San Mateo, CA, USA
2007
  |  By Carly Battaile
I have lost count of the post-incident reviews where the most painful conversation was not about the breach itself. It was about the retainer. A CISO realizes the prepaid hours expired six weeks before the intrusion began. A General Counsel discovers the retained firm is not on the cyber insurance panel and the claim is now in dispute. A board member asks why an organization that paid for "preparedness" spent the first eighteen hours of an incident negotiating scope.
  |  By LevelBlue
In Part 1, we covered onboarding Microsoft-native agents and SaaS AI platforms — the paths that need configuration, not code. Now we look at connecting agents that have no native integration — self-built frameworks and agents you build and run yourself. If an agent is missing from the M365 admin center inventory and the import-agents feature doesn’t support it, then the Microsoft Agent 365 SDK may be needed.
  |  By LevelBlue
Agent usage is exploding and in Microsoft 365, agents aren’t monitored by default. Even though it’s early days for tools that can monitor agents, Microsoft’s newly released Agent 365 evolves this new category with some powerful capabilities. Here are some tips for using Microsoft Agent 365 and related tools to monitor agents. Solutions discussed in this post: This is part 1 of a two-part series.
  |  By LevelBlue
Artificial Intelligence is no longer a future cybersecurity concern. It is actively reshaping how attacks are conducted, how organizations respond, and how business leaders must think about enterprise risk. While much of the conversation around AI has focused on productivity and innovation, threat actors are already leveraging AI to make cyber-attacks faster, more scalable, more convincing, and increasingly difficult to detect.
  |  By LevelBlue
Organizations continue investing heavily in cybersecurity tools, yet many security operations centers (SOCs) still struggle with alert fatigue, investigative delays, and inconsistent response outcomes. The issue is not necessarily a lack of technology. In many environments, it is the opposite. As security stacks expand, operational complexity often expands with them.
  |  By Kory Daniels
Artificial Intelligence continued to dominate the conversation, and content, but the key theme throughout the Gartner Security & Risk Management experience was a little bit more subtle. This year, CISOs from all across the globe came to connect, learn, and explore with peers, vendors, and Gartner, navigating individual and business resilience challenges.
  |  By Rachael Clay
OMB M-26-14 introduces a significant change in how federal agencies approach logging, monitoring, and incident response. Rather than emphasizing volume and retention of log data, the memo centers on how effectively agencies can use telemetry to support detection, investigation, and response across the full threat lifecycle. For cybersecurity leaders, the implication is clear: logging is now closely tied to operational performance.
  |  By John Jackson
There’s a persistent myth about red team operators: that the job is all zero-days, glowing terminals, and cinematic “I’m in” moments. The reality is more interesting and far more human. A day in the life of a red teamer is less about chasing flashy exploits and more about understanding how real people, real systems, and real environments fail under pressure.
  |  By LevelBlue
For many organizations, the move to virtual private server (VPS) hosting feels like a natural security upgrade. After all, the word private suggests isolation, control, and protection; especially compared to shared hosting environments. But in practice, private hosting does not automatically mean secure hosting. In fact, without the right security maturity, VPS environments can introduce new risks rather than eliminate old ones.
  |  By LevelBlue
LevelBlue has been named the Growth and Innovation Leader in the Frost Radar: Managed Security Services in the Americas, 2026 report, a recognition that reflects our continued focus on helping organizations simplify cybersecurity operations, strengthen resilience, and navigate an increasingly complex threat landscape.
  |  By LevelBlue
Many companies have an incident response retainer...but it doesn't actually make them risk ready. That's because too many retainers are built on outdated, hour-based "use it or lose it" models that don't actually reduce risk, improve resilience, or focus on outcomes. A modern retainer should drive preparedness, align with today's insurance realities, and actively lower exposure before an incident happens.
  |  By LevelBlue
Some of the biggest delays in incident response aren’t caused by the attacker… they’re caused by the first steps taken after discovery. A few examples of well-intentioned actions that can unintentionally slow investigations and extend recovery timelines: Resilience isn’t built during an incident. It’s built before one ever happens.
  |  By LevelBlue
LevelBlue. Built for what’s next. AI-powered security that stays ahead of threats, not reacts to them. From cloud to network to hybrid, we deliver total visibility, total control, and protection at scale, so enterprises can move faster with confidence.
