To help companies remain competitive amidst changing markets, the Solutions Review editors are exploring how an empathy-first approach to AI risk management can transform a company’s ability to adopt and utilize AI technology successfully.

Implementing artificial intelligence (AI) into your company is as much about integrating the technology itself as managing the potential ripple effects it could have on the business. As the National Institute of Standards and Technology (NIST) explains, as many benefits as AI can provide—economic growth, improved productivity, boosted agility, etc.—it can also “pose risks that can negatively impact individuals, groups, organizations, communities, society, the environment, and the planet.” That’s where the value of an AI Risk Management Framework comes into play.

If these frameworks aim “to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems,” as the NIST says, empathy must be an essential part of any risk management strategy. With that in mind, this article will examine the crucial role AI risk management plays in today’s evolving world, specifically focusing on how valuable an empathetic AI (EAI) policy is to an AI risk management framework.

Addressing the Empathy Gap in Current AI Risk Frameworks

If you didn’t already know, the most widely adopted and recognized AI risk framework is the NIST AI Risk Management Framework (AI RMF), released in January 2023. However, much has changed in the years since, as few as they are. According to a report McKinsey & Company released in 2025, “78 percent of respondents say their organizations use AI in at least one business function, up from 72 percent in early 2024 and 55 percent a year earlier.” That’s a significant increase since the NIST released their AI RMF, and the landscape has changed.

While the NIST’s AI RMF remains the standard, and rightfully so, public perception of what it means to have a risk management strategy for AI adoption seems to lack the proper focus on empathy. Most AI risk management frameworks being deployed treat risks as quantifiable variables that can be addressed through technical controls and governance processes. That approach makes sense, since companies require a methodology that can be replicated and deployed as easily as possible. However, it can also create what you might call an “empathy gap,” resulting in AI systems failing to account for the emotional, contextual, and relational dimensions of human decision-making.

Consider the case of AI-powered customer service systems that function correctly but cause brand damage by failing to deliver the correct tone during customer interactions. While these systems could technically pass a traditional risk assessment, they fail in practice, harming consumers, users, and the company. There have been studies done on AI’s ability (or lack thereof) to utilize empathy in various settings, including medical care, for example, and most of the findings demonstrate that, despite AI’s growing capabilities, it cannot replicate the experienced empathy humans use on a daily basis.

Consequently, empathy must be a top priority in developing or deploying an AI risk management framework. With an EAI mindset, we believe companies can transform how they create and use AI technologies to maximize business potential and support their human workers. It’s like the NIST’s framework says: “AI risks–and benefits–can emerge from the interplay of technical aspects combined with societal factors related to how a system is used, its interactions with other AI systems, who operates it, and the social context in which it is deployed.”

The Business Case for Empathetic AI Risk Management

Unlike traditional AI metrics that focus on speed or accuracy, empathetic AI focuses on sticky, differentiated value propositions that are inherently difficult for competitors to replicate because they require deep integration of emotional intelligence, cultural sensitivity, and contextual awareness across entire product ecosystems. To get specific, the business case for empathetic AI in risk management rests on the premise that traditional risk frameworks catastrophically underestimate human-centric failure modes by treating users as rational actors rather than complex emotional beings.

An EAI-centric risk management strategy recognizes that the most disruptive AI failures often emerge not from technical malfunctions but from misaligned human-AI interactions where systems fail to understand user emotional states, cultural contexts, or unstated needs. By shifting to an empathy-first approach, companies can move their risk assessment from purely probabilistic models toward dynamic, relationship-aware frameworks that can predict and even prevent the social and reputational damages that emerge when AI systems inadvertently cross a line.

A study from 2021 explains, “AI lacks a helping intention towards another person as the basis of its attentional selection, because it does not have the appropriate motivational and inferential structure.” That lack does not mean AI is incapable of being helpful or acting empathetically. However, it does necessitate that humans adopt an empathy-first mindset when designing AI or giving it directions. Failing to do so can result in empathy failures that generate negative publicity that affects market capitalization, far exceeding the technical infrastructure investments.

EAI risk management can help your brand avoid that negativity by providing early warning systems that the technology and its users identify by continuously monitoring emotional sentiment, cultural alignment, and relationship quality metrics that traditional risk systems ignore entirely.

These AI risk management frameworks take time and investment, requiring companies to collect extensive training data about human emotional states, cultural norms, and psychological vulnerabilities—information that presents massive privacy and security risks. Yet, even with the complexity, an EAI risk management strategy is still worth exploring, especially since it means getting in “on the ground floor” for an emerging methodology already sending ripples throughout the enterprise technology marketplace.

The post Empathetic AI is the Key to a Successful AI Risk Management Framework appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review summarize some of the most significant ways AI has impacted cybersecurity jobs, hiring, skillsets, and more.

Regardless of your job title or industry, artificial intelligence (AI) has likely impacted your company’s internal and external processes. This can be especially true for cybersecurity professionals, as AI has changed how threat actors plan and execute attacks and introduced new ways to combat potential and active threats. What is less clear is the specific impact AI has had on cybersecurity and whether these professionals have cause for concern.

As AI is integrated into cybersecurity operations at unprecedented levels, the form and function of a company’s cyber team will continue to undergo rapid changes. To keep track of those changes, the Solutions Review editors have outlined some of the primary ways AI has changed cybersecurity, what professionals can do to remain agile during those evolutions, and what the future may hold for them and the technologies they use.

Note: These insights were informed through web research using advanced scraping techniques and generative AI tools. Solutions Review editors use a unique multi-prompt approach to extract targeted knowledge and optimize content for relevance and utility.

How Has AI Changed the Cybersecurity Workforce?

In just a few years, the impact of AI on cybersecurity has dramatically restructured the industry’s roles, responsibilities, and required skill sets. This transformation has been freeing for many, as AI technologies have streamlined user workloads and empowered teams to focus on more specialized, high-value tasks and projects. For comparison’s sake, consider how the global market for AI in cybersecurity is estimated to reach a market value of USD 133.8 billion by 2030, compared to its reported USD 14.9 billion in 2021. These technologies are exploding, and they’re not going anywhere.

However, it’s not uncommon for cybersecurity professionals to feel uneasy about the rapid adoption of these technologies, as they have already proven capable of rendering some tasks and roles nearly obsolete. Here are some of the job roles and processes that have been impacted the most by AI:

AI-Powered Automation and Analysis

AI is reshaping how cybersecurity analysis happens by expanding its scope and compressing its cognitive overhead. Traditionally, analysis involved hours of log inspection, correlation of alerts, and cross-referencing of threat intel feeds. However, with AI, especially those using machine learning (ML) and natural language processing (NLP), companies can automate those time-consuming processes to reduce alert fatigue and allow analysts to focus on the highest-risk threats.

For example, consider how leading cybersecurity platforms like Microsoft Defender XDR or IBM QRadar use ML models to correlate log entries and contextualize hundreds of alerts into real-time attack narratives. These streamlined analyses can dramatically reduce workloads by streamlining the process of identifying probable causes, unlocking cross-functional insights, and deploying that data to defend against future threats.

