Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

"Gartner estimates that 99% of cloud security failures through 2025 will be the customer's fault, primarily due to misconfigurations." Don’t become part of the statistic. Take our configuration drift product tour for a spin. Consider it some light work before the weekend. Most breaches don’t stem from cloud provider failures, but from customer-side issues like misconfigurations, weak identity controls, and unmanaged change.

It's always a pleasure to sit down and chat with Ed. Good security decisions don’t start with alerts. They start with context. We rarely do anything in life without understanding some baseline of context. Otherwise, we're essentially "flying blind." Garrett breaks down the three signals that actually drive meaningful change:⇢ A clear baseline of how your environment really operates⇢ What’s happening in the outside threat landscape⇢ What your own history is already telling you in the context of your business.

The silent killer in modern security programs? Garrett Hamilton and Todd Graham discuss how the real killer is settings quietly slipping out of alignment over time — even in environments packed with “best-in-class” tools and clean audit results. Misconfigurations don’t announce themselves. They accumulate. They age. They slowly pull your security posture away from original intent. What teams think is “turned on” often isn’t enforced consistently — or at all. Without continuous validation, drift becomes invisible risk.

Nicole Perlroth asks Garrett how Reach's involvement would have impacted the breach with Target. Attackers came in through a third-party HVAC vendor. Credentials were compromised. Alerts fired. But nothing rose to the level of urgency it deserved. As Garrett Hamilton explains at UCI, this is where security breaks down—not detection, but prioritization. Most teams keep investing in reacting faster inside the SOC. The harder (and more effective) shift is upstream: reducing the exhaust before it ever hits the console.

Humbled that CRN included Reach Security in their 2026 startups to watch list. This one’s for the team, our partners, and every customer who’s believed and shared in our vision — thank you. Onward.

Assessing Microsoft E3 and E5 is less about the license tier and more about understanding the security coverage you already own. In our conversation, Todd and Garrett break down what often gets missed in the E3 → E5 journey: Organizations move to E5 without clearly understanding:⇢ what coverage they already have with E3⇢ what incremental capabilities E5 actually adds⇢ and whether those capabilities are being adopted at all.

Security exposure doesn’t take a day off. Rain, snow or shine, environments keep changing. Controls drift. Configs break. Risk quietly piles up. Reach was founded to help organizations find and fix hidden risk and exposure. Traditional approaches surface issues — dashboards, alerts, findings — but stop short of actually fixing them.

Looking for the perfect easy listening experience to kick off the holidays? We just published a full conversation between Garrett Hamilton, CEO & Co-Founder of Reach Security, and Todd Graham, Managing Partner at Microsoft’s venture fund M12. They talk through what's limiting security programs today — not lack of tools, but lack of operational clarity.

Security teams know the attack techniques. What they don’t always know is how those techniques actually land in their environment. Reach maps your existing controls to MITRE ATT&CK (and D3FEND) and shows—visually—︎ which techniques are covered︎ which tools provide that coverage︎ and where real gaps exist Because “we have the tool” isn’t the same as “the technique is stopped.”