Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

reach security

Exposure Management Explained: How to Go Beyond Vulnerability Scanning

May 28, 2026 By CP Morey In Reach Security
Vulnerability scanning gives security teams a starting point, but it has never been the whole picture. Scan results capture known CVEs across applications and systems, yet they say nothing about whether a given weakness is actually reachable, whether the controls around it are functioning correctly, or whether the people with access to it represent a meaningful risk. Exposure management addresses all of that.
Read Post
graylog

15 Risky Cloud Misconfigurations and How To Mitigate Them

May 28, 2026 By Jeff Darrington In Graylog
When people start driving, one of the first things they learn is how to set the rear-view and side-view mirrors. Whether driving locally or on the highway, these mirror configurations reduce accident risk because they improve the driver’s visibility into the cars behind and around them. In the cloud, various technical configurations act similarly.
Read Post
veracode

6 Best Practices for Managing Software Supply Chain Risks

May 28, 2026 By Natalie Tischler In Veracode
Modern software is not written from scratch. It’s assembled. Developers pull from open-source repositories, import third-party libraries, accelerate development with AI coding assistants, and deploy across multi-stage CI/CD pipelines that span dozens of tools, services, and vendors.
Read Post

How AI Is Changing What Security Teams Can Actually Do | Nancy Phillips, Ensemble Health Partners

May 28, 2026 By Reach Security In Reach Security
Threat actors used to need days or weeks to exploit a vulnerability. Now AI lets them do it in seconds. Most security teams are already buried. Too many tools, too many alerts, manual processes that can't keep pace, and break-glass changes that get made and forgotten. Keeping everything configured and optimized correctly is a full-time job on its own. Nancy Phillips, Chief Information Security Officer at Ensemble Health Partners: "I want my teams doing the innovative stuff. Not the mundane, repeatable stuff.".
View Video
Torq

Security Automation Doesn't Mean What It Used To: A 2026 Practitioner's Guide

May 28, 2026 By Torq In Torq
Security automation used to mean building a playbook. Someone on the team mapped out a workflow, connected a few tools, and watched it run on the alert types it was designed for. That worked for a while, in a different environment than the one security teams operate in today.
Read Post
aikido

What MDM can't protect on developer machines (and what to do about it)

May 28, 2026 By Nicholas Thomson In Aikido
Mobile Device Management (MDM) is a type of software used by organizations to secure, manage, and monitor their employees' mobile devices. Tools like Jamf, Kandji, and Microsoft Intune give IT teams visibility and control over every sanctioned application across the fleet. For compliance frameworks like SOC 2 or ISO 27001, MDM is often a core component of how you demonstrate device control and ensure data security. If your MDM is deployed, congratulations, you've solved 2012's BYOD security challenge.
Read Post
CurrentWare

How State and County Law Enforcement Use AccessPatrol to Meet CJIS and NIST 800-53 Requirements

May 28, 2026 By CurrentWare In CurrentWare
I spent nearly a decade in the U.S. Federal Government, including roles at the White House, the U.S. Department of Commerce, and the U.S. Senate. I later advised public sector clients on technology and strategic growth problems at Accenture. The same pattern showed up everywhere I went. Agencies invest in sophisticated network defenses.
Read Post
cato networks

What Consistent Leadership Across SSE, SD-WAN, and SASE Signals

May 28, 2026 By Brian Greenberg In Cato Networks
GigaOm’s latest analysis highlights a clear shift in the market. As they note, “The standalone Secure Service Edge (SSE) market has largely disappeared, with leading vendors now offering complete SASE solutions that converge software-defined wide-area network (SD-WAN) and SSE into single-vendor platforms. Organizations increasingly favor this consolidated approach to reduce operational complexity and improve visibility.”
Read Post
teleport

Remote Access That Works Behind NAT, CGNAT, and Uncontrolled Firewalls

May 28, 2026 By Steven Martin In Teleport
A device in your fleet encounters an issue. You try to SSH in only to discover that the IP changed overnight, the customer's firewall blocks inbound connections, and the VPN they set up six months ago stopped working when the device switched from Wi-Fi to cellular. The next several hours disappear into a Slack thread with the customer's IT team trying to get a port opened. Every engineer who has shipped hardware into a customer's environment has a version of this story.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.