Monday 2/16
The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era (Microsoft)
As organizations step into the agentic AI era, the priority shifts to establishing a security foundation that can absorb rapid change without adding operational drag. That requires an architecture built for flexibility—one that brings security data, analytics, and response capabilities together rather than scattering them across aging infrastructure.
https://www.microsoft.com/en-us/security/blog/2026/02/11/the-strategic-siem-buyers-guide-choosing-an-ai-ready-platform-for-the-agentic-era/
Not all AI is created equal: why context and layers matter in email security (Proofpoint)
Artificial intelligence is everywhere in cybersecurity marketing today. Every vendor claims to be “AI-powered,” “AI-first,” or “AI-native.” But as organizations increasingly rely on AI to protect their people and data, one uncomfortable truth is becoming clear: not all AI is created equal—and in email security, that difference matters more than ever.
https://www.proofpoint.com/us/blog/email-and-cloud-threats/%20not-all-ai-is-equal-context-matters-in-email-security
Tuesday 2/17
Palo Alto Networks Completes Acquisition of CyberArk to Secure the AI Era (Palo Alto Networks)
The acquisition of CyberArk addresses this shift by extending privilege security controls beyond a narrow set of administrators to every identity across the enterprise. By democratizing privileged access across human, machine and AI identities, organizations can reduce standing privileges, limit lateral movement and stop identity-based attacks faster.
https://www.paloaltonetworks.com/company/press/2026/palo-alto-networks-completes-acquisition-of-cyberark-to-secure-the-ai-era
How Cato Turns Identity Noise Into High-Confidence Detections (Cato Networks)
Identity attacks rarely arrive as one loud alert. They unfold as sequences of “valid” actions that only become suspicious when you see the behavioral pattern. Identity is now the control plane, and attackers increasingly abuse valid credentials, delegated permissions, and identity management APIs.
https://www.catonetworks.com/blog/cato-turns-identity-noise-into-high-confidence-detections/
Wednesday 2/18
What Security Teams Need to Know About OpenClaw, the AI Super Agent (CrowdStrike)
If employees deploy OpenClaw on corporate machines and/or connect it to enterprise systems and leave it misconfigured and unsecured, it could be commandeered as a powerful AI backdoor agent capable of taking orders from adversaries
https://www.crowdstrike.com/en-us/blog/what-security-teams-need-to-know-about-openclaw-ai-super-agent/
Two Types of Threat Intelligence That Make Security Work (Check Point)
This integrated view doesn’t just help SOC analysts triage faster. It helps CISOs communicate risk in business terms. It helps vulnerability teams stop chasing irrelevant CVEs. And it helps infrastructure teams understand which controls truly reduce exposure.
https://blog.checkpoint.com/research/two-types-of-threat-intelligence-that-make-security-work/
Thursday 2/19
ICYMI: On January 30, 2026, Gotham’s CTO, Ken Phelan, was joined by Citrix' Vice President of Platform Services, Bill Gray, for a discussion about the state of VDI and EUC.
Click the link below for the full video:
https://www.youtube.com/watch?v=XgbzDThLSgo
Network Intelligence: Your Questions, Global Answers (Recorded Future)
The gap between what most security programs need and what traditional threat intelligence provides continues to widen. Adversaries operate at scale, evolving infrastructure faster than feeds can update. Internal telemetry shows only what touches your perimeter. Point-in-time observations lack the context to distinguish targeted attacks from noise.
https://www.recordedfuture.com/blog/network-intelligence-questions-answered
Credential misuse at scale is now the default (Delinea)
From compromised non-human identities to large-scale credential harvesting fueling ransomware, January’s incidents shared a consistent characteristic: identity misuse occurred long before impact and largely went undetected.
https://delinea.com/blog/credential-misuse-at-scale-is-now-the-default
Friday 2/20
Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows (Wiz)
This milestone brings the same unified protection Wiz customers rely on for Linux and Container workloads to the Windows ecosystem. By extending the Wiz Runtime Sensor to Windows, security teams can now monitor, detect, and respond to threats across their entire hybrid environment in Wiz.
https://www.wiz.io/blog/wiz-runtime-sensor-for-your-windows-environment
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
Victims think the message is legitimate, because the login page is legitimate, so enter the code. But unknown to the victim, it’s actually the code for a device controlled by the threat actor. What the victim has done is issued an OAuth token granting the hacker’s device access to their Microsoft account.
https://www.csoonline.com/article/4134874/new-phishing-campaign-tricks-employees-into-bypassing-microsoft-365-mfa.html