Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Analyst reports tell you what vendors do. Peer reviews tell you whether it actually works. The Gartner Peer Insights Voice of the Customer for SIEM is built on verified reviews from real security and IT practitioners who bought, deployed, and operated the platforms they rated. No vendor involvement in the scoring. No pay-to-play placement. Just practitioners saying what worked and what did not. Graylog was included in the 2026 edition of that report. Here’s what our users said.

When we introduced the next generation of Firebox appliances last year, the goal was to simplify security while keeping pace with increasingly distributed environments. By combining performance, integrated security services, and cloud capabilities, we created a unified approach that helped organizations and MSPs protect networks without added complexity. But as customers continue to grow, so do their demands. Modernization is no longer enough; the real challenge is scaling effectively.

CrowdStrike is introducing AI Discovery and Governance for CrowdStrike Falcon for IT, a new capability that helps organizations identify, assess, and govern AI technologies across enterprise environments. Enterprise IT infrastructure is the control plane for modern organizations. It determines how systems communicate, how identities authenticate, and how workloads execute across endpoints, servers, and clouds. This foundation supports the rapid implementation of AI across businesses.

This report examines the disaster recovery (DR) readiness across the Acronis Cyber Protect Cloud platform, managing thousands of DR deployments across dozens of data centers worldwide. The analysis focuses on Q1 2026 (January – March) and reveals a clear gap between having DR configured and being truly ready for a disaster.

Automated vulnerability remediation uses policy-driven workflows to execute approved remediation actions, including patch deployment, software updates, and configuration changes, consistently across managed assets. Within a broader vulnerability management program, it helps teams close the gap between identifying an exposure and safely resolving it at scale.

Security teams are being asked to operate at machine speed while still making decisions they can trust. Attackers move faster. Exposure changes continuously. Manual workflows struggle to keep up. Following the recent announcement of the Aurora Superintelligence Platform and Aurora Agentic SOC, Arctic Wolf continues to advance its portfolio with new capabilities that help teams see risk clearly, prioritize what matters, and act with confidence.

On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions. Each tarball ships a 4.1 MB obfuscated JavaScript file added to package.json as a preinstall hook. The hook runs a multi-stage loader that ends in a Bun-executed credential stealer hitting AWS, Azure, GCP, HashiCorp Vault, Kubernetes, GitHub Actions OIDC, npm, Bitwarden, and 1Password.

Every AI-SPM tool runs posture and detection with a single arrow: runtime evidence flowing back to rank posture findings. The load-bearing direction runs the opposite way, and almost nothing runs it — posture flowing forward to tell the detection layer what an attack even looks like.

The first time a security team needs an AI agent audit trail is usually 72 hours after the agent has already done something it shouldn’t have. Detection fires. Someone pulls every relevant log from the SIEM (Kubernetes audit, container runtime, cloud audit) and three hours in realizes the events that actually matter were never written. Which prompt triggered the tool call. Which parameters the agent passed. Which output left the cluster.

Most teams buy detection on a single number. The datasheet says “millisecond detection,” the proof-of-concept fires the instant a test payload lands, and the box gets checked. Then a real AI agent incident runs in production, and the postmortem shows the attack completed its objective well before anyone contained it, even though the alert, technically, fired in milliseconds. The number was real. It just measured the wrong thing.