  |  By LevelBlue
Originally recorded in 2025, we look back at how cybercriminals perfected deception during the first half of the year. Now available as an archive recording, the session highlights the second edition of the LevelBlue Threat Trends Report and explores real-world incident data, fast-moving attack chains, and the social engineering techniques that shaped the threat landscape at the time. While the data reflects early 2025, many of the lessons remain relevant for understanding how today’s threat environment evolved.
  |  By LevelBlue
Originally recorded in 2025, we look back at the key threat trends and attack techniques shaping the security landscape at the time. Now available as an archive recording, the session explores emerging threats, evolving attacker tactics, and early indicators of risks that still influence cybersecurity strategies today. While the data reflects 2025, many of the insights remain relevant for understanding how the modern threat landscape has evolved.
  |  By LevelBlue
LevelBlue and the PGA of America share a commitment to excellence under pressure. As the Official Cybersecurity Advisor of the PGA of America, LevelBlue brings championship standards of protection, continuity, and trust to the organizations that keep the game - and business - moving forward. From fairways to firewalls, LevelBlue safeguards mission-critical operations, member data, and high-profile events with always-on defense, accelerated response, and expert-led security operations powered by AI-driven threat intelligence.
  |  By LevelBlue
Cyberattacks are evolving fast; powered by AI, deepfakes, ransomware, phishing, and growing software supply chain risk. So how prepared is your organization? In this webcast, we breakdown key findings from the 2025 LevelBlue Futures Report (in partnership with FT Longitude). The report is based on a global survey of 1,500 C-suite and senior executives across 16 countries and seven industries, including healthcare, financial services, energy, and manufacturing.
  |  By LevelBlue
Discover how LevelBlue and Tenable are transforming cybersecurity in this exclusive fireside chat featuring Michael Vaughn, Director of Product Management at LevelBlue, and Greg Goetz, VP of Global Strategic Partners at Tenable.
  |  By LevelBlue
As email-based cyberattacks surge, security teams are struggling to stay ahead of increasingly sophisticated phishing, Business Email Compromise (BEC), and AI-driven social engineering. With attackers exploiting platforms like Microsoft 365, Google Workspace, OneDrive, and SharePoint, organizations face growing pressure to strengthen protection, visibility, and compliance.
  |  By LevelBlue
As global cybersecurity regulations tighten, security leaders are under increasing pressure to demonstrate strong Incident Readiness and Response (IRR). New requirements like the SEC cybersecurity disclosure rules, the EU’s NIS 2 Directive, and the forthcoming CIRCIA mandate faster reporting, stronger governance, and greater accountability. In this session, LevelBlue experts share insights from a survey of 500 security leaders on how organizations are adapting their IRR strategies for today’s regulatory climate.
  |  By LevelBlue
Phenomenal security. Phenomenal partnership. At AlienVault, we understand that customers rely on your expertise to deliver world-class security solutions specifically designed to protect their unique business. We also know that vetting partnerships opportunities with security vendors is a critical component to delivering those outcomes.
  |  By LevelBlue
The Insider's Guide to Incident Response gives you an in-depth look at the fundamental strategies of efficient and effective incident response for security teams that need to do more with less in today's rapidly changing threat landscape.
  |  By LevelBlue
As organizations around the world shift their workloads to Amazon Web Services (AWS) and other popular cloud infrastructure-as-a-service (IaaS) providers, concerns about cloud security continue to rise. According to a 2018 Cloud Security Report from Cybersecurity Insiders, 91% of respondents are concerned about cloud security, an increase of 11% over last year's report.
  |  By LevelBlue
Get All 5 Chapters of AlienVault's How to Build a Security Operations Center (On a Budget) in 1 eBook! You'll get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations.
  |  By LevelBlue
Criminal organizations and hackers increasingly perceive regional banks and credit unions as attractive targets. That's why we've created this primer-to help IT managers and executives at financial organizations understand not just the top threats they're facing, but also what they can do to fend them off.
  |  By LevelBlue
This whitepaper provides an overview of Open Source IDS and the various IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some of the best open source intrusion detection (IDS) tools available to you.
  |  By LevelBlue
With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security.

LevelBlue has simplified the way organizations detect and respond to today’s ever evolving threat landscape. Our unique and award-winning approach, trusted by thousands of customers, combines the essential security controls of our all-in-one platform, AlienVault Unified Security Management, with the power of AlienVault’s Open Threat Exchange, the world’s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource-constrained IT teams.

AlienVault® USM Anywhere™ accelerates and centralizes threat detection, incident response, and compliance management for your cloud, on-premises, and hybrid environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments, and cloud applications like Office 365. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.