AI might be evolving what “analysis” looks like in cybersecurity, but it’s not ready to fully replace the necessity of human intervention. With AI handling the workload of detecting and aggregating information, human analysts will commit their time and expertise to interpretation, intent modeling, and escalation decision-making.

Threat Hunting and Adversarial Behavior Modeling

For years, traditional threat hunting has been hypothesis-driven: an analyst suspects that a particular tactic—e.g., credential stuffing or lateral movement—is occurring and searches logs or telemetry for artifacts that confirm or debunk that suspicion. However, this process is often narrow and human-biased, which is where AI can help. With its unsupervised learning and clustering capabilities, AI can identify and track patterns without preconceptions.

AI has essentially made “continuous hunting” possible. Some of the leading cybersecurity tools already use AI and behavioral models to proactively surface deviations, such as beaconing new domains or unusual SMB shares accessed at odd hours. Since AI can run 24/7, threat hunts no longer have to be ad hoc. It also adds a new data engineering dimension to threat hunting, as cybersecurity professionals are now encouraged (if not outright expected) to have AI-specific skills around curating telemetry, labeling behavior, and tuning features.

There’s no denying that AI is a double-edged sword for cybersecurity—cyber-criminals launched 36,000 malicious scans per second in 2024, according to Fortinet, and there’s been a 1,200 percent surge in phishing attacks since the rise of GenAI in late 2022. However, if companies want to keep up with the volume of attacks, they need the support that AI-boosted cybersecurity tools provide.

The Emergence of AI-Centric Cybersecurity Roles

The rise of AI in cybersecurity has not only affected existing workflows—it has spawned entirely new job categories, restructuring the profession around data-centric and model-centric competencies. These AI-centric cybersecurity roles represent a convergence of disciplines: traditional security, data science, ML operations (MLOps), and even behavioral psychology. Other roles like “blue team analysts” or “SOC engineers” are supplemented or outright replaced by titles like AI Threat Analyst, ML Security Engineer, and Adversarial ML Red Teamer.

It’s also possible that the future of cybersecurity jobs will start to resemble AI safety roles more than traditional InfoSec. This would involve an increased focus on validating agent boundaries, applying RLHF to constrain behavior, and building sandboxed testbeds for threat simulations. While there’s potential in that future, active and aspiring professionals should be wary, as that trend could result in a skills bar that leaves traditional network defenders behind unless they retrain aggressively.

The meta-trend here is becoming clear: Cybersecurity is evolving into a data science problem, and the workforce is shifting accordingly. The people who can reason statistically, build or probe AI systems, and think adversarially will define the next generation of cybersecurity leadership. Conventional roles will likely persist but may increasingly resemble operational support for AI-first tooling. Regardless, like LinkedIn’s Skills on the Rise report says, AI literacy will continue to be the skill that “professionals are prioritizing and companies are increasingly hiring for.”

Upskilling for the Future

AI isn’t a new technology, but it’s hitting the cybersecurity job market fast and hard. According to Cybersecurity Ventures, there will be 3.5 million unfilled jobs in the cybersecurity industry through 2025, a 350 percent growth from the one million open positions reported in 2013. If professionals want to keep their jobs—or future-proof themselves from potential displacement—they must equip themselves with AI-centric skills as soon as possible.

To reinforce that urgency, look at IBM’s Cost of a Data Breach Report, which shows that half of the organizations encountering security breaches also face high security staffing shortages. Even with 1 in 5 organizations using some form of generative AI, that skills gap remains a real challenge. Companies across industries need professionals fluent in adversarial and algorithmic logic, as that expertise will empower them to stay relevant regardless of the future. Mike Arrowsmith, the Chief Trust Officer at NinjaOne, puts it like this: “The best way to rein in AI risks is with more employee training. People have to know what to look out for, especially as AI technology evolves.”

One area professionals can focus on is soft skills. A recent study by Skiilify demonstrated that 94 percent of tech leaders believe soft skills—like curiosity, resilience, tolerance of ambiguity, perspective-taking, relationship-building, and humility—are more critical than ever. Soft skills can also help cybersecurity professionals understand how models can fail, how attackers exploit statistical assumptions, and how to wrap AI systems in resilient human oversight.

With Gartner predicting that, by 2028, “the adoption of GenAI will collapse the skills gap, removing the need for specialized education from 50 percent of entry-level cybersecurity positions,” it’s more crucial than ever for cybersecurity professionals to find and refine the skills that make them unique.

Will AI Replace Cybersecurity Professionals?

“AI won’t replace cybersecurity professionals, but it will transform the profession,” says Chris Dimitriadis, the Chief Global Strategy Officer at ISACA. The cybersecurity marketplace is already changing in response to AI tools and threats, but the transformation is far from finished. Even if the profession itself doesn’t go away, there’s a chance that current cybersecurity practitioners will be left behind as their job evolves into something they’re no longer equipped for.

In the longer term, AI will likely reshape cybersecurity professionals into decision supervisors. Their responsibilities will be less focused on making decisions and instead emphasize overseeing, calibrating, and intervening in AI-driven decision-making as necessary. It’s a subtler shift, but if the current workforce doesn’t upskill themselves in preparation, they may find that their expertise isn’t quite as valuable as it used to.

According to Sam Hector, Senior Strategy Leader at IBM Security, AI will “fundamentally shift the skills we require. Humans will focus more on strategy, analytics, and program improvements. This will necessitate continuous skills development of existing staff to pivot their roles around the evolving capabilities of AI.” The future of cybersecurity will be charted by practitioners who expand their perspective, prioritize their professional growth, engage with their peers, and collectively learn how to improve their AI-centric skills and literacy.

Want more insights like this? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!

The post What Will the AI Impact on Cybersecurity Jobs Look Like in 2025? appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Praveen Jain, the SVP/GM of AI Clusters and Data Center at Juniper Networks, outlines how on-premises AI can help companies regain control in this era of data sovereignty. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

A decade ago, the public cloud promised enterprises greater flexibility and lower costs. Today, many realize the reality is far more complex, and we are witnessing a significant shift back to on-premises solutions, especially for enterprises deploying AI workloads. This shift stems from mounting challenges with public cloud deployments, from unpredictable GPU costs and security vulnerabilities to vendor lock-in concerns. Organizations are increasingly recognizing that the promise of simplified cloud deployments often comes with hidden complexities and costs that can impact long-term success.

To illustrate the optionality, a recent survey found that nearly 50 percent of IT decision-makers are now equally considering both on-premises and public cloud solutions for new applications in 2025, marking a significant departure from the “cloud-first” mindset.

Data Sovereignty and Security: Bringing AI Workloads Home

In today’s digital landscape, where data breaches can easily cost organizations millions, security cannot be an afterthought.

The challenge becomes particularly acute when training large language models (LLMs) using private data in public cloud environments. On-premises AI infrastructure provides organizations with complete control over their security protocols and data governance—a crucial advantage for complying with regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This control extends beyond mere compliance. However, it enables organizations to implement custom security measures that align precisely with risk tolerance and operational requirements.

