shared resource, and its performance can make or break your digital experience. When latency spikes, traffic gets congested, APIs are unresponsive, packets drop, or BGP routes go awry, your customers don’t care where the issue originates; they know your service isn’t working. A recent 2025 Forrester Opportunity Snapshot revealed that the average company experiences 72 Internet disruptions per month. Moreover, for 42 percent of the companies surveyed, those disruptions resulted in losses of over $500,000 in the month preceding the survey, which is over $6M annually.

The ChatGPT outages were not isolated in cases. Every week, digital services experience degradation or downtime due to issues outside their application code. From ISP-level disruptions to DNS misconfigurations or cloud service slowdowns, these Internet-layer issues are now just as impactful as a failed server or a bad deploy. Yet, many organizations still aren’t monitoring them.

APM excels at telling you how your app performs within your environment. It’s great to understand app events, bottlenecks in your code and infrastructure, and resource usage. But it doesn’t tell you if your CDN is down in the Northeast. It doesn’t reveal if a peering problem makes your login page fail in Germany. It doesn’t show you how your SaaS dependencies are performing in real-time. In other words, APM is blind to what’s happening beyond your firewall, where your users actually are, and the real-world experience you are delivering.

To close this gap, enterprises must expand their observability toolkit with Internet Performance Monitoring (IPM). IPM solutions are purpose-built to monitor the internal and external dependencies that underpin every digital experience, including networks, protocols, cloud services, APIs, applications, and every internet technology between users and your services. With IPM, organizations gain real-time, proactive visibility from multiple geographies and networks to understand the real-world end-user experience. It becomes possible to quickly determine whether an issue is global or localized, whether it stems from network degradation or an application bug, and whether the problem lies upstream or downstream from your own infrastructure.

This clarity enables teams to resolve issues faster, avoid the blame game, and maintain better SLAs with partners. It also empowers IT teams to be proactive. Instead of waiting for a user complaint to flag an issue, IPM surfaces performance degradation the moment it begins (even if those issues stem from a third-party provider).

Today’s enterprise stack encompasses more than code and servers; it now includes APIs, clouds, and global networks. This shift means the public Internet must be treated like core infrastructure, with monitoring and accountability to match. Multi-cloud architectures, hybrid WANs, and remote work have only increased our reliance on the Internet. And as digital services continue to grow more distributed, so will the range of external variables affecting them. The only way to ensure resilience and performance is to bring the public Internet into the monitoring fold.

Modern businesses must recognize that the Internet is not just a background utility that works magically; it’s the delivery mechanism for their brand promise. And when that mechanism falters, so does user trust, revenue, and reputation. The next major outage won’t be caused by your code. It’ll likely be caused by an issue on the Internet (one you can’t fix if you don’t see it coming). As enterprises mature in their observability strategies, APM remains essential, but it must be complemented by IPM to deliver a complete, modern view of service health. We can’t fix what we can’t see. It’s time to bring the Internet out of the blind spot and into full view through IPM.

The post The Internet Blind Spot: Why APM Alone is Insufficient for Modern Enterprises appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Key Insights from Insight Jam’s “Fortress AI: Deploying AI Agents for Ironclad Security” Panel

Josh Ray — Tue, 01 Jul 2025 17:57:08 +0000

Josh Ray, CEO of Blackwire Labs, recently participated in a panel discussion on Fortress AI and highlighted some of the most relevant takeaways. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

I had the privilege of joining an outstanding group of cybersecurity leaders for Solutions Review’s Insight Jam panel on “Fortress AI: Deploying AI Agents for Ironclad Security.” The conversation with Michael Morgenstern (DayBlink Consulting), Daniele Catteddu (Cloud Security Alliance), Greg Sullivan (CIOSO Global), Keatron Evans (InfoSec), and Simon Jonker (CSIS Security Group A/S) provided invaluable insights into where AI agents are transforming cybersecurity operations today—and where we’re headed tomorrow.

