The post Countdown to Q-Day: Why Manufacturers Must Act in the Present to Prevent Quantum Threats of the Future appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

Suresh Katukam, the Chief Product Officer and Co-Founder at Nile, explains how purpose-built networking and AI make zero trust security possible. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Ransomware attacks in the U.S. have surged 149 percent year over year. The sheer scale and sophistication of these threats—often powered by AI—are overwhelming traditional security defenses. At the same time, remote work, cloud adoption, and the proliferation of IoT devices have pushed the modern enterprise far beyond the limits of perimeter-based security.

To play catch-up, organizations have implemented many bolted-on controls and quick fixes. This is not working, as Gartner has evidenced. In their 2024 State of Zero Trust Adoption Survey, 63 percent of respondents had either attempted or partially attempted a zero-trust initiative; however, 35 percent reported failures in their initiatives that adversely affected their organization. A fundamentally different approach is needed: one that combines Zero Trust principles with purpose-built network infrastructure and AI-driven automation.

Zero Trust: More Than a Marketing Term

As applications, users, and devices have moved outside the traditional network perimeter, assumptions that led to legacy security models have collapsed. To counter this, the Zero Trust security framework was introduced in 2010 and is based on the simple principle of “never trust, always verify”. Over 15 years later, it’s now more relevant than ever.

Zero Trust is intended to outline the steps needed to enforce least-privilege access, continuously verify identity, and lay the groundwork for segmenting networks that limit lateral movement. It’s a powerful model in theory, but in practice, most organizations struggle to implement it effectively at scale.

Why Zero Trust Initiatives Fail

In Gartner’s more recent “Predicts 2025: Scaling Zero-Trust Technology and Resilience” report, they paint a sobering picture: by 2028, 30 percent of organizations are expected to abandon their zero-trust initiatives, citing complexity, lack of integration, cultural resistance, and limited vendor value. Unless we fundamentally rethink how Zero Trust is implemented, that prediction will likely prove accurate.

Additional barriers include:

• Legacy infrastructure that was never designed for dynamic access control or micro-segmentation.
• Agent-based models like ZTNA that do not work for unmanaged IoT or operational tech devices.
• Operational missteps—everything from misconfigurations to policy sprawl.
• Skill gaps, especially in lean IT teams.

In essence, Zero Trust can’t be reduced to a product. It’s an architectural shift, and unfortunately, many organizations are trying to retrofit Zero Trust principles into environments that were never meant to support them.

Where AI Fits—And Where It Doesn’t

AI plays a critical role in making Zero Trust scalable. But AI alone isn’t enough. If the underlying network is based on legacy principles and vulnerabilities, it is inconsistent, reactive, or fragmented in how Zero Trust is delivered, AI becomes just another bolted-on solution—or worse, a band-aid. This is why a combination of a deterministic network architecture and closed-loop AI automation is so powerful.

A fundamentally different approach must be explored. One where every port and access point is secured by default, with identity-based access baked into the infrastructure, where VLANs, the spanning tree protocol, bolt-on NAC solutions, and a reliance on agents are no longer needed. The network must be designed to enforce consistent access policies across users and devices from day one, regardless of whether they are connecting on campus or remotely.

AI then amplifies this by:

• Monitoring user and entity behavior in real-time across the entire fabric.
• Detecting anomalies and surfacing root causes proactively.
• Reducing the need for manual intervention and guesswork.
• Continuously optimizing policy adherence.

AI and automation should not be bolted on to fix legacy vulnerabilities. Instead, networks should be designed so that security is an outcome of control and visibility, and AI reliably scales that outcome. The better path is to adopt a network designed from the ground up to isolate devices, enforce identity, and deliver policy-based access consistently, without depending on manual configuration or human enforcement.

With AI, this network becomes inherently more secure and intelligent, capable of adapting in real-time as users, devices, and threats evolve.

Again, Start with the Right Foundation

Before launching into a Zero Trust initiative or trying to fix an existing implementation, organizations should ask:

• What are the vulnerabilities in our current network architecture?
• Can our environment support identity-based access and segmentation without complexity?
• How are we scaling security with the resources we have—and where can AI and automation help?
• Are we moving to or enabling Zero Trust, which was built in by design, or are we trying to duct-tape it onto a legacy foundation?

The future of enterprise security isn’t just about AI or Zero Trust in isolation. It’s about unifying both through a purpose-built network architecture, made intelligent by AI. This allows you and your organization to move from aspiration to assurance—and from reactive security to real protection.

The post Zero Trust Security — Purpose-Built Networking and AI Make It Possible appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

The editors at Solutions Review summarize some of the most significant ways AI has impacted cybersecurity jobs, hiring, skillsets, and more.

Regardless of your job title or industry, artificial intelligence (AI) has likely impacted your company’s internal and external processes. This can be especially true for cybersecurity professionals, as AI has changed how threat actors plan and execute attacks and introduced new ways to combat potential and active threats. What is less clear is the specific impact AI has had on cybersecurity and whether these professionals have cause for concern.

As AI is integrated into cybersecurity operations at unprecedented levels, the form and function of a company’s cyber team will continue to undergo rapid changes. To keep track of those changes, the Solutions Review editors have outlined some of the primary ways AI has changed cybersecurity, what professionals can do to remain agile during those evolutions, and what the future may hold for them and the technologies they use.

Note: These insights were informed through web research using advanced scraping techniques and generative AI tools. Solutions Review editors use a unique multi-prompt approach to extract targeted knowledge and optimize content for relevance and utility.

How Has AI Changed the Cybersecurity Workforce?

In just a few years, the impact of AI on cybersecurity has dramatically restructured the industry’s roles, responsibilities, and required skill sets. This transformation has been freeing for many, as AI technologies have streamlined user workloads and empowered teams to focus on more specialized, high-value tasks and projects. For comparison’s sake, consider how the global market for AI in cybersecurity is estimated to reach a market value of USD 133.8 billion by 2030, compared to its reported USD 14.9 billion in 2021. These technologies are exploding, and they’re not going anywhere.