Consider the financial services sector, where institutions process millions of customer transactions daily. When AI models are trained and deployed on-premises, these organizations maintain full data sovereignty while significantly reducing breach risks due to the more direct visibility into all hardware, software, and in-house security measures. There’s no guesswork, no hoping a third-party provider has things locked down. This autonomy becomes even more critical when considering that GDPR non-compliance fines, for example, typically range from $10M to $22M.

The ability to maintain complete control over sensitive data while running sophisticated AI workloads has become a competitive necessity in heavily regulated industries. However, it’s important to note that on-premises benefits extend beyond data sovereignty alone.

The Economics and Technical Advantages of AI: Cost Efficiency and Control

While short-term projects—like a specific research study or business analysis—might find temporary solace in the lower cost of entry offered by public cloud solutions, the long-term cost implications for AI are often overlooked. The truth is, the substantial recurring costs associated with running resource-intensive GPUs in the cloud quickly add up.

In contrast, private AI data centers, while requiring a more significant upfront investment, ultimately deliver substantial savings in terms of total cost of ownership (TCO) and operational expenditures (OpEx). This economic advantage is further compounded by the technical control gained from on-premises deployments.

In the automotive industry, for instance, companies developing autonomous vehicles are producing massive data volumes, presenting a unique challenge. Original Equipment Manufacturers (OEMs) and their suppliers find that the bandwidth costs alone for moving massive datasets to and from the cloud can be prohibitive. Moreover, these software and interoperable hardware developers require real-time processing capabilities to support critical functions like over-the-air updates and rapid iteration in AI model development. Latency introduced by cloud data transfers can severely hinder these operations.

By deploying on-premises AI infrastructure, automotive companies and OEMs reduce bandwidth costs and gain the necessary control to fine-tune their infrastructure for specific workload requirements. This leads to better cost predictability and often results in lower TCO for sustained AI workloads. Recent analysis finds a 35 percent TCO savings and 70 percent OpEx savings over five years for private AI data centers compared to public cloud offerings, primarily due to the high recurring costs associated with public cloud services.

These advantages extend beyond pure economics, however, as organizations also gain the ability to fine-tune their infrastructure for specific workload requirements, optimize performance for certain AI models, and maintain complete visibility into their entire AI stack.

The Future of AI Infrastructure: Automation and Optimization 

Looking ahead, there is little doubt that AI and machine learning are crucial for modern, reliable, and secure end-user experiences, underscoring the importance of optimizing the underlying infrastructure. Modern on-premises solutions are evolving to incorporate advanced capabilities in high-performance networking and GPU clusters, specifically designed for complex tasks like LLM training. The focus is shifting toward automation that directly enhances control and efficiency.

To that end, advancements in automation are being adopted to directly address the need for greater efficiency:

• Automated Resource Scaling: Systems can automatically adjust computing resources based on real-time demand, ensuring optimal performance without manual intervention.
• Intelligent Workload Placement: AI-driven tools can analyze workload requirements and dynamically allocate them to the most efficient resources, maximizing utilization.
• Proactive Performance Maintenance: Automated monitoring and optimization tools maintain consistent performance levels, minimizing downtime and ensuring smooth operations.

Organizations can achieve cloud-like flexibility by focusing on these key automation capabilities while retaining the essential control and security benefits of on-premises AI infrastructure.

The Path to Efficient AI Operations

While cloud services will continue to play a role, on-premises AI infrastructure remains essential for organizations serious about building sustainable, scalable capabilities, particularly those requiring fully optimized data and computing resources. The decision between cloud and on-premises AI infrastructure isn’t just about hardware—it’s all about aligning IT priorities with long-term business objectives and operational realities.

As organizations mature in their AI journey, many are searching for the optimal balance of control, security, and cost predictability to launch large-scale AI deployments efficiently. By opting for on-premises AI infrastructure, organizations can build a strong foundation that keeps their data and workloads secure, compliant, and cost-effective in the long term.

The post The Benefits of On-Premises AI: Regaining Control in the Era of Data Sovereignty appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Botond Botyánszki, the Founder, CEO, and CTO at NXLog, examines how Microsoft’s expanded cloud logs can help companies enhance their security. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Nation-state-sponsored hacking stories are a big part of everyone’s favorite Hollywood movies. Until it becomes a real-life story of our compromised personal or corporate sensitive data ending up on the dark web or in hackers’ hands, that is. In real life, cyber espionage groups’ activities trigger stringent security enforcement. First, in the government sector, the government standards slowly shift, dictating industry norms by gently forcing vendors to sell into government contracts.

This is the case when it comes to the recently announced playbook on Microsoft Expanded Cloud Logs Implementation Playbook, issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). It all started in July 2023, when the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft’s Outlook email system to gain unauthorized access to email accounts belonging to U.S. government agencies and other organizations. The attackers bypassed security measures using a stolen Microsoft security key to forge authentication tokens. In fact, most attacks use BEC (Business Email Compromise) as a successful entry point in their attack vectors. Why? Because it works.

The fallout in 2023 resulted in Microsoft expanding free logging capabilities for all Purview Audit Standard users, among other changes. Now, realizing the necessity for further strengthening defenses, CISA has emphasized the transformative potential of Microsoft’s expanded cloud logs for proactive threat detection and provided guidance in the playbook.

Introducing Microsoft’s Expanded Cloud Logs in Microsoft Purview

Microsoft teamed up with CISA in October 2023 to elaborate on the journey and eventually created guidance for government agencies and enterprises on using cloud logs and extending cloud log data sources. Microsoft Purview Audit has now raised the bar with its expanded logging capabilities, empowering organizations to monitor thousands of events across Exchange, SharePoint, and Teams. These newly added logs provide deeper insights into user and admin activities. The idea initially came from and was recommended by CISA to mitigate advanced intrusion techniques.

Without collecting and utilizing Microsoft’s newly added logs, organizations would miss an opportunity to see what is happening in their IT systems’ “blind spots.”

These are the types of logs you would be able to collect:

• Microsoft Exchange audit logs
• Microsoft SharePoint audit logs
• Microsoft Teams audit logs
• Microsoft Viva Engage audit logs
• Microsoft Stream audit logs

Challenges in Operationalizing the New Log Data

Challenges with data volume

As with every log type, collecting, processing, normalizing, and shipping cloud logs are not without challenges. Organizations may face notable challenges when trying to operationalize these logs. Without an effective solution, they risk being overwhelmed by the sheer volume of audit events, incurring high storage costs, and struggling to filter relevant data for usable and actionable insights.

Adaptation with existing SIEMs

The need to adapt the SIEM configurations appropriately to process, display data, and trigger alerts based on the newly available logged events is critical. Without logs on security issues, organizations lack real-time alerts for incidents and the ability to trace problems back to their source. Don’t forget: SIEMs are optimized for analytics, but analytics can only be as good as the data sources provided. Failing to incorporate essential data sources leads to incomplete and unreliable analytics.

