BLOG

Insights from the ArmorPoint team.

Threat research, operational playbooks, and security leadership.

189 posts · Page 2 of 16

Articles

SIEM Detection Rules Explained: How Tuning Improves Accuracy

Security Information and Event Management platforms are a core part of modern security operations. At the center of every SIEM are detection rules, which help identify suspicious activity, surface threats, and trigger investigations.

5 min read · aburgett
Read more →
Articles

How SIEM Correlates Vulnerability Scanner Data to Prioritize Real Threats

Vulnerability scanners identify weaknesses, but they do not show which ones pose real risk. By ingesting vulnerability scanner data into a SIEM, security teams can correlate vulnerabilities with asset criticality, exposure, threat intelligence, and live security activity. This correlation enables risk-based prioritization, faster remediation, and stronger protection against active threats.

4 min read · aburgett
Read more →
Articles

The Rise of Ransomware as a Service and What It Means for Defenders

Ransomware is no longer a niche threat carried out by a handful of highly technical cybercriminals. Today, it operates as a mature, scalable business model that closely mirrors the structure and efficiency of legitimate software companies.

5 min read · aburgett
Read more →
Articles

What is Rogue Device Detection? Eliminating Blind Spots Across Your Network

Rogue devices introduce hidden risk into otherwise secure environments. ArmorPoint’s rogue device detection continuously monitors network and agent telemetry to identify unauthorized or unmanaged devices as soon as they appear. By revealing blind spots such as personal laptops, unapproved IoT hardware, or malicious devices, organizations gain the visibility needed to respond quickly and reduce exposure before a threat escalates.

4 min read · aburgett
Read more →
Articles

What is a Managed Network Sensor? Deep Network Visibility Explained

Security teams rely on tools like firewalls and EDR to identify suspicious behavior, enforce policies, and protect endpoints. But even with strong controls in place, organizations still face one persistent challenge: network blind spots.…

4 min read · aburgett
Read more →
Articles

How Performance Monitoring Enhances Threat Detection and Reduces MTTR

Security teams are trained to watch for suspicious logins, unusual network traffic, and alerts from security tools. But some of the earliest signs that something is wrong begin long before a SIEM rule fires.…

4 min read · aburgett
Read more →
Threat Intel

Avoiding Credential Theft Attacks During the Holiday Season

The holiday season is one of the busiest times of the year for credential theft attacks. While many organizations prepare for reduced staffing and year-end deadlines, threat actors prepare for something else.…

4 min read · aburgett
Read more →
Articles

Moving Beyond Compliance: How CISOs Can Build Programs That Actually Reduce Risk

Compliance is important, but it does not guarantee security. As CISOs prepare for 2026, the priority is moving beyond audit checklists and building cybersecurity programs that truly reduce business risk.…

4 min read · aburgett
Read more →
Articles

The Top Cybersecurity Threats Law Firms Face

Law firms have long been trusted to handle some of the most sensitive data imaginable—corporate trade secrets, merger details, intellectual property, and private client records.…

6 min read · aburgett
Read more →
Threat Intel

EDR Evasion Tactics on the Rise

Endpoint Detection and Response tools are central to how organizations detect and stop malicious activity. Security teams rely on EDR for real time visibility into endpoint behavior, rapid detection of threats, and automated response actions.…

5 min read · aburgett
Read more →
Articles

Key Cybersecurity KPIs and Metrics to Report to the Boardroom

As cybersecurity becomes a business-critical function, CISOs must communicate metrics that connect technical performance to organizational outcomes.…

4 min read · aburgett
Read more →
Articles

Selling Cyber: Inside ArmorPoint’s Co-Delivery Model

ArmorPoint’s Co-Delivery Model offers a new path for service providers to deliver cybersecurity. Instead of building a costly SOC or reselling someone else’s tools, co-delivery blends the provider’s customer ownership with ArmorPoint’s 24/7 SOC operations.…

6 min read · aburgett
Read more →