The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence AI is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional...

Behavioral Analytics for Continuous Insider Threat Detection in Zero-Trust Architectures

Insider threats are a particularly tricky cybersecurity issue, especially in zero-trust architectures ZTA where implicit trust is removed. Although the rule of thumb is never trust, always verify, attackers can still use legitimate credentials and impersonate the standard user activity. In...

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

This paper introduces the Agentic AI Governance Assurance & Trust Engine AAGATE, a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional...

When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR

When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR By Maulik Maheta · September 25, 2025 Executive summary Active Directory AD stores the digital keys to an organization's kingdom. When attackers gain access to a network, they often target the NTDS.dit file, which...

Addressing Weak Authentication like RFID, NFC in EVs and EVCs Using AI-Powered Adaptive Authentication

The rapid expansion of the Electric Vehicles EVs and Electric Vehicle Charging Systems EVCs has introduced new cybersecurity challenges, specifically in authentication protocols that protect vehicles, users, and energy infrastructure. Although widely adopted for convenience, traditional...

Zero-Trust Foundation Models: a New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things

This paper focuses on Zero-Trust Foundation Models ZTFMs, a novel paradigm that embeds zero-trust security principles into the lifecycle of foundation models FMs for Internet of Things IoT systems. By integrating core tenets, such as continuous verification, least privilege access LPA, data...

Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker

In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid conversation on how threat actors are evolving and what defenders must do to keep up. Moderated b...

Real-Time Detection of Insider Threats Using Behavioral Analytics and Deep Evidential Clustering

Insider threats represent one of the most critical challenges in modern cybersecurity. These threats arise from individuals within an organization who misuse their legitimate access to harm the organization's assets, data, or operations. Traditional security mechanisms, primarily designed for...

AI-Driven IRM: Transforming Insider Risk Management with Adaptive Scoring and LLM-Based Threat Detection

Insider threats pose a significant challenge to organizational security, often evading traditional rule-based detection systems due to their subtlety and contextual nature. This paper presents an AI-powered Insider Risk Management IRM system that integrates behavioral analytics, dynamic risk...

5 Ways Behavioral Analytics is Revolutionizing Incident Response

Behavioral analytics, long associated with threat detection i.e. UEBA or UBA, is experiencing a renaissance. Once primarily used to identify suspicious activity, it's now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral...

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report...

SIEM and XDR: What’s Converging, What’s Not

Let’s start with the conclusion: Security incident and event management SIEM isn’t going anywhere anytime soon. Today, most security analysts are using their SIEMs for detection and response, making it the core tool within the security operations center SOC. SIEM aggregates and monitors critical...

Imperva Adds Active Attack Detection to its Data Security Platform

Protecting the data perimeter Organizations are in constant pursuit of technology that provides rapid insight into threats. Early visibility, in combination with context-rich alerting and efficient incident response workflows, streamline threat containment and remediation efforts. Identifying...

Announcing the general availability of Azure Defender for IoT

As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology OT endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few yea...

Rethinking IoT/OT Security to Mitigate Cyberthreats

We live in an exciting time. We’re in the midst of the fourth industrial revolution—first steam, followed by electricity, then computers, and, now, the Internet of Things. A few years ago, IoT seemed like a futuristic concept that was on the distant horizon. The idea that your fridge would be...

Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk

Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...

Partner Perspectives: Integrate your SIEM, UEBA + EDR Solution with Securonix and Carbon Black

Nitin Agale is the Senior VP of Products for Securonix. Your endpoints are a valuable part of your enterprise structure. They are the computers your employees use and the servers your company depends on. Defending your endpoints is important, but it’s critical that your endpoint defense is just o...

An Analytical Framework for Network Data: Flare

An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...

Avoiding Data Breaches: Context Aware Behavioral Analytics

RESTON, VA – Security, it turns out, is all about layers, where if one layer fails, there are secondary and tertiary and a long line of backup defenses. This is neither new nor revolutionary. It’s why castles had moats, drawbridges and parapets; it’s also why prisons have cells, walls and gates...