Filtering relevant data

CISA released a playbook, Microsoft Expanded Cloud Logs Implementation Playbook, regarding Splunk and its own SIEM offering, Microsoft Sentinel. This playbook explains how to use these logs, which mitigates the pain of those using these SIEM technologies. Yet, this playbook does not solve many organizations’ problems, and they must seek solutions themselves.

The effort required to adapt existing configurations and systems to handle and extract value from the newly available log events can be overwhelming. Without an accurate understanding of the new log data and appropriate tooling, financial and human IT resources can be exhausted.

Tackling the Challenges with Microsoft’s Expanded Cloud Logs

What about those outside of the Microsoft Sentinel and Splunk SIEM ecosystems?

If your organization uses Microsoft Sentinel or Splunk, you may already have support for these logs, but the reality is often more complex. These are just two of many SIEM solutions available, and most organizations still need to find ways to add these additional data sources and extract meaningful value from their log data. Every organization eventually needs to handle logs effectively, requiring a solution tailored to its requirements.

These challenges underline the need for a solution beyond the capabilities of native SIEM integrations. This is where a multi-platform logging solution can come into play. Organizations need the widest data source collection capabilities—from legacy systems through BEC data to cloud apps—that can simplify collecting, filtering, and normalizing logs from Microsoft technologies, helping them get the most out of cloud logs.

Real-World Benefits of a Cross-Platform Logging Platform

A solution with advanced log collection and seamless processing can help organizations efficiently correlate events across Microsoft 365 and beyond, regardless of their preferred SIEM solution. This empowers faster identification of unauthorized email access, unusual searches, and potential insider threats. This proactive approach safeguards organizations against advanced cyber threats and can help when it comes to compliance with regulatory requirements.

For example, imagine a mid-sized enterprise dealing with a sudden spike in phishing attempts. With a cross-platform logging platform, they can collect and process logs with Microsoft Purview Audit to identify unusual email access patterns and flag a potential security breach in near real-time. This proactive approach could prevent further damage and strengthen their overall security posture.

Despite CISA acknowledging that the implementation might be slightly costly for small and mid-size organizations, it’s likely that over time, these recommendations will become mandatory requirements—the future changes. There will always be new log sources in an organization’s IT security journey. Therefore, organizations can be ahead of the curve by adopting this approach.

Conclusion

CISA’s latest guidance, combined with Microsoft’s expanded logging features, marks a significant advancement in addressing cybersecurity challenges. Integrating these logs with a cross-platform logging solution helps organizations stay proactive against evolving threats while maintaining strong compliance and eliminating security gaps that otherwise make an organization vulnerable to cyber-attacks.

The post Enhancing Security with Microsoft’s Expanded Cloud Logs appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

For World Password Day 2025, the editors at Solutions Review have compiled a list of comments from some of the leading industry experts.

As part of this year’s World Password Day, we called for the industry’s best and brightest in Identity and Access Management and the broader cybersecurity market to share best practices, predictions for the future of passwords, and personal anecdotes. The experts featured represent some of the top influencers, consultants, and solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value. The list is organized alphabetically by company name.

World Password Day Quotes from Industry Experts in 2025

Tim Eades, CEO and Co-Founder at Anetac

Arun Shrestha, CEO and Co-Founder at BeyondID

“Passwords are old news, and World Password Day—once a reminder of cybersecurity best practices—now underscores the importance of phasing out the very authentication method it once championed. With stolen credentials topping the breach origin charts and phishing attacks up 4,151 percent since the launch of ChatGPT, it’s clear that traditional passwords are no longer sufficient. Modern threats call for passwordless authentication—not just for stronger security, but for a frictionless user experience. It’s time to answer the phone.”

Read on for more.

“For decades, passwords have been the weak link in cybersecurity–outdated, overused, and increasingly ineffective. But now, organizations are making a clear shift. Multi-factor authentication and sign-in links have emerged as the primary methods for user authentication across the US, UK, and globally, overtaking passwords.

“This step change comes as over half of business and IT decision-makers report higher fraud attempts with username and password alone compared to other methods. We’re at a cybersecurity inflection point: passwords are no longer sufficient. Modern, layered authentication methods, such as facial biometrics, device recognition, or generated codes, are stepping in.

“Rather than forcing users to create longer, more complex passwords, it’s time for organizations to embrace a passwordless future where customers and employees can prove their identity conveniently and securely using their biometrics. This approach reduces risk, streamlines access, and meets the expectations of today’s digital-first users.”

Joel Burleson-Davis, Chief Technology Officer at Imprivata

“This World Password Day, it seems appropriate to shift the discussion from securing and managing passwords to the demise of the password. Passwords have served us well (sort of), and we’ve been long talking about ditching the traditional, complex password because of their burden and unintentional insecurity. However, with every second mattering in critical work, now more than ever, passwordless authentication has become business-critical.

“There are signs of good adoption of both passwordless strategies and shunning our old password-burdened ways in mobile devices, which are built with and extensively leverage facial recognition for security purposes, but some of our most critical technologies in our most critical sectors have been reluctant to implement similar solutions in their operations. As life- and mission-critical industries like healthcare and manufacturing cope with staffing challenges while being increasingly targeted, it’s time they reconsider access management and their relationship with the password paradigm.

“In healthcare, for example, and in particular, the delivery of health care, where a 17-character password is not practical for clinicians who are treating patients who need rapid and frequent access to Electronic Health Records (EHRs) in all kinds of situations. Entering a complex password for these users only creates barriers that delay patient care, eats up clinician time, and exacerbate burnout.

“Passwordless solutions, particularly biometrics-based ones, offer a tailored and frictionless experience that enables everyone from healthcare providers to manufacturing operators to maintain the highest security standards while empowering them to deliver timely, critical work without unnecessary barriers. I look forward to a World Password Day in the future that is full of cheering and celebration because we’ve finally released ourselves from the burden of putting memorized, complex strings into a little prompt box for the sake of security.”

Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass

“World Password Day is a great reminder for every organization that identity access management is the foundation of effective company security. Abusing legitimate credentials is one of the easiest and most common ways hackers gain unauthorized access to systems. Given the rise of infostealers over the last few years, which frequently target credentials and other sensitive data to resell on underground marketplaces, acquiring these is easier than ever. Credentials and session cookies stolen from employees’ personal devices can be used to breach corporate networks.

“A key aspect of stealers is their heavy reliance on the ‘spray-and-prey’ tactic, rather than directly targeting corporate networks, they’re counting on individuals having weaker security on their personal devices and using their work credentials on personal devices. The time from infection via stealer malware to the time that information is posted to the dark web can be speedy, especially with automation tools. Organizations must monitor for exposed credentials and change credentials as quickly as possible to disrupt breaches and attacks before they can occur. In a world where hybrid work has blurred the lines between personal and professional devices, businesses can’t afford to be casual about credential management.

