San Mateo, CA, USA
2007
  |  By LevelBlue
Summer might mean slightly fewer meetings, lighter inboxes, and the illusion of breathing room (in a perfect world), but we all know that attackers don’t take vacations, so neither should the fundamentals that keep your organization secure. If anything, now is the perfect time to tackle the “homework” that often gets pushed aside during busier quarters. Recent incident patterns continue to reinforce a straightforward reality: breaches are rarely the result of a single control failure.
  |  By Karl Sigler
When people think about cybersecurity, they usually think about protecting passwords, laptops, or email accounts. Phone numbers don't make the list very often. Maybe they should. A phone number by itself isn't especially dangerous. Someone can't hack your phone simply because they know your number. But it is often the starting point for a much larger attack.
  |  By LevelBlue
Most security providers can describe what they should be able to do. Fewer can demonstrate what they actually see, track, and respond to in live environments. That distinction matters more now than it did even a year ago. Attack surfaces have expanded beyond users and endpoints into machine identities, autonomous systems, and internet-facing infrastructure rapidly. At the same time, detection claims have become broader (often without a corresponding increase in observable capability).
  |  By Rishi Aggarwal
For years, enterprise security focused on protecting users, endpoints, applications and data. Today another identity is entering the enterprise. AI agents. Unlike traditional chatbots that simply answer questions, modern AI agents can perform tasks on behalf of users. They can search corporate knowledge, summarize documents, create reports, interact with business applications and, with appropriate permissions, execute multi-step workflows.
  |  By Jamie Mamroe
Incident response doesn’t always start with a dramatic alert or a perfectly framed timeline. More often, it starts with uncertainty. Something feels off. An executive notices unusual activity in their inbox. A user reports a login they don’t recognize. Suspicious emails have been sent. Data may or may not have been accessed. The facts are incomplete, the questions are piling up, and the pressure is already building.
  |  By Carly Battaile
I have lost count of the post-incident reviews where the most painful conversation was not about the breach itself. It was about the retainer. A CISO realizes the prepaid hours expired six weeks before the intrusion began. A General Counsel discovers the retained firm is not on the cyber insurance panel and the claim is now in dispute. A board member asks why an organization that paid for "preparedness" spent the first eighteen hours of an incident negotiating scope.
  |  By LevelBlue
In Part 1, we covered onboarding Microsoft-native agents and SaaS AI platforms — the paths that need configuration, not code. Now we look at connecting agents that have no native integration — self-built frameworks and agents you build and run yourself. If an agent is missing from the M365 admin center inventory and the import-agents feature doesn’t support it, then the Microsoft Agent 365 SDK may be needed.
  |  By LevelBlue
Agent usage is exploding and in Microsoft 365, agents aren’t monitored by default. Even though it’s early days for tools that can monitor agents, Microsoft’s newly released Agent 365 evolves this new category with some powerful capabilities. Here are some tips for using Microsoft Agent 365 and related tools to monitor agents. Solutions discussed in this post: This is part 1 of a two-part series.
  |  By LevelBlue
Artificial Intelligence is no longer a future cybersecurity concern. It is actively reshaping how attacks are conducted, how organizations respond, and how business leaders must think about enterprise risk. While much of the conversation around AI has focused on productivity and innovation, threat actors are already leveraging AI to make cyber-attacks faster, more scalable, more convincing, and increasingly difficult to detect.
  |  By LevelBlue
Organizations continue investing heavily in cybersecurity tools, yet many security operations centers (SOCs) still struggle with alert fatigue, investigative delays, and inconsistent response outcomes. The issue is not necessarily a lack of technology. In many environments, it is the opposite. As security stacks expand, operational complexity often expands with them.
  |  By LevelBlue
Many companies have an incident response retainer...but it doesn't actually make them risk ready. That's because too many retainers are built on outdated, hour-based "use it or lose it" models that don't actually reduce risk, improve resilience, or focus on outcomes. A modern retainer should drive preparedness, align with today's insurance realities, and actively lower exposure before an incident happens.
  |  By LevelBlue
Some of the biggest delays in incident response aren’t caused by the attacker… they’re caused by the first steps taken after discovery. A few examples of well-intentioned actions that can unintentionally slow investigations and extend recovery timelines: Resilience isn’t built during an incident. It’s built before one ever happens.
  |  By LevelBlue
LevelBlue. Built for what’s next. AI-powered security that stays ahead of threats, not reacts to them. From cloud to network to hybrid, we deliver total visibility, total control, and protection at scale, so enterprises can move faster with confidence.
  |  By LevelBlue
