Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our 1,200-plus Sentinel deployments, we've seen the same pattern play out repeatedly. Security teams forced to choose between comprehensive visibility and manageable costs. Logs getting aged out just when they become most valuable for investigations. Compliance requirements colliding with retention budgets. The pressure to do more with less doesn't come with a pause button. And until now, that pressure has meant making hard choices about what security data to keep and what to let go.

For decades now we’ve been locked in this game of cat-and-mouse where attackers develop a new technique and defenders catch up, or defenders introduce a new control and attackers adapt. From the evolution of network security to identity and access control, many of our technical controls have matured into strong and reliable defences. Yet as we continue to see in the media, attackers continue to get in, compromising even the most mature and secure of environments, in seemingly simple way.

Software-as-a-Service adoption is exploding, but security teams are struggling to keep up. The Cloud Security Alliance’s 2025 SaaS Security Survey has revealed that while investment in and attention to SaaS security are on the rise, genuine control remains elusive, especially when it comes to configuration management, identity governance, and visibility.

I’ve been following ransomware since the first one, the AIDS Cop Trojan, was released in December 1989. It locked up victim computers and asked for $300 to be sent to a Panama P.O. Box. A lot has changed since then. The invention of cryptocurrencies, particularly Bitcoin in January 2009, was largely responsible for the explosion of ransomware by 2013. This was when CryptoLocker ransomware was released to the world. Ransomware gangs have been making many billions of dollars per year ever since.

Qubit Conference Prague 2025 brought together some of the sharpest minds in cybersecurity—and Cato CTRL made sure to leave a mark. Not only did we share insights on AI-powered security, but we also marked a major milestone: the opening of our new R&D office in Prague. This expansion strengthens our global footprint and taps the best in the local engineering and development talent to help with the kinds of projects we present at Qubit.

Starting on July 19th, 2025, an npm supply chain security incident has been attacking maintainers of popular open-source npm packages on the npm registry.

Real maturity doesn’t come until AI is integrated into the operational fabric.

We’re thrilled to share some exciting news that truly validates our mission to secure the world’s software: Veracode has been recognized as a leading vendor in both Static Analysis (SAST) and Software Composition Analysis (SCA) in the June 2025 VDC Research Vendor Impact Awards! What makes this recognition even more significant is that these awards are based on aggregated ratings from VDC Research’s global “Voice of the Engineer” survey.

Recognizing the need to better protect organizations that rely on operational technology (OT), Trustwave is advancing its OT security services portfolio. Trustwave now delivers end-to-end visibility and threat response across IT and OT environments, enabling better detection, investigation capabilities, and response to threats targeting critical infrastructure by being integrated Trustwave’s Co-Managed SOC and penetration testing services.