“Using strong, unique passwords is just the tip of the iceberg when protecting your identity access. Reusing passwords across services is still one of the most common mistakes employees make—and one of the easiest ways for attackers to gain access. Requiring multi-factor authentication (MFA) should be standard for every business account, and it is a good idea for personal accounts, too.

“This World Password Day, take a look at your access policies. Are you protecting your company or making it easier for someone else to break in?”

“Leverage passkeys as the primary authentication method whenever possible. While passkeys are not immune to cyber-attacks, they are significantly more secure and phishing-resistant because they are linked to a device or leverage biometric authentication. Plus, they’re a whole lot easier to manage than constantly juggling new password combinations.”

Anthony Cusimano, Solutions Director at Object First

“I believe the death of the password is just around the corner. Passwords are no longer a secure method of authentication and should not be treated as secure. So, I’ll share the advice I have taken up in the last year: use a password manager, app-based or browser-based (either works!).

“Password managers securely store your passwords in a locked vault and come with convenient browser extensions that autofill logins. They can also generate unique, complex passwords for every account. Many of these tools allow you to customize password requirements according to your preferences, including specifying length and incorporating symbols, numbers, and mixed case. Additionally, password managers can alert you to duplicate or weak passwords and often suggest optimal times for changes.

“The password alone is NOT a secure authentication method; that’s why I have given up trying to maximize their security and left the brainwork to someone else. It’s 2025—let an app do the password legwork for you, and here’s to hoping that passwords become a thing of the past sooner rather than later.”

Nicolas Fort, Director of Product Management at One Identity

“Passwords have come a long way, from punch-tape reels in 1961 to the world of multi-factor authentication and fingerprint identification we inhabit today. The next leap is already happening—passkeys tied to devices, one-time AI-generated tokens, and even blockchain-backed session receipts. It’s no accident that password technology is constantly evolving.

“Cyber-attacks are more frequent, threat actors have more sophisticated tools at their disposal, and as businesses continue to store more and more sensitive data online, regulators are rightly demanding that they keep up. The EU’s NIS2, the UK’s Cyber Resilience Act, DORA, HIPAA, and countless other rules and regulations now demand rock-solid control over user accounts at every touchpoint. That means audited sessions, behavioral analytics, rotating passwords, and just-in-time credentials—so that no matter how hard attackers try, there’s simply nothing there to steal.”

Drew Perry, Chief Innovation Officer at Ontinue

“As positive a day as World Password Day is, I look forward to the day it no longer exists or is at least renamed! With the rise of passkey support across major platforms and devices, we’re finally seeing a shift towards more secure and user-friendly authentication. Passkeys are cryptographic credentials that eliminate the need for passwords entirely, offering phishing-resistant, biometric-based access. It’s time we moved beyond passwords, which are too often reused, weak, or compromised. Simpler identity protection is needed so we, as humans, don’t just pick a random string of characters that we will never remember!”

“We have come a long way. Password manager adoption is rising, multi-factor authentication is available for most critical online services, and people are reusing the same passwords less. But still, hackers are succeeding in their attacks. We have been saying since the early 2010s that “hackers don’t hack in, they log in,” and as time goes on, it becomes even more true.

“Stolen credentials overtook email phishing as the second most frequently observed initial infection vector in 2024 during intrusions into businesses. At Ontinue, we have witnessed first-hand the rise of sophisticated infostealer malware, which captures passwords as they are entered by users during login. This enables attackers to simply log in if no other secondary authentication methods are enabled, which, sadly, is often the case.

“Awareness is key. Enable passkeys where possible. I suggest we lay the password to rest and embrace the passwordless future.”

“World Password Day serves as an annual reminder of a universal truth: passwords are a pain. Despite being a cornerstone of our digital lives, they consistently fall short. From the widespread practice of password reuse—a virtual invitation to cyber-criminals—to the ease with which they can be compromised through social engineering or simple guessing, the inherent weaknesses of password-based authentication are undeniable.

The post World Password Day Quotes from Industry Experts in 2025 appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Arun Shrestha, the CEO and Co-Founder of BeyondID, shares his thoughts on why it might be time to replace World Password Day. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Passwords are old news, and World Password Day—once a reminder of cybersecurity best practices—now underscores the importance of phasing out the very authentication method it once championed. With stolen credentials topping the breach origin charts and phishing attacks up 4,151 percent since the launch of ChatGPT, it’s clear that traditional passwords are no longer sufficient. Modern threats call for passwordless authentication—not just for stronger security, but for a frictionless user experience. It’s time to answer the phone. “Everyone, everywhere will be hacked at some point…identity security isn’t just about stopping bad actors—it’s about making sure you’re not making their job easier.”

The Problem with Passwords

Back in 2013, World Password Day was a pretty good idea. Changing your password every 90 days was a solid security strategy, after all. But 12 years later, World Password Day is a relic of a bygone era…and passwords aren’t the answer anymore—they’re the problem.

Relying on passwords in 2025 is like locking your front door and leaving the key under the mat. According to Verizon’s Data Breach Investigations Report, 77 percent of basic web application attacks involve stolen credentials. Even more alarming, fewer than half of organizations have adopted multi-factor authentication (MFA), leaving accounts vulnerable to credential stuffing and brute-force attacks.

Real-World Risks of Password Reliance

Passwords don’t just fail in theory—they fail in the real world. Reused logins, weak policies, and predictable patterns give attackers easy access to sensitive data. Social engineering and phishing have evolved, too, boosted by AI-generated deepfakes that mimic voices, craft convincing emails, and outsmart human judgment.

A Harvard Kennedy School and Avant Research Group study found that AI-generated phishing emails had a 54 percent click-through rate in 2024, making them as effective, if not more, than those crafted by humans.

MFA Isn’t Always Enough

Despite widespread support—and even mandates from agencies like the Cybersecurity and Infrastructure Security Agency (CISA)—MFA adoption remains inconsistent at best. But even when implemented, it’s not a silver bullet. Common methods like SMS codes and push notifications are still vulnerable to push fatigue and attacks like SIM swapping.

In early 2024, Cisco Duo’s AI and Security Research team reported that nearly half of security incidents involved MFA bypass attempts. Around the same time, Microsoft’s MFA was found vulnerable to a flaw dubbed AuthQuake, which allowed attackers to bypass MFA protections in minutes through token manipulation, highlighting how quickly poorly configured systems can be exploited.

To stay ahead, organizations need something stronger: phishing-resistant authentication. Think passkeys, FIDO2, and device-bound biometrics. These methods eliminate the weakest link: the user-generated password.

The Case for Going Passwordless

Passwordless authentication isn’t just better than its predecessors—it’s simpler. Users log in with a fingerprint, face scan, or one-time passcode. There are no passwords to remember or credentials to steal—just a seamless, secure experience—and the benefits are measurable.

Gartner estimates that 20-50 percent of IT help desk calls are password resets. That’s a lot of wasted time and money. Passwordless reduces that burden, and with built-in risk detection like device fingerprinting and behavioral biometrics, it also bolsters fraud prevention. Better UX, stronger security, and more resilient systems—this is what passwordless has to offer.