The Human-AI Partnership: Trust Through Governance

One of the most compelling themes that emerged from the “Fortress AI” panel was the critical balance between AI autonomy and human oversight. As Daniele Catteddu noted, “I see [AI agents] as a tool, though, a tool that is going to augment humans. I doubt that will ever replace them or us, in the sense that there are way too many complexities in order for them to be ungoverned.”

This perspective aligns perfectly with Blackwire Labs’ philosophy. We’ve designed our platform around the principle of human-augmented capability, where AI agents enhance human decision-making rather than replacing it. Our Cybersecurity Community of Excellence (CCOE) of 50+ seasoned professionals sets the foundation for validating and curating the knowledge (to include their wisdom) that powers our AI agents, ensuring that expert human insight remains at the core of every recommendation.

Simon Jonker reinforced this notion by emphasizing that “fundamentally, security boils down to trust. And the best way to build trust is also to do that through relationships… ultimately person to person.”

This is precisely why our TrustWire technology provides blockchain-based verification and complete auditability—trust in AI systems must be built on transparency and verifiable expertise.

The Reality Check: We’re Already Behind

Greg Sullivan delivered a sobering reality check that resonated throughout the discussion: “No cyber-attack I’ve seen in the last few years has been the act of a single team, so we better put ourselves in a position to have at least the tools they’re using against them. And AI is in that category today.”

This observation underscores why Blackwire Labs exists. cyber-criminals have been “professionalizing” their operations for years now, and espionage actors are determined, well-resourced, and continuously increasing in capability, now layering on the ability to leverage AI tools to scale and accelerate their attacks. Meanwhile, many organizations struggle with basic security fundamentals due to resource constraints and skills gaps. Our vendor-agnostic approach democratizes access to enterprise-grade cybersecurity intelligence, helping organizations of all sizes compete against well-resourced adversaries.

Practical AI Applications: Beyond the Hype

The panel showcased several compelling use cases that demonstrate AI’s immediate value in cybersecurity operations:

Vulnerability Management & Threat Mitigation

Michael Morgenstern set the stage perfectly: “The goal seems to be the same: to focus humans on the most critical IQ-intensive functions and automate away all the rest.”

Simon Jonker highlighted a critical use case: “The ability to present, aggregate, and somehow collect all of the information, especially in the network segment… funnel it down into an AI agent that can help you strategize and help you target as an analyst, what are the threats that we are detecting here.”

This mirrors our approach with Blackwire 2.0’s advanced agentic architecture, which intelligently orchestrates multiple data sources and specialized tools to provide contextualized threat intelligence tailored to each organization’s specific environment.

Skills Assessment and Training

Keatron Evans shared an innovative approach to validating cybersecurity skills using AI, noting that many professionals claiming extensive experience actually “assess at the level of someone who’s been doing it for like six months.”

This highlights the skills gap that Blackwire.ai helps bridge by providing expert-level guidance to practitioners at all skill levels and organizational roles.

A Personal Use Case: Turning Compliance into Competitive Advantage

During the panel, I shared a real-world example that illustrates the transformative potential of AI in cybersecurity. Working with a CISO in a large manufacturing OT environment. The CISO wanted to create a data-driven board presentation to ask for investment to mature portions of his security program. His pragmatic and creative idea was to demonstrate how this investment could not only help drive down organizational risk but also demonstrate how this investment would be offset by potentially reduced cyber insurance premiums; however, he needed data to support his business case.

We used Blackwire.ai to analyze their CIS Controls, focusing on those with a low maturity score. The objective was to first provide specific recommendations and implementation steps to increase the maturity of those controls. Then, assuming those controls had improved, we cross-referenced those results with cyber insurance requirements.

The result? Within minutes, we created an intersection of the specific CIS controls that would simultaneously improve their security posture and (once improved), would significantly reduce their insurance premiums. This targeted and data-driven approach on what to focus on, why, and how to achieve it saved the organization an estimated $160,000-$200,000 in consulting fees. It provided a compelling business case for the board and a prescriptive roadmap to success.

As I noted in the discussion, “That’s an interesting use case that was maybe not something that I actually thought of initially, but in working with our client, actually drove a really positive outcome.” This exemplifies how AI agents can surface unexpected value by connecting disparate data points in ways that humans might miss or more likely not have the time or money to implement.