However, it’s not uncommon for cybersecurity professionals to feel uneasy about the rapid adoption of these technologies, as they have already proven capable of rendering some tasks and roles nearly obsolete. Here are some of the job roles and processes that have been impacted the most by AI:

AI-Powered Automation and Analysis

AI is reshaping how cybersecurity analysis happens by expanding its scope and compressing its cognitive overhead. Traditionally, analysis involved hours of log inspection, correlation of alerts, and cross-referencing of threat intel feeds. However, with AI, especially those using machine learning (ML) and natural language processing (NLP), companies can automate those time-consuming processes to reduce alert fatigue and allow analysts to focus on the highest-risk threats.

For example, consider how leading cybersecurity platforms like Microsoft Defender XDR or IBM QRadar use ML models to correlate log entries and contextualize hundreds of alerts into real-time attack narratives. These streamlined analyses can dramatically reduce workloads by streamlining the process of identifying probable causes, unlocking cross-functional insights, and deploying that data to defend against future threats.

AI might be evolving what “analysis” looks like in cybersecurity, but it’s not ready to fully replace the necessity of human intervention. With AI handling the workload of detecting and aggregating information, human analysts will commit their time and expertise to interpretation, intent modeling, and escalation decision-making.

Threat Hunting and Adversarial Behavior Modeling

For years, traditional threat hunting has been hypothesis-driven: an analyst suspects that a particular tactic—e.g., credential stuffing or lateral movement—is occurring and searches logs or telemetry for artifacts that confirm or debunk that suspicion. However, this process is often narrow and human-biased, which is where AI can help. With its unsupervised learning and clustering capabilities, AI can identify and track patterns without preconceptions.

AI has essentially made “continuous hunting” possible. Some of the leading cybersecurity tools already use AI and behavioral models to proactively surface deviations, such as beaconing new domains or unusual SMB shares accessed at odd hours. Since AI can run 24/7, threat hunts no longer have to be ad hoc. It also adds a new data engineering dimension to threat hunting, as cybersecurity professionals are now encouraged (if not outright expected) to have AI-specific skills around curating telemetry, labeling behavior, and tuning features.

There’s no denying that AI is a double-edged sword for cybersecurity—cyber-criminals launched 36,000 malicious scans per second in 2024, according to Fortinet, and there’s been a 1,200 percent surge in phishing attacks since the rise of GenAI in late 2022. However, if companies want to keep up with the volume of attacks, they need the support that AI-boosted cybersecurity tools provide.

The Emergence of AI-Centric Cybersecurity Roles

The rise of AI in cybersecurity has not only affected existing workflows—it has spawned entirely new job categories, restructuring the profession around data-centric and model-centric competencies. These AI-centric cybersecurity roles represent a convergence of disciplines: traditional security, data science, ML operations (MLOps), and even behavioral psychology. Other roles like “blue team analysts” or “SOC engineers” are supplemented or outright replaced by titles like AI Threat Analyst, ML Security Engineer, and Adversarial ML Red Teamer.

It’s also possible that the future of cybersecurity jobs will start to resemble AI safety roles more than traditional InfoSec. This would involve an increased focus on validating agent boundaries, applying RLHF to constrain behavior, and building sandboxed testbeds for threat simulations. While there’s potential in that future, active and aspiring professionals should be wary, as that trend could result in a skills bar that leaves traditional network defenders behind unless they retrain aggressively.

The meta-trend here is becoming clear: Cybersecurity is evolving into a data science problem, and the workforce is shifting accordingly. The people who can reason statistically, build or probe AI systems, and think adversarially will define the next generation of cybersecurity leadership. Conventional roles will likely persist but may increasingly resemble operational support for AI-first tooling. Regardless, like LinkedIn’s Skills on the Rise report says, AI literacy will continue to be the skill that “professionals are prioritizing and companies are increasingly hiring for.”

Upskilling for the Future

AI isn’t a new technology, but it’s hitting the cybersecurity job market fast and hard. According to Cybersecurity Ventures, there will be 3.5 million unfilled jobs in the cybersecurity industry through 2025, a 350 percent growth from the one million open positions reported in 2013. If professionals want to keep their jobs—or future-proof themselves from potential displacement—they must equip themselves with AI-centric skills as soon as possible.

To reinforce that urgency, look at IBM’s Cost of a Data Breach Report, which shows that half of the organizations encountering security breaches also face high security staffing shortages. Even with 1 in 5 organizations using some form of generative AI, that skills gap remains a real challenge. Companies across industries need professionals fluent in adversarial and algorithmic logic, as that expertise will empower them to stay relevant regardless of the future. Mike Arrowsmith, the Chief Trust Officer at NinjaOne, puts it like this: “The best way to rein in AI risks is with more employee training. People have to know what to look out for, especially as AI technology evolves.”

One area professionals can focus on is soft skills. A recent study by Skiilify demonstrated that 94 percent of tech leaders believe soft skills—like curiosity, resilience, tolerance of ambiguity, perspective-taking, relationship-building, and humility—are more critical than ever. Soft skills can also help cybersecurity professionals understand how models can fail, how attackers exploit statistical assumptions, and how to wrap AI systems in resilient human oversight.

With Gartner predicting that, by 2028, “the adoption of GenAI will collapse the skills gap, removing the need for specialized education from 50 percent of entry-level cybersecurity positions,” it’s more crucial than ever for cybersecurity professionals to find and refine the skills that make them unique.

Will AI Replace Cybersecurity Professionals?

“AI won’t replace cybersecurity professionals, but it will transform the profession,” says Chris Dimitriadis, the Chief Global Strategy Officer at ISACA. The cybersecurity marketplace is already changing in response to AI tools and threats, but the transformation is far from finished. Even if the profession itself doesn’t go away, there’s a chance that current cybersecurity practitioners will be left behind as their job evolves into something they’re no longer equipped for.