A Better Way to Celebrate Security

Let’s face it: it’s time to retire World Password Day.

Passwords no longer represent best practices, and modern threats demand more than reminders to “update your login.” It’s time to shift focus to strategies that actually work, like phishing-resistant authentication and secure-by-design identity frameworks.

We’ve seen firsthand how this shift occurs in complex, high-risk environments like healthcare. One regional provider recently replaced manual access management with an automated identity integration between their EHR and workforce directory. The result? Stronger compliance, fewer access gaps, and a major boost in operational efficiency. That’s the real-world impact of leaving outdated authentication behind.

Maybe it’s time for Identity-First Access Day. Or Phishing-Resistant Authentication Week. Whatever we call it, the message should be clear: it’s time to celebrate the future of cybersecurity.

The post Why It’s Time to Ditch World Password Day appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

The editors at Solutions Review are exploring the emerging AI application layer with this authoritative list of the best AI agents for cybersecurity use cases that teams should consider integrating into their business security efforts.

The proliferation of generative AI has ushered in a new era of cybersecurity, and AI agents are heavily involved in that transformation. As threat actors continue to find new ways to disrupt businesses, AI has become an essential tool in every company’s lineup of defense systems. Whether autonomously monitoring network traffic, detecting anomalous patterns, or responding to potential threats in real-time, AI agents in cybersecurity can help your company adapt its defense strategies and remain agile as new threats present themselves.

In this up-to-date and authoritative guide, our editors will spotlight some of the top AI agents and agent platforms available today for cybersecurity teams to help you find the right tool for your specific needs. This resource is designed to help you:

• Understand what makes cybersecurity AI agents different from traditional automation tools
• Explore the capabilities and limitations of each available agent or agent platform in the marketplace
• Choose the best solution for your team based on use case, skill level, and scalability options

Note: This list of the best AI agents for cybersecurity was compiled through web research using advanced scraping techniques and generative AI tools. Solutions Review editors use a unique multi-prompt approach to employ targeted prompts to extract critical knowledge and optimize content for relevance and utility. Our editors also utilized Solutions Review’s weekly news distribution services to ensure the information is as close to real-time as possible. The list is organized in alphabetical order.

The Top AI Agents for Cybersecurity Teams

Arctic Wolf Agent

Description: Arctic Wolf’s Agent is a lightweight software designed to autonomously collect actionable intelligence from their IT environments, scan endpoints for vulnerabilities and misconfigurations, and even respond to emerging threats.

Arctic Wolf Agent is managed 24×7 by security operations experts from the Arctic Wolf Concierge Security Team (CST), which provides clients with additional support in their threat detection, assessment, and containment efforts. It’s designed to extend IT bandwidth by monitoring wireless networks, event logs, process tables, installed software, SSL certificates, and more.

Key Features:

• Identify and benchmark risk profiles against globally accepted configuration guidelines and security standards.
• Host-based vulnerability assessment will continuously monitor servers and workstations for vulnerabilities and misconfigurations.
• Only 10MB of memory utilization under normal operating standards.
• Block data exfiltration and propagation of threats by preventing servers and workstations from communicating.

Get Started: Arctic Wolf Agent can be installed transparently via the existing software deployment processes your IT department is working with. It uses universal installers (i.e., MSI and PKG), requires zero maintenance once implemented, carries no performance impact, and can be updated seamlessly through the Arctic Wolf Platform.

Darktrace

Description: Darktrace’s Cyber AI Analyst combines human expertise with the speed and scale of artificial intelligence. It’s designed to reduce the time spent investigating alerts by streamlining workflows so your security team can focus on urgent or higher-value tasks.

Unlike copilots or prompt-based AI agents built to interpret text, Darktrace’s Cyber AI Assistant can replicate the human investigative process by questioning data, testing hypotheses, and reaching conclusions based on the results, all without human intervention. The Analyst also runs continuously, so it can re-investigate existing alerts with emerging data in real-time to ensure thorough analyses.

Key Features:

• The Analyst can recommend the next-best actions unique to each incident.
• Set up repeatable, integrated investigative workflows that are custom to your organization.
• Autonomous responses stop malicious actions while giving defenders time to analyze and remediate.
• Simplify incident understanding with detailed insights and investigative processes.

Get Started: The Cyber AI Analyst is built to underpin the Darktrace ActiveAI Security Platform, which allows clients to trial the company’s platforms in unison across use cases and technologies.

Fortinet

Description: FortiClient, an agent for the Fortinet Security Fabric solution, provides businesses with protection, compliance, and secure access, all from a single, modular, lightweight client.

The agentic tool runs on an endpoint like a laptop or mobile device. It autonomously communicates with Fortinet Security Fabric to provide users with the information, visibility, and control they need to manage each device. This can minimize the need for manual intervention and promote faster threat remediations across environments.

Key Features:

• Secure endpoints with ML anti-malware and behavior-based anti-exploit.
• FortiClient enables remote workers to securely connect to a network using zero-trust principles.
• Control access to cloud-based applications, including visibility to shadow IT.
• Harden endpoint security with vulnerability scanning, automated patching, software inventory, and app firewall functionalities.

Get Started: FortiClient comes in several models with increasing degrees of protection and capabilities. It’s built to integrate with the key components of Fortinet Security Fabric and is centrally managed by the Endpoint Management Server (EMS). Clients can also enhance the tool’s value with Fortinet’s professional services offerings, which can help streamline upgrades, patches, deployment, and monitoring processes.

Purple AI by SentinelOne

Description: Purple AI is a cybersecurity analyst powered by agentic AI technologies that enable teams to use natural language prompts and context-based suggested queries to identify hidden risks, respond to threats faster, and conduct in-depth investigations.

SentinelOne designed Purple AI to scale autonomous protection across the enterprise and amplify a security team’s capabilities by streamlining and automating SecOps workflows. For example, Purple AI can generate incident summaries, self-documenting notebooks, and recommended queries.

Key Features:

• Purple AI is architected with the highest level of safeguards to protect against misuse and hallucinations.
• Synthesize threat intelligence and contextual insights in a conversational user experience.
• View and manage security data in one place with a unified console for native and third-party security data.
• Generate summaries that communicate the seriousness of an incident, key findings of the hunt, and recommended actions.

Get Started: SentinelOne’s agentic AI functionalities are available in the Complete, Commercial, and Enterprise models of the company’s Singularity solution. Each offering provides scalable features to help companies of all sizes and needs streamline and improve their cybersecurity efforts.

Alex by Twine

Description: Alex is Twine’s first digital employee. The AI agent is designed to join your team and handle the execution and orchestration of identity and access management processes.

Alex is capable of planning, approving, and automatically executing tasks. Potential use cases for Alex include onboarding users to a new application, assigning employees to orphaned accounts, optimizing a company’s existing identity governance and administration (IGA) platforms, and more.

