Events

Views Navigation

Event Views Navigation

Today

    • AI-generated Phishing Looks Nothing Like the Phishing You Trained Your Users to Spot

    Security awareness training taught users to look for misspelled words, awkward grammar, and suspicious sender addresses. AI has eliminated all three. AI-generated phishing emails are grammatically polished, contextually relevant, and increasingly personalized using data scraped from social media, corporate websites, and previous breaches. The World Economic Forum's 2025 Global Cybersecurity Outlook found that 42% of organizations reported a sharp increase in social engineering and phishing attacks, and AI is the primary driver. The phishing playbook that employees were trained to recognize no longer matches what is arriving in their inboxes.

    This shift has implications beyond awareness training. Secure email gateways that rely on known signatures and reputation scoring struggle with AI-generated content that is unique to each target. Business email compromise attacks use socially engineered text rather than malicious attachments, bypassing controls designed for payload-based threats. Addressing this requires coordination across email security, behavioral analysis, identity signals, and AI-driven detection platforms to build layered defenses that catch threats traditional tools miss, combined with updated training programs that reflect what modern phishing actually looks like.

    Topics include:

    • How AI-generated phishing bypasses traditional email security and awareness defenses
    • Layering behavioral analysis and identity-based signals with AI-powered detection
    • Updating security awareness programs to reflect current social engineering techniques

    Explore how organizations are adapting their email security strategies for phishing attacks that no longer look like phishing.

    Topics:
    , , , , , ,

    From 570,000 Alerts to 202 That Matter: Risk-based AppSec Prioritization in Practice

    Benchmark data across 178 organizations found an average of 570,000 AppSec alerts per organization. Of those, 202 represented true critical issues that required action. That means 95-98% of findings generated by AppSec scanners are noise: redundant, irrelevant, or low-risk items that consume engineering time without reducing actual exposure. Security teams assign developers thousands of findings to fix. Developers lose trust in the process. The findings that actually matter get buried alongside the ones that do not.

    The cost of this noise is not just wasted time. It is the erosion of the relationship between security and engineering. When developers are handed a list of 3,000 findings and told everything is critical, they stop treating anything as critical. Addressing this requires coordination across ASPM, SAST, DAST, SCA, runtime protection, and vulnerability management platforms to correlate findings with exploit intelligence, runtime context, reachability analysis, and business impact. A missing authorization check on an internal-only endpoint is a different risk than the same flaw on an internet-facing API handling payment data. Tools that can make that distinction let security teams send developers a short, high-confidence list instead of a spreadsheet full of theoretical risk.

    Topics include:

    • Reducing AppSec alert noise through risk-based prioritization and reachability analysis
    • Correlating code-level findings with runtime context and exploit intelligence for accurate risk scoring
    • Rebuilding developer trust by sending fewer, higher-confidence findings that warrant action

    Learn how AppSec teams are cutting through the noise to focus remediation on the 2-5% of findings that represent genuine risk.

    Topics:
    , , , , ,

    The Assets You Don't Know About Are the Ones Getting Breached. Solving the Visibility-first Problem.

    Most organizations cannot produce a complete, accurate inventory of their external-facing assets. Shadow IT, forgotten cloud instances, unmonitored APIs, development environments left exposed, and acquired company infrastructure that was never integrated into security tooling all create blind spots. Attackers do not need to find a zero-day when a staging server with default credentials is sitting on a public IP. The assets that security teams do not know about are, by definition, the ones that are not being monitored, patched, or protected.

    Attack surface management starts with a premise that most vulnerability management programs skip: you cannot secure what you have not discovered. Addressing this requires coordination across ASM, CTEM, vulnerability management, penetration testing, and cloud security platforms to build a continuous view of the external attack surface as an attacker sees it, not as the asset inventory says it should look. The gap between those two views is where breaches happen. Organizations that have adopted this approach report finding assets they did not know existed, exposures that had persisted for months, and risk concentrations in areas their existing tools were not scanning.

    Topics include:

    • Continuously discovering and attributing external-facing assets beyond the known inventory
    • Identifying shadow IT, orphaned cloud resources, and unmonitored development environments
    • Prioritizing discovered exposures based on exploitability, business context, and attacker perspective

    Discover how organizations are closing the gap between what they think their attack surface looks like and what it actually is.

    Topics:
    , , , , ,

    Nation-state Tactics in Criminal Hands: What the Blurring of Threat Actor Lines Means for Your Defenses

    The line separating nation-state operations from criminal activity is collapsing. Criminal groups are adopting techniques that were once the exclusive domain of state-sponsored actors: supply chain compromise, living-off-the-land intrusions, pre-positioning inside critical infrastructure, and coordinated campaigns timed to geopolitical events. At the same time, nation-states are outsourcing operations to criminal proxies, creating a blended threat landscape where attribution is harder and the sophistication floor keeps rising. What once required a government-backed team and years of development is now available as a service on dark web forums.

    For defenders, this convergence changes the calculus. Threat models built around the assumption that criminal actors use commodity tools and state actors use custom capabilities no longer hold. Addressing this requires coordination across threat intelligence, detection and response platforms, and security analytics capabilities to build defenses that account for sophisticated adversaries regardless of attribution. That means threat intelligence that tracks actor behavior rather than just indicators of compromise, detection strategies calibrated for advanced tradecraft at any scale, and incident response plans that prepare for the possibility that a ransomware attack is the visible layer of a deeper intrusion.

    Topics include:

    • How the convergence of criminal and nation-state tactics is reshaping the threat landscape
    • Moving threat intelligence from indicator-based feeds to behavior-based analysis
    • Building detection and response capabilities calibrated for sophisticated adversaries at any scale

    Explore what the blurring of threat actor lines means for your security strategy and how to defend against adversaries who no longer fit neatly into categories.

    Topics:
    , , , , , , , , ,