In the longer term, AI will likely reshape cybersecurity professionals into decision supervisors. Their responsibilities will be less focused on making decisions and instead emphasize overseeing, calibrating, and intervening in AI-driven decision-making as necessary. It’s a subtler shift, but if the current workforce doesn’t upskill themselves in preparation, they may find that their expertise isn’t quite as valuable as it used to.

According to Sam Hector, Senior Strategy Leader at IBM Security, AI will “fundamentally shift the skills we require. Humans will focus more on strategy, analytics, and program improvements. This will necessitate continuous skills development of existing staff to pivot their roles around the evolving capabilities of AI.” The future of cybersecurity will be charted by practitioners who expand their perspective, prioritize their professional growth, engage with their peers, and collectively learn how to improve their AI-centric skills and literacy.

Want more insights like this? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!

The post What Will the AI Impact on Cybersecurity Jobs Look Like in 2025? appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

Krishna Sai, Chief Technology Officer at SolarWinds, walks us through some best practices for building resilient systems in an unpredictable world. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Today’s uncertain economic climate may compel your organization to look for cost-cutting measures, and that isn’t necessarily a bad thing. When done strategically, and not just to slash budgets for the short term, eliminating inefficiencies and optimizing processes can strengthen the business. Due to the unpredictable nature of today’s IT environments, comprehensive observability, a vital IT function to enhance efficiencies, can be difficult. However, with the right approach, tools, and perspective, IT leaders can achieve resilience in their IT environments and prepare for today’s unpredictability.

The Unpredictable IT Landscape

By definition, a proper observability framework allows an organization to maintain constant monitoring over its entire IT infrastructure. Understanding the various relationships in that infrastructure will determine if it is operating correctly. Unfortunately, multiple factors contribute to the unpredictability in today’s IT landscape, making observability much more difficult.

The scale and nature of IT environments have changed drastically in the last few years. Data from Goldman Sachs predicts cloud computing sales are expected to reach US$2 trillion by the end of 2030, suggesting IT environments will reach unprecedented sizes by the end of the decade. Despite this larger investment in cloud resources, today’s companies are not leaning solely on the cloud. Many enterprises are looking to strike a balance between cloud and on-premises.

As a result, IT leaders are responsible for managing complex, hybrid IT environments. In fact, according to data from a recent public sector SolarWinds AI and Observability report, three-quarters of respondents indicated hybrid environments were difficult to manage, with data protection and data privacy appearing as top concerns. IT managers said their issues with complexity spring from the need to secure and integrate multiple infrastructures.

A number of cybersecurity factors also contribute to unpredictability. More than half of respondents (58 percent) said cybersecurity mistakes from untrained insiders or people authorized to be in their networks contributed to the most significant security threats.

Simultaneously, 59 percent said the “general hacking communities” also contributed. It’s important to note that hacking has become much more sophisticated than in recent years. For example, AI has made hacking more ubiquitous, allowing trained and untrained hackers to amplify and improve their attacks on IT environments. The best way to handle unforeseen circumstances is for our internal observability functions to operate like the human brain.

An Intelligent Observability Function

If we think about it, the human brain is the most powerful observability system. It can analyze and assess constant noise in and around the body. It can also subconsciously suppress activity that doesn’t need immediate attention while allowing us to consciously trigger a response to the issues that need immediate attention.

What IT leaders need is an observability function that operates in the same way. However, the usual architecture of most observability frameworks makes this “human brain” approach difficult.

Many enterprises have hybrid IT architectures that leverage different observability tools for their on-premises and cloud environments. Further, detection (the subconscious recognition of activity) and remediation (the conscious triggering of a fix) are often two separate solutions in the environment. This creates gaps between when a problem begins and when you can solve it.

The problem for IT leaders is that, in many cases, it doesn’t matter how many separate solutions you have—you are often responsible for both detection and remediation in all of them. In a world of IT unpredictability, there is little time for gaps in how quickly your systems find something wrong and address it. Any delay in remediation will only increase the time and difficulty of fixing the problem.

Comprehensive observability solutions limit this mean time to remediate (MTTR). They are integrated into your on-premises data center, cloud solutions, and the remediation services necessary to solve IT issues. This removes silos and enables precision in incident detection. This solution also knows the severity of any unusual activity—is there a ransomware attack happening, or did Joe from accounting try to access a work document with his email again?

For today’s IT leaders, resilience in a world of unpredictability is measured by your team’s ability to recognize something you saw coming, figure out why it’s happening, and address it quickly. The right observability solution is the backbone of this resilience.

Prepared for Anything

As AI automates more of our systems, enterprises will continue to figure out the right balance between the cloud and on-premises, with increasing unpredictability. Hackers and foreign threats will continue to threaten your IT environment even as you figure out how to optimize your IT assets. This is why observability and resilience are so critical even during a push to maximize resources. It’s not just about protecting what you already have. The right observability tools and best practices will allow you to preserve your current environment while you work to improve your business for the future.

The post Building Resilient Systems in a World Without Predictability appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

The editors at Solutions Review are exploring the emerging AI application layer with this authoritative list of the best AI agents for cybersecurity use cases that teams should consider integrating into their business security efforts.

The proliferation of generative AI has ushered in a new era of cybersecurity, and AI agents are heavily involved in that transformation. As threat actors continue to find new ways to disrupt businesses, AI has become an essential tool in every company’s lineup of defense systems. Whether autonomously monitoring network traffic, detecting anomalous patterns, or responding to potential threats in real-time, AI agents in cybersecurity can help your company adapt its defense strategies and remain agile as new threats present themselves.

