Sumo Logic Threat Labs -- Customer Brown Bag -- February 26, 2026
Join us as Paul from Sumo Logic's Threat Labs team shares his team's responsibilities and campaign processes, along with real-world threat lab examples.
Nation-State Threat Actors Incorporate AI to Streamline Attacks
Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential components of their operations. The threat actors are using tools to conduct research and reconnaissance, target victims, and rapidly create phishing lures.
Agentic AI Security: MITRE ATT&CK Coverage Analysis in Minutes
LimaCharlie's Agentic SecOps Workspace (ASW) enables true agentic security operations. With us, AI doesn't just advise but actively operates within your security environment. We do this by integrating everything, including AI, on our cloud platform via API. Our approach delivers superior AI security automation capabilities at a fraction of the cost, allowing security teams to scale operations without growing headcount.
Why Finding Vulnerabilities Isn't Enough | NTX ISSA Lunch & Learn w/ Reach Security
Garrett Hamilton, CEO & Co-Founder of Reach, joined Bryce Carter, CISO for the City of Arlington, at the NTX ISSA Lunch & Learn in Plano, TX — a practical, operator-focused discussion with the local security community.
Functionality vs. Aesthetics in AI Models
Functionality vs. Aesthetics in AI Models.
ARMO Behavioral AI Workload Security
AI is not just another workload category. It is the first category of workloads that decides what to do at runtime. And that changes everything about how security must work in the cloud. For years, cloud security evolved around deterministic systems. You deploy code. That code follows defined logic paths. If something unexpected happens, such as a new process, an unusual outbound connection, or privilege escalation, you investigate and respond.
CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
On February 25, 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20127. The flaw arises from a broken peering authentication mechanism in the control-plane authentication workflow. This vulnerability potentially allows a remote, unauthenticated threat actor to bypass authentication and obtain administrative privileges on an affected system.
MSP trends 2026: Creating opportunities in a difficult market
If managed service providers (MSPs) are going to grow as 2026 rolls on, they’re going to have to overcome both new and familiar obstacles in a tough environment. But there is good news for MSPs that are ready to adapt their business models to new market realities. A recent report from Omdia, MSP Trends and Predictions 2026, lays out clearly why MSPs are more likely to struggle to grow in 2026 than they have in past years.
How it feels to track down customer commitments
Most organizations have commitment issues. Like tracking all your customer obligations on sticky notes, Slack threads, email chains, screenshots, whiteboards, and spreadsheets. Why not save yourself the scavenger hunt and, you know, just use Vanta? Customer Commitments is a security intelligence layer that pulls critical SLAs out from legalese, and surfaces the commitments that actually matter with the Vanta AI Agent. Helping you centralize + operationalize every promise—so revenue and reputation aren’t on the line.
Stopping Real-World Attacks: Lessons from the Cyber Frontlines
We went live to break down insights from 661 real‑world incidents remediated by Sophos X‑Ops, as detailed in the Sophos Active Adversary Report 2026. Host Susie Evershed and Sophos Senior Incident Response Analyst Hilary Wood unpacked the key trends shaping today’s threat landscape, including the continued dominance of identity‑driven attacks and the prevention steps that still made the biggest difference.