Key Features:

• Autonomously repairs issues, removes roadblocks, and recovers whatever is needed to complete objectives.
• Handle and fix edge cases and exceptions with minimum human intervention.
• Connect and bond multiple HR systems, identity silos, and SaaS platforms within larger organizations.
• Identity applications that require multi-factor authentication (MFA) and migrate them into an MFA framework without disrupting your team’s workflow.

Get Started: Twine’s Digital Employees are designed to integrate easily with a company’s existing systems. The agents learn and adapt to each client’s unique requirements, environments, and applications. Twine’s engineers can even research and build specific integrations to suit special cases when needed.

Want the full list? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!

The post The Top AI Agents for Cybersecurity Teams appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Daniel Pearson, the CEO at KnownHost, explains why the 3-2-1 backup rule is just as important to cybersecurity today as it was when it was first created. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately $1.82 trillion in cyber-crime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. 

As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption. Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and it will be a crucial method in the upcoming years to prevent major data loss.   

What Is the 3-2-1 Backup Rule? 

The 3-2-1 backup rule is a simple yet highly effective data protection strategy that consists of the following setup: 

• Keep three copies of your data, including the original and two backups. 
• Storing the data in two different locations. For example, the cloud, on a disk, or a local drive. 
• Storing a copy of the data off-site. 

This layered approach has long been considered a gold standard in IT security because it diversifies risk, minimizes points of failure, and increases the likelihood of successful data recovery in the event of a cyber-attack or system malfunction. 

Why is This Rule Still Relevant in Today’s Cyber Threat Landscape? 

In today’s environment, many businesses assume that storing data in the cloud is enough. However, it’s not a failsafe. Due to the rapid growth of cloud infrastructure, cyber-criminals are now actively targeting these using advanced ransomware techniques, leaving businesses with no clean recovery option. Statistics show that 80 percent of companies have encountered an increase in the frequency of cloud attacks. 

Because of this, more than ever, businesses need to invest in immutable backup solutions that ensure backup data cannot be modified, deleted, or accessed by unauthorized parties. 

Common Backup Mistakes Businesses Make 

Despite widespread awareness of data protection principles, organizations still make critical errors in how they approach backups. One of the most common mistakes is storing all backups on the same physical network. This means that once malware infiltrates the network, it can easily encrypt both primary and backup data. 

Organizations also often neglect offline or air-gapped backups. As they rely solely on always-connected cloud or on-premise storage solutions, recovery options may be easily wiped out during an attack. 

Finally, one of the most important steps businesses need to take yet fail to do so is to test backup restoration. Backups are only as good as their ability to be restored. Far too many organizations neglect regular testing, leading to the devastating realization that backup data is inaccessible or corrupted only after a breach has occurred. 

How to Implement the 3-2-1 Rule 

To effectively integrate the 3-2-1 backup rule into your cybersecurity practices, organizations should begin with diversifying their storage solutions. For the most secure option, businesses may wish to use a combination of local disks, cloud storage, and physical media such as external drives. 

Next, leverage technologies that ensure backup data is write-once, read-many (WORM), meaning it cannot be altered or deleted, even by administrative accounts. Organizations may then wish to utilize appropriate automation and AI-driven tools. These help with automated monitoring, anomaly detection, and predictive analytics to verify backup integrity and alert businesses to suspicious changes or failures in the backup process.  

Finally, businesses also need to ensure that they align with regulatory standards. GDPR in the UK, or CCPA in the United States, emphasizes data protection and backup integrity. Ensuring your backup strategy adheres to these standards reduces legal risk and strengthens overall security. 

By combining this proven strategy with modern innovations such as immutable storage and AI-driven backup monitoring, organizations can fortify their defenses and dramatically improve their resilience to cyber threats.

The post Why the 3-2-1 Backup Rule Remains a Cornerstone of Cybersecurity in 2025 appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

For Identity Management Day 2025, the editors at Solutions Review have compiled a list of quotes and commentary from some of the field’s leading experts. These comments originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

As part of Identity Management Day 2025, the Solutions Review editorial team called for the industry’s best and brightest to share their insights, predictions, and commentary on the evolving world of Identity Management technology. The experts featured represent some of the top Cybersecurity solution providers with experience in the marketplace, and each projection has been vetted for relevance and ability to add business value. The list is organized alphabetically by associated company name.

Identity Management Day Quotes from Industry Experts in 2025

Rom Carmel, Co-Founder and CEO of Apono

“The latest advancements in quantum computing chips have brought the technology to the forefront of business leaders’ minds. However, while quantum computing promises significant breakthroughs, it will also introduce an entirely new set of threats. At the heart of this challenge is the risk to digital identities and confidential information. A fully scaled quantum computer will have the capability to break current cryptographic methods widely used to protect our increasingly digital lives. Organizations must prepare for the emerging risks associated with post-quantum cryptography and take the necessary steps to ensure that identities and other sensitive data remain secure.”

Joel Burleson‑Davis, Senior Vice President of Engineering, Cyber at Imprivata

High-Profile Security Lapses Highlight The Human Element Of Identity

“Identity remains one of the weakest links in any security ecosystem. Even the most secure solution can fall victim to human error. It’s tempting to blame the service, but even when a platform is highly secure, the real issue is a lack of stringent identity security processes. Simple measures like identity validation can prevent sensitive information from getting out. Limiting risk goes beyond MFA; continuous identity and permission monitoring are critical. This includes location, behavior-based validation as well as clearly defined identity validation for account management actions, along with consistent security training for everyone from the shop floor to the C-suite. At the end of the day, technology is only as useful as its users. If your endpoint isn’t secure, even the strongest security solutions are reachable.”

Kris Bondi, CEO and Co-founder, Mimoto

“Identity Management Day serves as a crucial reminder to prioritize secure authentication methods to safeguard digital identities. As digital transactions continue to outpace traditional methods, online identity fraud now accounts for over 70 percent of all incidents. To better protect users, both businesses and individuals must adopt stringent identity verification (IDV) strategies. The future lies in leveraging robust multi-factor authentication (MFA) solutions, such as FIDO passkeys, alongside Bring Your Own Identity (BYOI)—a model where users can authenticate through their preferred identity provider (IdP), offering more flexibility and control.”

“BYOI empowers users to leverage the identity systems they trust—whether social logins, corporate credentials, or decentralized identity systems—while maintaining strong security. This user-centric approach meets the growing demand for flexible identity management, allowing individuals to choose their preferred authentication method while ensuring their personal data remains protected. However, it is critical to ensure that the provisioning of these identities is secure, as only then can we fully trust the authentication request.

“As digital identity threats continue to evolve, adopting a comprehensive identity verification (IDV) strategy that incorporates both secure BYOI and robust MFA like FIDO passkeys offers a resilient defense for users and businesses alike. This approach not only ensures a seamless and secure experience but also strengthens the overall integrity of the authentication process, providing trust from start to finish.”

Piyush Pandey, CEO of Pathlock

“A complete identity security solution is no longer a nice to have, it’s a need to have. With the use of AI, malicious actors are generating hyper-realistic deepfakes and sophisticated phishing campaigns, allowing them to steal credentials, assume digital identities, and bypass security measures undetected. Leaving credentials exposed and putting defenders in a constant battle to assess control and contain potential misuse—before it becomes one of the 80 percent of breaches caused by compromised identities.