In this up-to-date and authoritative guide, our editors will spotlight some of the top AI agents and agent platforms available today for cybersecurity teams to help you find the right tool for your specific needs. This resource is designed to help you:

• Understand what makes cybersecurity AI agents different from traditional automation tools
• Explore the capabilities and limitations of each available agent or agent platform in the marketplace
• Choose the best solution for your team based on use case, skill level, and scalability options

Note: This list of the best AI agents for cybersecurity was compiled through web research using advanced scraping techniques and generative AI tools. Solutions Review editors use a unique multi-prompt approach to employ targeted prompts to extract critical knowledge and optimize content for relevance and utility. Our editors also utilized Solutions Review’s weekly news distribution services to ensure the information is as close to real-time as possible. The list is organized in alphabetical order.

The Top AI Agents for Cybersecurity Teams

Arctic Wolf Agent

Description: Arctic Wolf’s Agent is a lightweight software designed to autonomously collect actionable intelligence from their IT environments, scan endpoints for vulnerabilities and misconfigurations, and even respond to emerging threats.

Arctic Wolf Agent is managed 24×7 by security operations experts from the Arctic Wolf Concierge Security Team (CST), which provides clients with additional support in their threat detection, assessment, and containment efforts. It’s designed to extend IT bandwidth by monitoring wireless networks, event logs, process tables, installed software, SSL certificates, and more.

Key Features:

• Identify and benchmark risk profiles against globally accepted configuration guidelines and security standards.
• Host-based vulnerability assessment will continuously monitor servers and workstations for vulnerabilities and misconfigurations.
• Only 10MB of memory utilization under normal operating standards.
• Block data exfiltration and propagation of threats by preventing servers and workstations from communicating.

Get Started: Arctic Wolf Agent can be installed transparently via the existing software deployment processes your IT department is working with. It uses universal installers (i.e., MSI and PKG), requires zero maintenance once implemented, carries no performance impact, and can be updated seamlessly through the Arctic Wolf Platform.

Darktrace

Description: Darktrace’s Cyber AI Analyst combines human expertise with the speed and scale of artificial intelligence. It’s designed to reduce the time spent investigating alerts by streamlining workflows so your security team can focus on urgent or higher-value tasks.

Unlike copilots or prompt-based AI agents built to interpret text, Darktrace’s Cyber AI Assistant can replicate the human investigative process by questioning data, testing hypotheses, and reaching conclusions based on the results, all without human intervention. The Analyst also runs continuously, so it can re-investigate existing alerts with emerging data in real-time to ensure thorough analyses.

Key Features:

• The Analyst can recommend the next-best actions unique to each incident.
• Set up repeatable, integrated investigative workflows that are custom to your organization.
• Autonomous responses stop malicious actions while giving defenders time to analyze and remediate.
• Simplify incident understanding with detailed insights and investigative processes.

Get Started: The Cyber AI Analyst is built to underpin the Darktrace ActiveAI Security Platform, which allows clients to trial the company’s platforms in unison across use cases and technologies.

Fortinet

Description: FortiClient, an agent for the Fortinet Security Fabric solution, provides businesses with protection, compliance, and secure access, all from a single, modular, lightweight client.

The agentic tool runs on an endpoint like a laptop or mobile device. It autonomously communicates with Fortinet Security Fabric to provide users with the information, visibility, and control they need to manage each device. This can minimize the need for manual intervention and promote faster threat remediations across environments.

Key Features:

• Secure endpoints with ML anti-malware and behavior-based anti-exploit.
• FortiClient enables remote workers to securely connect to a network using zero-trust principles.
• Control access to cloud-based applications, including visibility to shadow IT.
• Harden endpoint security with vulnerability scanning, automated patching, software inventory, and app firewall functionalities.

Get Started: FortiClient comes in several models with increasing degrees of protection and capabilities. It’s built to integrate with the key components of Fortinet Security Fabric and is centrally managed by the Endpoint Management Server (EMS). Clients can also enhance the tool’s value with Fortinet’s professional services offerings, which can help streamline upgrades, patches, deployment, and monitoring processes.

Purple AI by SentinelOne

Description: Purple AI is a cybersecurity analyst powered by agentic AI technologies that enable teams to use natural language prompts and context-based suggested queries to identify hidden risks, respond to threats faster, and conduct in-depth investigations.

SentinelOne designed Purple AI to scale autonomous protection across the enterprise and amplify a security team’s capabilities by streamlining and automating SecOps workflows. For example, Purple AI can generate incident summaries, self-documenting notebooks, and recommended queries.

Key Features:

• Purple AI is architected with the highest level of safeguards to protect against misuse and hallucinations.
• Synthesize threat intelligence and contextual insights in a conversational user experience.
• View and manage security data in one place with a unified console for native and third-party security data.
• Generate summaries that communicate the seriousness of an incident, key findings of the hunt, and recommended actions.

Get Started: SentinelOne’s agentic AI functionalities are available in the Complete, Commercial, and Enterprise models of the company’s Singularity solution. Each offering provides scalable features to help companies of all sizes and needs streamline and improve their cybersecurity efforts.

Alex by Twine

Description: Alex is Twine’s first digital employee. The AI agent is designed to join your team and handle the execution and orchestration of identity and access management processes.

Alex is capable of planning, approving, and automatically executing tasks. Potential use cases for Alex include onboarding users to a new application, assigning employees to orphaned accounts, optimizing a company’s existing identity governance and administration (IGA) platforms, and more.

Key Features:

• Autonomously repairs issues, removes roadblocks, and recovers whatever is needed to complete objectives.
• Handle and fix edge cases and exceptions with minimum human intervention.
• Connect and bond multiple HR systems, identity silos, and SaaS platforms within larger organizations.
• Identity applications that require multi-factor authentication (MFA) and migrate them into an MFA framework without disrupting your team’s workflow.

Get Started: Twine’s Digital Employees are designed to integrate easily with a company’s existing systems. The agents learn and adapt to each client’s unique requirements, environments, and applications. Twine’s engineers can even research and build specific integrations to suit special cases when needed.

Want the full list? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!