Originally recorded in 2025, we look back at how cybercriminals perfected deception during the first half of the year. Now available as an archive recording, the session highlights the second edition of the LevelBlue Threat Trends Report and explores real-world incident data, fast-moving attack chains, and the social engineering techniques that shaped the threat landscape at the time. While the data reflects early 2025, many of the lessons remain relevant for understanding how today’s threat environment evolved.
  |  By LevelBlue
Originally recorded in 2025, we look back at the key threat trends and attack techniques shaping the security landscape at the time. Now available as an archive recording, the session explores emerging threats, evolving attacker tactics, and early indicators of risks that still influence cybersecurity strategies today. While the data reflects 2025, many of the insights remain relevant for understanding how the modern threat landscape has evolved.
  |  By LevelBlue
LevelBlue and the PGA of America share a commitment to excellence under pressure. As the Official Cybersecurity Advisor of the PGA of America, LevelBlue brings championship standards of protection, continuity, and trust to the organizations that keep the game - and business - moving forward. From fairways to firewalls, LevelBlue safeguards mission-critical operations, member data, and high-profile events with always-on defense, accelerated response, and expert-led security operations powered by AI-driven threat intelligence.
  |  By LevelBlue
Cyberattacks are evolving fast; powered by AI, deepfakes, ransomware, phishing, and growing software supply chain risk. So how prepared is your organization? In this webcast, we breakdown key findings from the 2025 LevelBlue Futures Report (in partnership with FT Longitude). The report is based on a global survey of 1,500 C-suite and senior executives across 16 countries and seven industries, including healthcare, financial services, energy, and manufacturing.
  |  By LevelBlue
Discover how LevelBlue and Tenable are transforming cybersecurity in this exclusive fireside chat featuring Michael Vaughn, Director of Product Management at LevelBlue, and Greg Goetz, VP of Global Strategic Partners at Tenable.
  |  By LevelBlue
As email-based cyberattacks surge, security teams are struggling to stay ahead of increasingly sophisticated phishing, Business Email Compromise (BEC), and AI-driven social engineering. With attackers exploiting platforms like Microsoft 365, Google Workspace, OneDrive, and SharePoint, organizations face growing pressure to strengthen protection, visibility, and compliance.
  |  By LevelBlue
As global cybersecurity regulations tighten, security leaders are under increasing pressure to demonstrate strong Incident Readiness and Response (IRR). New requirements like the SEC cybersecurity disclosure rules, the EU’s NIS 2 Directive, and the forthcoming CIRCIA mandate faster reporting, stronger governance, and greater accountability. In this session, LevelBlue experts share insights from a survey of 500 security leaders on how organizations are adapting their IRR strategies for today’s regulatory climate.
  |  By LevelBlue
Phenomenal security. Phenomenal partnership. At AlienVault, we understand that customers rely on your expertise to deliver world-class security solutions specifically designed to protect their unique business. We also know that vetting partnerships opportunities with security vendors is a critical component to delivering those outcomes.
  |  By LevelBlue
The Insider's Guide to Incident Response gives you an in-depth look at the fundamental strategies of efficient and effective incident response for security teams that need to do more with less in today's rapidly changing threat landscape.
  |  By LevelBlue
As organizations around the world shift their workloads to Amazon Web Services (AWS) and other popular cloud infrastructure-as-a-service (IaaS) providers, concerns about cloud security continue to rise. According to a 2018 Cloud Security Report from Cybersecurity Insiders, 91% of respondents are concerned about cloud security, an increase of 11% over last year's report.
  |  By LevelBlue
Get All 5 Chapters of AlienVault's How to Build a Security Operations Center (On a Budget) in 1 eBook! You'll get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations.
  |  By LevelBlue
Criminal organizations and hackers increasingly perceive regional banks and credit unions as attractive targets. That's why we've created this primer-to help IT managers and executives at financial organizations understand not just the top threats they're facing, but also what they can do to fend them off.
  |  By LevelBlue
This whitepaper provides an overview of Open Source IDS and the various IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some of the best open source intrusion detection (IDS) tools available to you.
  |  By LevelBlue
With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security.

LevelBlue has simplified the way organizations detect and respond to today’s ever evolving threat landscape. Our unique and award-winning approach, trusted by thousands of customers, combines the essential security controls of our all-in-one platform, AlienVault Unified Security Management, with the power of AlienVault’s Open Threat Exchange, the world’s largest crowd-sourced threat intelligence community, making effective and affordable threat detection attainable for resource-constrained IT teams.

AlienVault® USM Anywhere™ accelerates and centralizes threat detection, incident response, and compliance management for your cloud, on-premises, and hybrid environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments, and cloud applications like Office 365. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure.

With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud.