|
By John Dominguez
Security teams spend enormous energy responding to threats, but many of the most damaging incidents trace back to a surprisingly simple failure: the organization didn't have an accurate picture of what it owned, what was exposed, and what its tools were actually doing about it. That gap between assumed coverage and actual coverage is where attackers operate, and adding more tools doesn't fix the underlying visibility problem.
|
By CP Morey
Vulnerability scanning gives security teams a starting point, but it has never been the whole picture. Scan results capture known CVEs across applications and systems, yet they say nothing about whether a given weakness is actually reachable, whether the controls around it are functioning correctly, or whether the people with access to it represent a meaningful risk. Exposure management addresses all of that.
|
By Garrett Hamilton
The Microsoft Defender Security Research Team and Microsoft Threat Intelligence documented a campaign in which Storm-2949 abused Microsoft Entra ID accounts to exfiltrate data from Microsoft 365 and Azure environments. The attack shows how cloud intrusions increasingly unfold through identity systems, administrative features, and legitimate platform capabilities rather than obvious malware or traditional endpoint compromise.
Close Defensive Gaps Before AI Attacks Exploit Them
|
By Garrett Hamilton
On April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. The group breached enterprise networks by impersonating IT helpdesk staff over Microsoft Teams, ultimately exfiltrating Active Directory databases and achieving full domain compromise. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability.
|
By Reach Security
The study, commissioned by Reach Security, reveals widespread misconfigurations, slow remediation cycles, and manual approaches to drift management, highlighting the urgent need for preemptive approaches that continuously validate security controls.
|
By CP Morey
Upgrading Microsoft enterprise licenses from E3 to E5 or from Entra ID Plan 1 to Plan 2? Whether your company is making the move or evaluating it, the key question is: How do you turn licensing changes into real security gains? Platformizing remains a major trend in 2025, and Microsoft often sits at the center of these efforts due to its broad security capabilities. But maximizing value from E3 and E5 licenses requires time, expertise, and contextual understanding of your environment.
|
By John Dominguez
A new research report from Reach Security reveals that misconfigured security controls, configuration drift, and unused capabilities across an organization’s existing security technology stack are a primary driver of cybersecurity risk.
|
By John Dominguez
In 2025, organizations spent billions on security, deploying EDR/XDR, SASE, firewalls, identity platforms, email security, web security, and more. And yet, breaches persist. The reason often is not a zero-day, an advanced persistent threat, or a cutting-edge exploit. It is far more mundane. Misconfigurations across identity, endpoint, network, and email/web security controls remain among the top root causes of incidents.
|
By CP Morey
Security configurations are not static. They evolve over time due to software updates, policy changes, emergency patches, and human intervention. While these changes are often necessary, they can lead to configuration drift, a gradual misalignment between an organization’s security controls and its intended security policies.
|
By Reach Security
Microsoft Defender for Endpoint ships with serious firepower. But most of it is sitting idle. ASR rules get stuck in audit mode. Devices never get fully onboarded. Exploit protection is switched off. Security baselines drifting across device groups. You're paying for protection that isn't turned on. Reach analyzes your Defender deployment, surfaces every gap, prioritizes the fixes by real risk reduced, and keeps your controls aligned as you scale.
|
By Reach Security
A firewall's entire job is to control what gets in. In Reach's research, it was the most common source of a configuration-related near miss or exposure, ahead of EDR and identity controls. It does not take much. One rule broadened for a project, one exception that outlived its reason, one change that shipped without anyone checking it against intent. A single overly permissive rule, sitting live between quarterly reviews, is enough.
|
By Reach Security
Observability is not the problem anymore. The data that tells you a change will break something usually already exists. Most teams have the events, the logs, the configuration history. What is missing is the step that turns all of it into a clear yes or no on a specific change, while there is still time to pull it. Garrett Hamilton, CEO of Reach Security, on objective data and the changes that get made before anyone checks.
|
By Reach Security
72% of security budgets still go to detection and response, not prevention. That is the thread running through the latest episode of The Security Strategist, where EM360Tech's Shubhangi Dua talks with Garrett Hamilton, CEO of Reach Security, and Jay Wilson, CIO and CISO at Insurity. With the majority of budgets still pointed at detection and response, the conversation makes the case for swinging the pendulum back toward prevention, and why the tech can finally back it up.
|
By Reach Security
"What's the problem, and how do I fix it?" Most security tools can't answer that. Reach can, for every misconfiguration in your Netskope deployment. It analyzes your web, SaaS, and data protection policies, flags what's drifted, and hands your team the exact fix ranked by risk and all powered by AI models. No guesswork, no 40-tab config audit.
|
By Reach Security
The Cybersecurity Connection! Cocktails, tacos, and a pool table, beachfront in Huntington Beach. Reach Security, Cloudflare, and JetStream are hosting a happy hour at The Bungalow on Wednesday, June 24. Security and IT leaders, two hours, no agenda. Come unwind, meet the team, and lose a game of pool to someone you just met. Wednesday, June 24, 5 to 7 PM. The Study at The Bungalow.
|
By Reach Security
"Usually it's not a question of if the bad guys get in. It's a question of what happens when they do." Jay Wilson, CISO and CIO at Insurity, and Garrett Hamilton, CEO of Reach, joined Shubhangi Dua on The Security Strategist from EM360Tech to talk about why the controls you already own are where exposure quietly builds up. That's Jay's line, and one every security leader has lived. Defense in depth only holds if every inner layer is configured the way you think it is. The outer door gets the attention. The inner doors are where incidents actually get stopped, or don't.
|
By Reach Security
How do CISOs feel about drift? Misconfigurations rarely look like incidents. A setting shifts, posture weakens, and nothing announces it until it already matters. That is a hard seat for whoever owns posture. Without a clear view of what changed, you are working secondhand, leaning on the team to tell you what moved and whether it hurt.
|
By Reach Security
At Black Hat last year, Garrett Hamilton asked Nicole Perlroth what she wanted the next five years of security to look like. She didn't give the optimistic answer. She said she was genuinely terrified. Zero-day exploitation at scale, fully automated. Attackers turning AI into infrastructure of their own. A year isn't five. But it's enough to check the tape.
|
By Reach Security
Offense is running on AI. Defense has to as well. That's the throughline of Garrett Hamilton's conversation with Jay Wilson, CIO and CISO at Insurity, on The Security Strategist, hosted by Shubhangi Dua at EM360Tech. What they get into.
- June 2026 (12)
- May 2026 (7)
- April 2026 (8)
- March 2026 (7)
- February 2026 (8)
- January 2026 (15)
- December 2025 (15)
- November 2025 (20)
- October 2025 (3)
Reach helps you get the most from your existing security stack by uncovering exposure, misconfigurations, and weaknesses that tools often miss. Using AI agents, it prioritizes and drives remediation based on real exposure, reducing operational costs and enabling measurable, preventive action, all from the leader in AI-Native Exposure Management.
Expose and eliminate hidden risk within your security stack:
- Threat Exposure Management: Reach identifies exposure that is actually reachable, like those on end-user devices that enable ransomware delivery. By focusing on real exposure, it helps you prioritize actions that measurably reduce risk.
- Security Posture Management: Weak controls create protection gaps like those that allow session hijacking or lateral movement. Reach helps you strengthen your posture by continuously validating whether your security controls are working as intended.
- Configuration Management: Misconfigurations leave systems open to attack. Reach finds these weaknesses across your stack and recommends precise, context-aware fixes that simplify remediation and reduce friction for your team.
AI Agents for Security Architects.