The post The Top AI Agents for Cybersecurity Teams appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

Jeremy Kirk, the Executive Editor for Cyber Threat Intelligence at Intel 471, explains how threat actors can leverage remote monitoring and management (RMM) software solutions. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Remote monitoring and management (RMM) applications, such as AnyDesk, Atera Agent, ScreenConnect, and TeamViewer, are powerful and useful tools for administrators who do not have on-site, physical access to machines. Organizations frequently rely on RMM software for essential information technology (IT) tasks, such as system updates, asset management, software deployment, endpoint troubleshooting, and maintenance scheduling.

Unsurprisingly, threat actors find these RMM tools useful as well and are increasingly leveraging them to gain access to networks, install malware, disable security features, and escalate privileges. Detecting malicious actions using RMM tools, unfortunately, is difficult because they are so widely used and deeply integrated into IT workflows. RMM is legitimate software, so these applications are unlikely to be flagged as malware. Abusing RMM tools offers a distinct advantage over remote access tools (RATs), which are custom-designed malware tools that need to employ other techniques, such as valid signing certificates, to avoid being flagged by security software.

RMM software abuse is not a new technique, but it registered at a persistent level throughout 2024, and we anticipate this trend to continue in 2025.

How RMM Tools Are Exploited

Threat actors frequently can gain access to RMM software by initially compromising RMM user credentials through social-engineering tactics or by exploiting vulnerabilities in outdated software. This allows attackers to use a preinstalled tool, thus potentially attracting less attention when misusing it. In some cases, attackers will take proactive steps to preserve their illicit access to an RMM tool. This can include creating additional accounts for RMM software in case it is discovered that account credentials have been compromised and are reset.

Attackers also may social-engineer victims into installing RMM software under misleading pretenses. This scheme has often manifested as a bogus request from an organization’s IT department to solve a problem. An employee who wants to take the right action may comply, installing the software and then allowing access to the attackers. Attackers can then use RMM software to map the network and identify valuable assets. They typically move laterally using credentials harvested from compromised systems to exfiltrate sensitive data, deploy ransomware, or launch further attacks against downstream clients.

To ensure long-term access or facilitate additional malicious activities, threat actors often install additional RATs to maintain persistent access. These tools can serve as backups for remote desktop sessions or establish reverse connections to adversary-controlled servers, leading to widespread operational disruptions, significant financial losses, and potential supply chain vulnerabilities.

Ransomware Group in Focus: Black Basta

The Black Basta ransomware group emerged in mid-April 2022 and evolved into the third most impactful ransomware group that year. Its members are experienced Russian-speaking ransomware and cyber-crime veterans, some of whom worked with the infamous Conti ransomware-as-a-service (RaaS) group. In February 2025, a leaker released about 197,000 messages from different Matrix chatrooms the Black Basta group used. The leak provided deep insight into the group’s tactics, techniques, and procedures (TTPs), including how it gained initial access to victims and networks using RMM software.

The group ran a sophisticated operation, researching organizations it thought might pay a ransom and compiling lists in Google Sheets of individual employees it planned to target. In one scenario, an employee would be targeted in a spam attack that would fill the person’s inbox. Then, someone from Black Basta would call the person and—reading from a pre-drafted script—impersonate an IT support member from the victim’s organization. The attacker would offer to install antispam software on the user’s machine, but in order to do that, the victim needed to install remote access software such as AnyDesk, Quick Assist, or TeamViewer.

After the victim installed the software, Black Basta would contact one of its malicious penetration testers, who would then try to install additional malware to enable persistent access. The pentester would provide a code the victim was supposed to enter on the computer, allowing the pentester to establish another foothold. The leaked chat messages did not reveal what malware was used to obtain persistent access.

However, one member claimed to run a batch (.bat) file that prompted the employee to enter credentials for the corporate virtual private network (VPN) portal. These credentials would then allow Black Basta’s actors to access the domain network, advancing the data exfiltration and ransomware attack by one more step.

Defensive Mitigations

To mitigate the escalating risks associated with RMM tools, a comprehensive defense strategy is critical. Detection efforts should include deploying endpoint detection and response (EDR) platforms, conducting network traffic analysis, and utilizing behavior-based intrusion detection systems (IDSs) that are tuned specifically to recognize RMM-related activities. It is also vital to enforce stringent application listing, which would prohibit users from installing RMM software as a result of falling prey to a social engineering campaign.

Only vetted, preapproved RMM software that has tight access controls should be used across the organization to minimize the attack surface. Lastly, security teams are advised to undertake threat-hunting exercises routinely to detect early signs of misuse, such as anomalous network connections or other suspicious activities that may suggest unauthorized access.

For example, AnyDesk is a common and widely utilized tool for remotely controlling machines. However, many actors have also adopted it to remotely access victim machines and deploy malware or ransomware payloads. Threat actors may install AnyDesk but put its executable in an uncommon directory, such as the ProgramData and System32 temporary directories, in an attempt to hide it.

Additionally, to appear more legitimate, some attackers may utilize installation paths that include legitimate-sounding names, such as “Microsoft Management” or “Customer Service.” These types of behaviors, drawn from threat intelligence based on real attacks, can be used in threat hunts that search security information and event management (SIEM) or other logging systems that may have recorded the malicious activity, allowing an organization to undertake incident response to remove the threat.

By integrating these measures—enhanced detection capabilities, strict access management, and proactive threat hunting—organizations can more effectively stay ahead of adversaries who seek to exploit RMM tools.

The post How Threat Actors Leverage Remote Monitoring and Management Software appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

JP Schmetz, the CEO of Ghostery, explains why the rise of agentic browsers might signify a “new frontier” in online privacy. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Agentic browsing is here, and it’s transforming the way we interact with the web. Unlike traditional browsers that act as a gateway to the web, agentic browsing is designed to actively perform tasks, make decisions, and adapt to the user’s needs in real-time. This shift introduces the promise of a hyper-personalized and efficient web experience, but it also comes with significant privacy risks that demand careful consideration.