“Attackers are increasingly abusing identities to launch and spread attacks, with 90 percent of organizations experiencing identity-related breaches in the past year. Because traditional security tools like multi-factor authentication (MFA) are no longer enough to prevent these attacks, it’s critical for security teams to focus on detecting ever-evolving and emerging attacker methods that target both human and machine identities, from network to cloud. With that said, the growing sophistication of hybrid attacks demands the use of AI-powered tools for real-time, behavior-based detection to combat cyber-crime tactics such as phishing-as-a-service (PhaaS) and ransomware-as-a-service (RaaS) models.

“Fortunately, 89 percent of Security Operations Center (SOC) teams plan to integrate more AI in the coming year to replace outdated threat detection methods. Organizations can strengthen their defenses by using this technology to fortify their identity defenses and know when attackers have compromised an account or abused privilege. As attackers continue to gain access through logging in rather than traditional hacking methods, it’s crucial for SOC teams to detect and identify active threats exploiting identities to properly defend their modern network against today’s modern attacks.”

Alex Quilici, CEO of YouMail

“This Identity Management Day, be skeptical, not scared. By now, your identity is already out there. Your phone number, job title, connections, and even your social security number are all publicly available. The genie is out of the bottle, and pretending otherwise only puts you at greater risk.

“The question isn’t how to hide your identity. It’s how to operate safely in a world where your personal and professional information is already exposed. Assume attackers know more than they should. They’re using publicly available data to impersonate company leaders, target employees, and launch social engineering campaigns that feel alarmingly real. Add in voice cloning and AI-generated deepfakes, and the risk multiplies fast.

“Your personal cell phone is often the softest target. It’s the entry point for malware, impersonation attempts, and data exfiltration. And when that device blurs the line between work and personal life, it becomes even more dangerous. This is where tools make a difference. They not only block suspicious calls or scan for anomalies but also give you visibility into what’s being exposed and how it’s being used. The goal isn’t to lock down every piece of information—that’s no longer realistic—but to reduce the blast radius when something goes wrong.

“Stop chasing perfect privacy and focus instead on proactive protection. That means using technology to monitor for threats, automating offboarding to close access gaps, reassigning ownership, rotating credentials, and putting guardrails in place to detect unusual activity early.”

The post Identity Management Day Quotes from Industry Experts in 2025 appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Christoph Nagy, the CEO at SecurityBridge, outlines the three steps companies must take to create an optimized SAP cybersecurity budget. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Any enterprise is subject to cyber-attacks. The details about incidents concerning critical enterprise applications like SAP S/4HANA are often internal, and hence, public awareness is not up to the mark of malware and phishing. As the attacks become more sophisticated, we want to guide you in defining the optimal budget to protect your mission-critical applications.

Everyone is worried about cyber-attacks. Employees responsible for applications and the infrastructure will constantly state they need to do more to strengthen the cybersecurity posture because they are continually competing with hackers. The attackers use more sophisticated techniques, tactics, and processes (TTP), and the defenders must form solid defenses. Admittedly, the phrasing in the last sentence was inspired by the European Football (soccer) Championship.

Today, adequate cyber protection becomes even more necessary because AI provides threat actors with a new efficiency level. Many organizations have acknowledged the technology shift and the subsequent increase in cyber threat potential that negatively impacts enterprise risk management. These companies have increased their budgets and started putting forward a strategy to protect their business application crown jewels, which are operated by SAP’s critical enterprise applications.

Step 1: Create The Asset Inventory For SAP 

Through our interaction with many DAX and Fortune 500 clients, we have learned that global operating enterprises have a challenge keeping track of the complexity and size of their landscape. A common question we ask is, “How many SAP System Identifiers (SIDs) are operating within your organization?” The most common answer is, “We don’t know.” Our reply is, “Then you don’t know how many of those SIDs are internet-facing or how you can ensure they have not been infiltrated.” This short conversation typically causes the person being questioned to break out into a sweat.

In general, the budget requirement will strongly correlate with the number of SIDs and the technical components an organization uses. As the most valuable DAX organization, SAP has released more than 1,000 different products, including many communication components required for integration, such as SAP Router and SAP Cloud Connector, which also build the foundation for secure communication with the SAP Business Technology Platform (BTP).

Once SIDs are identified, organizations can move on to SAP applications and the classification of processed data. This needs to be thoroughly reviewed in Step 2, Risk Management.

Step 2: Active Risk Management and SAP 

With NIS2 becoming effective in October 2024, many organizations in the EU Zone need to implement an active risk management process. It’s essential to analyze and evaluate all individual risks. However, risk management is more than cyber-related; it must consider operative vulnerability and financial impact.

When pinpointing the enterprise-critical applications, SAP quickly becomes a topic of conversation. However, it’s often challenging for the risk management team because SAP assets must undergo the same data and business process analysis and evaluation as other applications. Still, the team does not have a complete understanding of the platform.

It becomes evident that the last penetration test or security audit report is not enough and may be outdated. A more detailed solution is required that helps analyze the complexity of secure configuration, detect malicious activities, and protect against malware. When diving into the rabbit hole of SAP security, many more topics present a point of confusion; these include:

• Authorization concepts such as segregation of duties.

• Identity management.

• Privileged access management.

• Timely and efficient patching of the enterprise application.

It’s important not to get overwhelmed with the fine details—risk management requires continuous re-evaluation and adaptation. Remember the principle of security: 100 percent security isn’t a realistic or desired target, and the early start of security measures significantly impacts your security posture.

Step 3: Define The Optimal Budget For SAP Security 

The first steps in determining a budget are essential. Enterprises must ask how much of their cybersecurity investment is compared to SAP’s yearly license and operational costs. Adding the projected financial impact of attacks, such as denial-of-service, will create a more accurate investment prediction. And don’t overlook the associated damage-of-reputation costs in the financial analysis.

Try to answer which measures should be implemented in the next budget year and calculate the desired investment per SAP SID or production line to get to a precise budget plan. To do so, it is vital to look at answering the following questions:

• How high was the cybersecurity budget in the past year, and which measures have been implemented?

• Focus on the present situation:  Which known vulnerabilities must be resolved?

• Focus on the near future: Are any projects planned to impact the existing security posture?

• Is it necessary to look at SAP security automation?

Conclusion 

Ultimately, it is not the organization with the most significant cybersecurity budget that finds itself best protected. The effectiveness and reasonableness of investment, in correlation with its own individual risk, promote the best defense. In the European Football Championship, successful tournament teams exhibit significant strengths, including defense, midfield, and attack. Similarly, SAP security excels when organizations achieve high maturity levels in various areas, including security monitoring, threat detection, and efficient patch management. Thoughtful planning and configuration are the best defense to eliminate weakness on or off the field.

The post Three Steps Towards The Optimal SAP Cybersecurity Budget appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.