Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Walking the floor at Infosecurity Europe this week, it was impossible to avoid the subject of AI. Every conversation seemed to touch on it in some way. Vendors were demonstrating AI-powered detection capabilities, security teams were discussing governance frameworks, and practitioners were debating how best to secure the models, agents and data pipelines that are rapidly becoming part of everyday enterprise operations.

You know your servers need hardening. Getting leadership to prioritise, fund, and support the effort is the harder challenge. Here’s our experts’ best advice for how to talk to the C-suite and board about the need for automated server hardening. You already know the servers are drifting. Configurations change. Exceptions pile up. Standards slip over time. The hard part is not identifying the problem.

Before the AI spectacle of RSA arrives, let’s talk about what actually keeps regulated organizations secure RSA is only weeks away. And if you’ve been paying any attention to the pre-conference buzz, or if you work in technology generally, you already know what it’s going to feel like walking that floor: artificial intelligence, everywhere, in everything. AI-powered detection. Autonomous response. Agentic security copilots in everything from threat monitoring to your morning coffee.

Your systems are fully patched. Your vulnerability scanner comes back clean. But are they actually secure?

A multinational financial institution walks into its annual PCI DSS review confident it has “checked the boxes.” Firewalls are segmented, logs are retained, access controls are documented, and the audit report is clean. Months later, the same organization is reprimanded by the UK Information Commissioner’s Office (ICO). The controls were properly implemented.

Big changes to HIPAA are coming in February 2026 including new rules on how sensitive health data is handled, and updates to the required patient privacy notices. IT teams will play a key role in making sure those protections are actually enforced.

If your organization does business with the U.S. Department of Defense, or plans to, you need to know about a major change that just went into force. CMMC, or Cybersecurity Maturity Model Certification, is the Department of Defense’s standard for ensuring contractors meet basic cybersecurity requirements. It was designed to protect sensitive government data across the entire defense supply chain. As of November 2025, CMMC is no longer optional.

Interactive logon refers to users authenticating directly to a Windows system through its interface, such as a GUI or command line. Because these logons grant immediate access to a live session, misconfigured interactive logon policies can expose systems to credential theft and unauthorized access. This guide explains which interactive logon settings matter, where risks commonly appear, and how to harden them effectively.

Creating a safe and secure environment is a top priority for all types of organizations. To accomplish this goal, it is essential to adhere to group policy best practices, particularly in the realm of GPO security. By configuring fundamental Group Policy Settings correctly, organizations can significantly enhance their security posture. When Group Policies are utilized effectively, they play a crucial role in safeguarding users’ computers from various threats and potential breaches.

Continuous Threat Exposure Management (CTEM) is a proactive cybersecurity framework that continuously reduces your attack surface in response to emerging threats.