The idea behind agentic browsers is to offload many of the mundane tasks involved in browsing the internet. Whether it’s automatically filling out forms, managing multiple tabs, or even curating content based on one’s preferences, these browsers are designed to think and act on behalf of the user. This level of automation and customization will dramatically enhance user experience, streamlining interactions and reducing the effort required to find relevant information.

However, because agentic browsers must process vast amounts of personal data instantly to function effectively, the integration of such intelligent systems raises serious concerns regarding user privacy. As these browsers automatically collect and analyze user activity to make decisions, much of this data is being shared with third parties, including advertisers and data brokers. This opens the door to potential misuse of sensitive information as the line between helpful personalization and invasive tracking becomes increasingly blurred.

Ideally, an agentic browser should run within the user’s own browser, including integrated tracker blockers, to ensure that data stays within the local environment and under the user’s control. If data needs to leave the browser, such as for interacting with an LLM, it should be done through a service that guarantees the user’s privacy, such as by opting for a premium LLM that prioritizes data security. Given that the majority of browser usage will remain focused on entertainment, shopping, or general content consumption, users must be protected during these activities to ensure their privacy is maintained while partaking in personal browsing of their choosing.

Your Options In The New Agentic Reality 

For businesses and users alike, ensuring privacy in this evolving landscape will require proactive steps:

• Users and developers must be more vigilant than ever before. We need to be educated about how these browsers function and how the data is being used. We must recognize that we have a choice in using any browser and be well-informed when making it.
• Businesses should strive to implement stronger safeguards against unauthorized data sharing while still allowing for the personalization and functionality that make agentic browsers attractive.
• Browsers, even agentic ones, should prioritize privacy by design—not just because it’s legally required but also because it’s what users expect.

The best all-around and free tools for blocking unknown data collection online are adblockers, and while an impressive 52 percent of Americans are now using an adblocker, that’s significantly less than tech experts—72 percent of experienced programmers and 76 percent of cybersecurity experts, use an adblocker. Even 66 percent of experienced advertisers are using an adblocker on their device. If they’re protecting themselves from the data-collection landscape they’ve designed, it should go without saying that you should, too.

For the web of the future to be truly beneficial, privacy cannot be an afterthought. It must be woven into the very fabric of new browsing technologies. Only by taking these challenges seriously will we be able to harness the potential of agentic browsers without compromising our privacy. The rise of agentic browsing is undeniable. But how we choose to address the accompanying privacy risks will define the future of the internet.

The post The Rise of Agentic Browsers – A New Frontier in Online Privacy appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

Aparna Achanta, a Principal Security Architect and independent cybersecurity expert, shares her insights into the role security and governance can (and should) play in Edge AI devices. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Industries relying on real-time data are under growing pressure to deliver speed and efficiency. Traditional cloud computation causes delay, thus making it unsuitable for real-time executing applications. Edge AI revolutionizes real-time analytics by shifting intelligence to edge devices. This eliminates the need for cloud lag times, delivering real-time intelligence where needed.

Consider how this innovation impacts industries like healthcare. In healthcare, patients are monitored by devices with artificial intelligence that continuously monitor vital signs. If an abnormality is found, the device immediately sends an alert, thus removing the delay in sending information to the cloud. This swift response can save lives.

Self-driving automobiles rely on similar real-time decision-making. The cars scan large amounts of sensor data within an instant and make quick decisions to move along the roadway safely to avoid accidents. In high-speed travel, there is not enough time to wait for feedback from a cloud server.

Factories are also being upgraded. With the use of Edge AI, manufacturing lines can detect defects and foresee machine failures in real-time. This system does not rely on servers, as it identifies issues in real-time to avoid the expense incurred during downtime and maintain the continuity of operations. This shift isn’t just about making things faster—it’s about making them more intelligent, efficient, and reliable. Edge AI isn’t the future. It’s already here, changing how industries operate and redefining what real-time means.

The Growing Need for Edge AI

According to a Gartner Report, over 75 percent of enterprise data will be processed outside traditional data centers by 2027. This highlights the need for edge-AI-driven insights since companies recognize that latency from cloud-based systems is increasingly unacceptable in high-speed environments.

The progression in edge deployment of AI models has gathered pace using lightweight neural networks that can directly run on Internet of Things hardware. This approach ensures low-power inference on embedded hardware and high accuracy. With on-device processing, companies can reduce bandwidth costs and improve security by lowering their exposure to cloud computing threats. Edge AI is not just a leap but a fundamental revolution in real-time analytics, hence changing how companies use IoT data to enable faster and better decision-making.

How Does this Affect the Security of IoT Devices

Edge AI is getting more popular, but with this popularity comes bigger safety worries. Instead of having everything in one place like cloud systems, Edge AI spreads data handling and storage far and wide. This difference brings new dangers, some even worse in some ways. Because these devices are everywhere, they can be easy targets for meddling hands and online threats. Many of them are used in places without much control or rules, which only adds to their risk of being attacked.

In simple terms, this means many devices could be physically messed with as they are exposed in locations where they can be stolen or tampered with. This can cause leaks of important information and make networks weak against cyber-attacks. There are also risks from harmful computer programs like malware and ransomware that hackers use to exploit the weaker security measures found in edge systems, leading to a ripple effect of compromising these connected devices.

Stronger Regulations and Governance Strengthen IoT Security

Strengthened regulations and governance frameworks for AI at the Edge are key factors in increasing IoT security. They ensure that data handling on-site adheres to tough compliance standards. Plus, these governance measures can confirm that all AI models set up on edge devices meet audit requirements, aren’t skewed or biased towards any one side, and tie in with ethical notions of artificial intelligence, stopping misuse and avoiding weak points when making decisions.

Adhering to regulations also doubles down on responsibility management while moderating risks tied to rolling out new features in Edge AI. Specific guidelines tailored to every sector help corporations determine the best ways of securing their edge networks and ensure privacy risk management strategies to alleviate risks associated with decentralized information processing techniques. Governance and compliance frameworks call for greater control over who has access to protect against unauthorized access.

