Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Managed service providers are under more pressure than ever—protecting multiple clients, managing growing toolsets, and responding to increasingly sophisticated cyber threats. But fragmented solutions, alert fatigue, and limited visibility can slow you down and impact the service your clients rely on. Today’s MSPs need more than just more tools.

Cyber conflict is easiest to misread when we treat it as an isolated technical event. In this episode of Chasing Entropy, Dave Lewis speaks with analyst and author Allie Mellen about her book Code War and why the cyber strategies of the United States, China, and Russia make more sense when viewed through the lens of history, doctrine, and political intent.

Data security budgets are under more scrutiny than ever. When a CISO brings a new tool to the table, finance and the board want to know: What does this buy us, and how do we measure it? Data security posture management (DSPM) is one of the harder investments to quantify on paper, largely because its primary value is risk reduction rather than revenue generation. But that framing undersells it.

If you work with the Australian defence sector, DISP membership is no longer optional. The Defence Industry Security Program (DISP) is a baseline requirement for organisations operating in or supplying into Australian Defence. Most companies still treat DISP in defence as a compliance checkbox, but that approach fails. DISP is about reducing real operational risk across the supply chain.

A few practical improvements this week, mostly driven by what we’re learning as customers deploy CertKit into larger infrastructures.

The OWASP Top 10 for Agentic Applications defines the most common AI agent risks, but real attacks unfold across multiple stages of behavior. Behavioral analytics detects those risks by modeling how users, AI agents, and their interactions change over time. By observing deviations across inputs, processing, and outputs, security operations teams can identify insider‑driven and agent‑driven threats that traditional, event‑based detection misses.

Picture the first meeting after a serious security event. The Security Operations team is talking about alerts, detections, and lateral movement. Threat Intelligence is talking about adversary tradecraft and known campaigns. Governance and Risk is talking about control gaps, exposure, and business risk. And leadership? They only care about how bad this event is, and what the team is doing about it. Security teams often agree on the mission: deter and stop threat actors at all costs.

OWASP Penetration Testing is a specialized type of security testing that focuses on attack vectors and vulnerabilities listed in OWASP Top 10. An organization’s security landscape is complex, and thus it is essential to test the organization’s security measures to ensure that they are working correctly. OWASP’s (Open Web Application Security Project) compiled a list of the top 10 attacks named OWASP Top 10 for multiple technologies such as Web Applications, Cloud, Mobile Security, etc.

On average, Astra Security detected 5.33 vulnerabilities per minute in 2025, which is more than 7,000+ vulnerabilities per day in live environments. That’s the brutal math of the Modern attack surface. Without proper pentesting, each deployment cycle introduces multiple entry points for hackers, and each overlooked endpoint increases the risk of cyberattack.

If you are not using AI to defend against AI, you will lose. But for organizations operating in air-gapped environments, the path to AI-driven defense can be blocked by the very isolation that protects them. Today, we're announcing that Elastic Security is now the embedded security layer for Google Distributed Cloud (GDC) air-gapped environments, expanding our collaboration with Google Cloud.