%term

Provably better data

Jun 3, 2026 By Corelight In Corelight

Every security vendor says their data is better. Corelight decided to test that claim directly. Using real nation-state attack scenarios, including Salt Typhoon-related activity, the same AI model was evaluated against multiple security data sources to measure investigation accuracy, threat visibility, and incident response coverage. The only variable was the data.

View Video

Corelight

Read more about Provably better data

Bridging the gap: How Corelight and Crowdstrike Charlotte AI are redefining SOC investigations

Jun 3, 2026 By Adam Pumphrey In Corelight

For years, SOC analysts have lived in a world of swivel-chair analysis. When an alert fires in an endpoint tool, the next step is almost always a manual pivot to a network console to see if the network reality matches the host behavior. This manual back-and-forth isn't just tiring; it’s a window of opportunity for attackers. Corelight is excited to highlight a new integration with CrowdStrike Charlotte AI.

Read Post

Corelight

Read more about Bridging the gap: How Corelight and Crowdstrike Charlotte AI are redefining SOC investigations

Corelight brings unique network data into Cisco Cloud Control

Jun 2, 2026 By Corelight In Corelight

Corelight, a leader in fueling the AI SOC, today announced that it is providing industry-leading data to power AI investigations of emerging threats through an integration of Corelight Open NDR into Cloud Control Studio. Cloud Control Studio is the design space within Cisco Cloud Control, Cisco’s unified platform for agentic IT operations, where customers can build AI agents and connect them to non-Cisco tools.

Read Post

Corelight

Read more about Corelight brings unique network data into Cisco Cloud Control

How BlueVoyant's ASIM-First Strategy Simplifies Threat Detection in Microsoft Sentinel

Jun 1, 2026 By Alexander Sinno In BlueVoyant

Earlier this year, BlueVoyant adopted a new detection strategy built on the Advanced Security Information Model (ASIM). For those unfamiliar, ASIM is Microsoft's normalisation layer that standardises log data across products into consistent schemas. Our approach is simple: The result? Dramatically faster use case development and cleaner, more maintainable detection logic.

Read Post

BlueVoyant

Read more about How BlueVoyant's ASIM-First Strategy Simplifies Threat Detection in Microsoft Sentinel

Sophos Firewall: NDR Active threat intelligence

Jun 1, 2026 By Sophos In Sophos

A step-by-step tutorial showing how to configure and use NDR Active Threat Intelligence in Sophos Firewall, simulate detections, and investigate high-risk activity in Sophos Central.

View Video

Sophos

Read more about Sophos Firewall: NDR Active threat intelligence

Why Your Detection Latency Budget Determines Blast Radius

Jun 1, 2026 By Shauli Rozen In ARMO

Most teams buy detection on a single number. The datasheet says “millisecond detection,” the proof-of-concept fires the instant a test payload lands, and the box gets checked. Then a real AI agent incident runs in production, and the postmortem shows the attack completed its objective well before anyone contained it, even though the alert, technically, fired in milliseconds. The number was real. It just measured the wrong thing.

Read Post

ARMO

Read more about Why Your Detection Latency Budget Determines Blast Radius

Tool Call Analysis for AI Attack Detection: Reading What Rides Inside the Call

May 30, 2026 By Yossi Ben Naim In ARMO

A compromised agent doesn’t make a single call it isn’t allowed to make. It queries a table it’s authorized to read, calls a tool it’s authorized to use, sends to a domain that’s on the allowlist. Every call is legal. The attack is in the values it passes, and your tool-call log records all of it as a clean day’s work. A tool call has two layers. Almost every tool you run reads the first one: the call itself: which tool, in what order, at what rate.

Read Post

ARMO

Read more about Tool Call Analysis for AI Attack Detection: Reading What Rides Inside the Call

Securonix (ThreatQ) positioned as a Leader in the SPARK Matrix: Digital Threat intelligence Management, 2026 by QKS Group

May 28, 2026 By Securonix In Securonix

The QKS Group SPARK Matrix™ provides competitive analysis & ranking of the leading DTIM vendors. Securonix (ThreatQ), with its comprehensive platform, has received strong ratings across technology excellence and customer impact.

Read Post

Securonix

Read more about Securonix (ThreatQ) positioned as a Leader in the SPARK Matrix: Digital Threat intelligence Management, 2026 by QKS Group

ITSP: Corelight launches Agentic AI that makes SOC triage 10x faster

May 28, 2026 By Corelight In Corelight

Modern SOCs face a difficult reality: attackers are moving faster while analysts are being asked to investigate more alerts than ever. Learn how agentic triage helps security teams move from alert overload to evidence-backed investigations. Rather than relying on opaque AI outputs, the approach uses expert-written playbooks and exposes the underlying queries and evidence so analysts can verify conclusions against raw network data.

View Video

Corelight

Read more about ITSP: Corelight launches Agentic AI that makes SOC triage 10x faster

Cyber Risk: How do you detect a threat?

May 27, 2026 By UpGuard In UpGuard

The Zero-Lag Posture See how UpGuard is moving beyond static defense to a model that identifies emerging vectors like MCP servers and neutralizes browser-based threats in real time. Interested in finding out more about UpGuard?

View Video