The Critical Need for Edge AI

It is a well-known fact that in real-time systems, a slight lag can have serious repercussions. Although cloud analytics can be useful for data storage and processing over a long span of time, in operational environments, the need for timely responses makes server response time a luxury. Thus, Edge AI is seen as a better option for real-time decision-making. An autonomous car, for example, does not have the luxury of sending sensor data to the cloud and then waiting for instructions. It has to process traffic, objects in front, and traffic signals in real-time to navigate and avoid collisions. Local AI processing ensures all decisions—whether to accelerate, brake, or turn lanes—are made in real-time.

Healthcare is another field in which AI can be a lifeline in real-time. Wearable sensors continuously monitor vital signs like heart rate and blood saturation. Unlike sending information to a cloud for processing, such devices can detect real-time anomalies and alert healthcare workers immediately when they occur. This timely response can significantly assist in avoiding serious health complications.

The post Security and Governance of Edge AI Devices appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

Heather Broughton, the AVP of Service Provider Product Marketing at NETSCOUT, outlines the three significant factors currently holding back private 5G. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Just two years ago, a study found that 90 percent of CIOs believed private 5G would become the new network standard, and 51 percent of companies planned to deploy a private 5G network by the end of 2024. When considering the numerous benefits that a private 5G network offers—including flexibility, freedom from the limitations of wired, hardware-based networks, and increased speed, to name a few—it’s hard not to get excited about this technology’s potential. So, with that moment now months away, are we really that close to private 5G taking the world by storm?  

More recent estimates predict combined spending on private 4G/5G networks will increase from about $2 billion annually to $7 billion by 2028, or by about 36 percent growth per year on average, with 18,000 private 4G/5G networks expected by 2028. Many analysts are still optimistic about the growth potential of private next-generation networks, but adoption has been slower to catch on than once expected. Why?

Many organizations exploring practical implementations of private 5G face significant obstacles that can delay or diminish the technology’s potential and are reconsidering their position. Among these obstacles are the need to secure limited radio spectrum rights, the need for talent to set up and maintain the networks, and very real discussions among key stakeholders that 5G might offer more cost-effective service than private 4G LTE networks. Addressing and overcoming these obstacles will determine the path forward for private 5G as we look forward to 2025.  

Securing Limited Spectrum Rights. 

5G radio spectrum is a limited resource, with prices varying based on spectrum type (e.g., mid-band vs. low-band). Operators in the U.S. tend to pay a premium globally for rights, and to recoup these costs, some are willing to allow private enterprises to use a portion of their spectrum. Alternatively, enterprises can purchase a government license for their spectrum or use the Citizens Broadband Radio Service (CBRS), a lightly licensed option suitable for private 5G networks and available to CSPs and enterprise organizations alike. 

However, particularly for the largest enterprises with the most requirements for private 5G deployments, such as manufacturers or utilities, compliance with related regulations can slow or prevent deployments. For instance, obtaining a license for a specific spectrum range can be time-consuming and complex. Once the necessary spectrum rights have been obtained, setting up the network equipment without causing interference or other technical challenges is a significant hurdle that potential private operators must navigate amid a shortage of skilled network engineers. 

Identify and Attract Talent to Build and Maintain the Networks. 

Compared with past generations, 5G networks are much more complex to build and maintain. They tend to require a denser network of cells, more complex mapping of coverage areas, and greater network orchestration, among other increasingly technical factors. Even though the 5G market has begun to mature, the telecom industry continues to face a significant skills gap—particularly for employees skilled in construction and cybersecurity.  

As a result, finding and retaining skilled employees who possess these skills is a challenging proposition. Many organizations interested in building private 5G networks will want to look to an outside firm, such as a systems integrator, a preferred service provider, or even a non-traditional cloud provider, to set up and potentially manage their Network as a Service. Outsourcing such skilled labor may be cheaper and more cost-effective in the long run, and given their experience, an outside firm may better understand the latest technologies to help automate network performance and prevent service disruptions.  

Understand the Differences Between 5G Network Slices, Private 5G, and 4G LTE Networks

Before deploying a private 5G network, enterprises must ensure their intended application, timeline, and budget match up. While private 5G may offer superior technology and performance, the complexity involved in setup and maintenance can easily overwhelm traditional IT and networking teams, which need more specialized operational know-how and skills to fully realize the benefits of private 5G.  

For these reasons, it is only natural to consider whether a private 5G network truly makes sense or if a 5G network slice from a carrier or a private 4G LTE network can get the job done instead. If connected devices and related applications do not require ultra-low latency or bandwidth to achieve the organization’s goal, then other types of connectivity like private 4G LTE or even traditional WIFI 6 might be a better choice.  

Alternatively, carriers have come a long way to offer dedicated next-generation slices of their 5G networks, which provide many of the same benefits as private 5G networks. With customized service level agreements (SLAs), enterprises can even achieve many of the unique network performance characteristics sought with private 5G service, including ultra-low latency for sensitive applications. Enterprises may find this is a more cost-effective approach than investing in the expensive infrastructure, permitting, and maintenance involved with building private 5G networks—though they will want to invest in monitoring to ensure they get what they pay and their real-world performance matches SLAs.  

Finally, for the most discriminating enterprises, where privacy and security need to be maximized, private 5G is a huge step up from previous generations of connectivity. Thanks to its higher 256-bit encryption and superior access controls, private 5G may make the most sense in military, industrial, or healthcare applications. Private 5G adoption may not have reached the heights previously projected, and rollouts may have been slower than anticipated. However, by carefully assessing the intended applications and use cases involved, organizations can make smart decisions about their next-generation connectivity investments.

The post Three Factors Holding Back Private 5G appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.