The Accountability Challenge

Keatron Evans raised a crucial point about AI accountability: “When they adopt AI into their security workflows, that accountability and responsibility matrix is mapped out… the ownership of a decision that was made is somewhere buried into some AI algorithm somewhere, and nobody knows how it got made.”

This is exactly why we took a human-and-technology approach to address this accountability challenge. We’ve invested significant time and resources in creating rigorous source evaluation criteria grounded in intelligence analytical tradecraft. Our Cybersecurity Community of Excellence provides the curated expert knowledge base that forms the foundation of every recommendation. All outputs are completely referenceable, with sources secured via Trustwire technology, so you know the source is authentic and hasn’t been altered. Organizations can trace every recommendation back to its expert-validated sources and demonstrate the integrity of that information to auditors, boards, and regulators.

Looking Ahead: The Evolution of Fortress AI

The panel reinforced my conviction that we’re at an inflection point in cybersecurity. As Keatron Evans wisely advised: “Focus on the problem that you want to solve and then find a way to use AI to solve it—versus just focusing on putting AI into something.”

This problem-first approach is driving our development of Blackwire 2.0, coming out later this year. We’re not adding AI features for the sake of having AI—we’re solving real client problems:

Workflow automation that eliminates complexity – No need to be an expert prompt engineer or wondering what to ask. The platform adapts to your security processes with intelligent onboarding that captures your organization’s context and configures custom AI personas for each role based on your technology ecosystem and business priorities
Streamlined intelligence operations – Transform threat reports into automated analysis and strategic deliverables within hours, while turning time-intensive compliance processes into efficient analyses across HIPAA, CMMC, ISO, and NIST frameworks
Precision-targeted security management – Custom dashboards and daily briefings correlate global threat intelligence with your specific organizational vulnerabilities and business drivers, while automated tabletop exercise workflows generate comprehensive, realistic threat scenarios in hours rather than weeks, dramatically reducing costs while maintaining enterprise-level quality and regulatory compliance requirements

The Path Forward: Measured Adoption with Bold Vision

Daniele Catteddu provided perhaps the most balanced perspective on AI adoption: “I would certainly encourage all of you and everyone in the audience to… go for that. So perhaps if I can make a kind of call for action, I would certainly encourage all of you…to help us in developing those best practices, those frameworks that are going to be able to help us in better governing a technology that… is absolutely fantastic.”

The cybersecurity community must work together to establish governance frameworks for AI adoption. At Blackwire Labs, we’re committed to this collaborative approach and expanding our partnerships with organizations like the Cloud Security Alliance.

Conclusion: Building Trust in an AI-Driven Future

As we deploy AI agents across our security operations, we must remember that the goal isn’t to eliminate human judgment—it’s to augment human capability at scale. Like the “Fortress AI” panel discussion covered, the most successful organizations will be those that can harness AI’s speed and precision while maintaining human oversight and accountability.

That’s the vision we’re building toward at Blackwire Labs, and it’s the conversation we must continue having as an industry.

The full Insight Jam panel discussion on “Fortress AI: Deploying AI Agents for Ironclad Security” is available on Solutions Review’s YouTube channel. I encourage everyone to watch the complete conversation to hear all the valuable insights from our distinguished panel of experts.

To learn more about how Blackwire.ai can help your organization deploy AI agents for ironclad security while maintaining human oversight and accountability, visit blackwirelabs.com or connect with me directly.

The post Key Insights from Insight Jam’s “Fortress AI: Deploying AI Agents for Ironclad Security” Panel appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.

Zero Trust Security — Purpose-Built Networking and AI Make It Possible

Suresh Katukam — Thu, 26 Jun 2025 20:58:08 +0000

Suresh Katukam, the Chief Product Officer and Co-Founder at Nile, explains how purpose-built networking and AI make zero trust security possible. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Ransomware attacks in the U.S. have surged 149 percent year over year. The sheer scale and sophistication of these threats—often powered by AI—are overwhelming traditional security defenses. At the same time, remote work, cloud adoption, and the proliferation of IoT devices have pushed the modern enterprise far beyond the limits of perimeter-based security.

