Advanced threats rarely break into infrastructure in obvious ways. In many cases, they remain hidden for months, exploiting blind spots created by unmanaged personal devices (BYOD), applications adopted without the IT department’s oversight (shadow IT), unauthorized access points, or compromised devices operating as part of botnets. As networks evolve into hybrid environments and most traffic is encrypted, the context becomes fragmented and the attack surface expands.

LevelBlue is proud to share that we’ve been shortlisted as a finalist for the 2026 SC Media Awards Europe for our recently launched Resilience Retainer, recognized in the Best Incident Response Solution category. The SC Media Awards Europe program honors organizations that demonstrate outstanding leadership, innovation, and excellence across the cybersecurity landscape.

CertKit is officially out of beta. We started building CertKit a year ago, and since then over 600 people signed up, issued certificates, and deployed to their infrastructure. Several are running it as their production certificate management platform right now. We built a lot during the beta. Some of it we planned: SSO, team management, alerting. Other things, users had to beat into us. The Keystore came from enterprise security requirements to keep private keys in house.

An intern gets admin access to production for a temporary task, but nobody remembers to revoke it. Imagine that intern works at machine speed, never sleeps, and can chain dozens of actions before you’ve read the Slack ping—and has no instinct for when they’re about to do something irreversible.

For many enterprise security teams, audit season feels less like validation and more like reconstruction. Not because they lack logs, and not because their teams are careless, but because their privilege model was never designed to produce a clean, unified story. In Microsoft Entra ID environments, Privileged Identity Management (PIM), works well as long as your world is entirely Microsoft. But no enterprise operates in a single-vendor bubble.

In the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn't just tedious, it’s a drain on your most valuable resource: time. That is why we are introducing Campaign Mode for KnowBe4 Defend. It’s time to stop chasing individual emails and start managing at scale.

Most organizations don’t struggle with managing devices in the beginning. A few laptops, some smartphones and tablets, everything feels under control. The problem starts when things scale. More devices get added. Teams start working remotely. Different operating systems and use cases come into play. Over time, it becomes harder to track what’s connected, what’s updated, and what’s secure. That’s when endpoint management stops being optional.