Shaktiman Kumar Mall, Principal Product Manager at Aviatrix, explains some of the advantages and disadvantages of using cloud networking to support your AI applications. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

The rapid growth and transformation of Artificial Intelligence (AI) has reshaped the way businesses approach data processing and storage. As AI systems evolve to handle more complex tasks and larger datasets, traditional methods of computation and storage have become increasingly inadequate and/or costly for most enterprises. In the past, many AI platforms relied on a single, unified infrastructure where data storage and computation occurred. While this configuration was fine for small-scale AI projects, it proved to be an often expensive bottleneck as the scale and complexity of modern AI projects surged. As a result, new solutions were needed to meet the rising demands of AI-driven enterprises. 

The architecture of data and AI platforms needed to change so that computation and storage were separate. Thus, companies decided to shift AI applications to the cloud to reap the infrastructure advantages such as improved efficiency, flexibility and scalability. Despite the benefits the cloud offers AI applications and tools, enterprises will encounter several integration challenges. 

The Challenges of Integrating AI with Existing Cloud Infrastructure 

Integrating AI tools into existing cloud infrastructure is not easy, and there are multiple factors businesses will need to consider, with one challenge often leading to another. Consider data; data enriches AI, but when data is spread across different places within an organization, it can be difficult to harness it effectively. Adequate data storage must exist so that AI applications can readily draw from static data and their own database of information. Nevertheless, data storage isn’t cheap, nor will it provide quality AI integration. 

Another notable challenge is dynamically scaling network bandwidth. When many employees use the same AI application, the network must scale to accommodate demand. If the bandwidth can’t scale, the network will become slow and possibly unusable. AI operations can also be CPU-intensive, further complicating scaling initiatives. 

Likewise, there is the issue of security. Enterprises must ensure the cloud infrastructure complies with the necessary standards and requirements relevant to their AI applications. Lastly, organizations may have employees resistant to change. Without the proper training and awareness, these employees won’t leverage AI solutions, regardless of how advanced (or expensive) they are. 

How Multi-cloud Networking Can Help Accommodate AI Applications 

Recognizing the challenges of integrating AI applications, many enterprises turned to the cloud to better support their growing AI needs. Some opted for a single cloud provider, while others embraced a multi-cloud strategy, using services from multiple cloud service providers (CSPs). Even though this approach introduces complexity, it offers flexibility by allowing organizations to tap into a range of specialized services from different CSPs. Others still opt for hybrid environments, keeping some of their data on-premises while moving others to the cloud, where it becomes challenging to have both high throughput and secure data transmission.  

That said, many cloud environments were developed in silos, which has led to technical challenges. Managing these environments requires specialized expertise and resources to ensure smooth integration across different platforms. While cost-efficiency is an important factor, businesses are also seeking the aforementioned agility and operational flexibility. When carefully implemented, multi-cloud strategies can help avoid vendor lock-in and offer companies greater control over their AI solutions. By spreading workloads across CSPs, organizations reduce the risk of dependency on a single provider and gain leverage in negotiations. This must be balanced with the need for seamless operations and reliability. Matching specific AI workloads to the most appropriate infrastructure can enhance performance and cost management. 

Achieving Greater Visibility and Control  

While cloud strategies offer numerous advantages for AI deployments, they also introduce significant complexity. One key challenge is managing the intricate networks that span different cloud environments. Although cloud infrastructure provides greater flexibility and scalability, it often comes at the cost of visibility and control. 

Fragmented control mechanisms refer to the difficulty of managing different cloud environments simultaneously. Each cloud provider has its own set of tools, interfaces, and protocols, which makes it challenging for IT teams to monitor and control AI applications across multiple platforms. Without a cohesive management approach, optimizing the performance of AI applications and maintaining operational efficiency becomes an uphill task. 

In a traditional on-premise setup, IT teams can monitor and manage their networks directly. However, this visibility is often reduced in the cloud—especially when using multiple providers. This fragmentation means that organizations may struggle to gain a clear, unified view of their network performance, making it difficult to detect real-time issues like latency or misconfigurations. 

To address this, enterprises can benefit from deploying a topology platform in their cloud architecture. In cloud computing, a topology platform is a tool that provides a unified control plane, giving IT teams a centralized view of their entire cloud network. This platform maps out the connections and data flow between various cloud services, offering real-time insights into network performance, such as latency and throughput, so businesses can quickly identify and troubleshoot issues like network bottlenecks, configuration errors, or connectivity problems. For example, suppose there’s a latency issue affecting an AI application. In that case, IT teams can immediately pinpoint the source, whether a specific cloud resource or a network misconfiguration, enabling faster resolution and minimizing downtime. 

Security Considerations 

Ensuring data security and compliance across multiple cloud providers when integrating AI tools can be tricky. Consider AWS and its AI engine, Amazon Bedrock, which have different security requirements from Azure and Microsoft Copilot. Thankfully, a topology mapping platform can rectify this conundrum by allowing users to create an orchestration layer and automatically align security and network requirements to the CSP, irrespective of application programming interfaces or underlying architecture. Such a platform can also provide security visualization components for real-time troubleshooting of AI applications while enhancing security and vulnerability protection. 

In addition to a topology platform, businesses should consider implementing a distributed cloud firewall (DCF). Note that AI engines are inside a public subnet, meaning they can access the internet, exposing them to cyber-attacks. A DCF can sit on a public and private subnet to enable greater security for these AI engines. Moreover, a quality DCF will add centralized policy management and distributed enforcement points across different regions and CSPs, between data centers and CSPs, and even between a random site and the cloud. 

The Intersection of AI, Cloud, and Security 

The shift toward multi-cloud and the larger intersection between AI, cloud, and security will bring incredible cost and efficiency benefits. Although integrating these complex technologies poses various challenges, having the right solutions, such as a topology mapping platform and DCF, will empower enterprises to become more agile, automated, and resilient.

The post Using Cloud Networking to Support AI Applications: Advantages and Considerations appeared first on Best Network Monitoring Vendors, Software, Tools and Performance Solutions.