Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.

With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.

LimaCharlie's SecOps Cloud Platform is built around a simple idea: everything connects via API. That includes AI. Rather than locking you into a proprietary and limited AI SOC, LimaCharlie lets you bring your own LLM and put it to work directly inside your security environment. With LimaCharlie, AI can execute operations across your detections, sensors, and integrations. Because LimaCharlie operates entirely via API, every AI action is transparent and auditable.

When we think of spring, we think of things in bloom; flowers, ideas, maybe even hope for the snow to melt here in our US headquarters Boston, MA. But regardless of the snow, we've chosen to embrace the idea of spring and letting your workflow creativity grow! What better way to let that creativity shine than with another round of You Did WHAT With Tines?! (YDWWT) For the Spring 2026 round of YDWWT, we want to know what your team can achieve with a Tines workflow.

Software-defined networking (SD-WAN) has transformed enterprise infrastructure, enabling dynamic connectivity between sites with centralized management and control. But when the control plane itself becomes vulnerable, network integrity is no longer a given.

Microsoft has made significant gains in the cybersecurity market, earning top rankings from leading analyst firms such as IDC and Forrester for its endpoint protection and threat detection and response capabilities. Solutions like Microsoft Defender XDR and Microsoft Sentinel provide powerful, integrated security across endpoints, identities, email, cloud workloads, and data. But technology alone does not deliver outcomes.

Today, most security reporting is trapped in a defensive cycle: detect a threat, react to it, report how serious it was. Rinse and repeat. The problem? Executive fatigue. Boards and leadership teams are tired of hearing about noise. They don’t want another dashboard of inbound attacks. They want to understand how cybersecurity protects revenue, sustains operations, and strengthens governance. It’s time to stop reporting on threats—and start reporting on business continuity.

A friend posted this on Facebook and it came up on my feed. I know this person and I was so sorry to read. How horrific! I had no idea who was killed in the accident, so I clicked on the news story. It took me to a site that posted this: This is a real reCAPTCHA posted to filter out anti-malware and content filtering services. When I saw this I knew that this was a fake news story and that my friend’s Facebook account had been taken over by a scammer.

At Arctic Wolf, we believe the future of cybersecurity is built on AI guided by human expertise. Staying at the forefront of security operations means not just adopting new technology but deeply understanding how and where it should be applied.

Physical discs have given way to streaming. You can make a purchase with a tap of your phone. But relying on documents to verify business and individual identities isn't going anywhere. In fact, the opposite is true. Some regulations require document checks during identity verification. Even when that’s not the case, documents are becoming popular and valuable components of identity checks because they provide information that isn’t available elsewhere.