To play catch-up, organizations have implemented many bolted-on controls and quick fixes. This is not working, as Gartner has evidenced. In their 2024 State of Zero Trust Adoption Survey, 63 percent of respondents had either attempted or partially attempted a zero-trust initiative; however, 35 percent reported failures in their initiatives that adversely affected their organization. A fundamentally different approach is needed: one that combines Zero Trust principles with purpose-built network infrastructure and AI-driven automation.

Zero Trust: More Than a Marketing Term

As applications, users, and devices have moved outside the traditional network perimeter, assumptions that led to legacy security models have collapsed. To counter this, the Zero Trust security framework was introduced in 2010 and is based on the simple principle of “never trust, always verify”. Over 15 years later, it’s now more relevant than ever.

Zero Trust is intended to outline the steps needed to enforce least-privilege access, continuously verify identity, and lay the groundwork for segmenting networks that limit lateral movement. It’s a powerful model in theory, but in practice, most organizations struggle to implement it effectively at scale.

Why Zero Trust Initiatives Fail

In Gartner’s more recent “Predicts 2025: Scaling Zero-Trust Technology and Resilience” report, they paint a sobering picture: by 2028, 30 percent of organizations are expected to abandon their zero-trust initiatives, citing complexity, lack of integration, cultural resistance, and limited vendor value. Unless we fundamentally rethink how Zero Trust is implemented, that prediction will likely prove accurate.

Additional barriers include:

Legacy infrastructure that was never designed for dynamic access control or micro-segmentation.
Agent-based models like ZTNA that do not work for unmanaged IoT or operational tech devices.
Operational missteps—everything from misconfigurations to policy sprawl.
Skill gaps, especially in lean IT teams.

In essence, Zero Trust can’t be reduced to a product. It’s an architectural shift, and unfortunately, many organizations are trying to retrofit Zero Trust principles into environments that were never meant to support them.

Where AI Fits—And Where It Doesn’t

AI plays a critical role in making Zero Trust scalable. But AI alone isn’t enough. If the underlying network is based on legacy principles and vulnerabilities, it is inconsistent, reactive, or fragmented in how Zero Trust is delivered, AI becomes just another bolted-on solution—or worse, a band-aid. This is why a combination of a deterministic network architecture and closed-loop AI automation is so powerful.

A fundamentally different approach must be explored. One where every port and access point is secured by default, with identity-based access baked into the infrastructure, where VLANs, the spanning tree protocol, bolt-on NAC solutions, and a reliance on agents are no longer needed. The network must be designed to enforce consistent access policies across users and devices from day one, regardless of whether they are connecting on campus or remotely.

AI then amplifies this by:

Monitoring user and entity behavior in real-time across the entire fabric.
Detecting anomalies and surfacing root causes proactively.
Reducing the need for manual intervention and guesswork.
Continuously optimizing policy adherence.

AI and automation should not be bolted on to fix legacy vulnerabilities. Instead, networks should be designed so that security is an outcome of control and visibility, and AI reliably scales that outcome. The better path is to adopt a network designed from the ground up to isolate devices, enforce identity, and deliver policy-based access consistently, without depending on manual configuration or human enforcement.

With AI, this network becomes inherently more secure and intelligent, capable of adapting in real-time as users, devices, and threats evolve.

Again, Start with the Right Foundation

Before launching into a Zero Trust initiative or trying to fix an existing implementation, organizations should ask:

What are the vulnerabilities in our current network architecture?
Can our environment support identity-based access and segmentation without complexity?
How are we scaling security with the resources we have—and where can AI and automation help?
Are we moving to or enabling Zero Trust, which was built in by design, or are we trying to duct-tape it onto a legacy foundation?

The future of enterprise security isn’t just about AI or Zero Trust in isolation. It’s about unifying both through a purpose-built network architecture, made intelligent by AI. This allows you and your organization to move from aspiration to assurance—and from reactive security to real protection.

The post Zero Trust Security — Purpose-Built Networking and AI Make It Possible appeared first on Best Endpoint Protection Security (EPP) Tools, Software, Solutions & Vendors.