Secure by Design is a software development philosophy that treats security as a foundational requirement rather than an afterthought.

Instead of building a product first and bolting on security fixes later, Secure by Design demands that security considerations are embedded into every stage of the development lifecycle — from architecture and design through coding, testing, deployment, and maintenance.

The core idea is straightforward: If you build something securely from the ground up, your users are protected by default rather than only when they know how to flip the right settings or when security gaps are fixed after the fact.

In practical terms, this means adopting several core security principles:

• Least privilege ensures that processes, agents — AI or otherwise — containers, and system services receive only the minimum access they need.
• Secure defaults make sure products ship with the safest configuration enabled out of the box.
• Defense in depth layers multiple security controls so no single failure becomes catastrophic.

And organizations can further strengthen resilience by eliminating entire classes of vulnerabilities through safer languages, frameworks, and design patterns.

Why was the Secure by Design approach introduced?

For decades, many players in the technology industry operated under a “ship fast, patch later” model. One consequence of that legacy is that cybersecurity can be seen as just a cost center — something that slows releases and frustrates developers. The impacts are playing out in real time: constant vulnerability disclosures, rushed emergency patches, and breaches that drain billions from organizations while exposing the personal data of hundreds of millions of people.

The Ivanti Connect Secure vulnerabilities, the Log4Shell exploit in a ubiquitous open-source library, and the MOVEit Transfer vulnerabilities all demonstrated that reactive security simply cannot keep pace with determined adversaries.

Recognizing this imbalance, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) — together with international partners — published formal Secure by Design guidance in 2023, urging technology manufacturers to take ownership of their customers’ security outcomes.

Secure by Design principles argue that the burden of security should rest with the vendors who build technology products, not the end users who deploy them. This requires vendors to rethink how they prioritize speed and additional features, and to treat security as a core design requirement rather than a bolt-on enhancement. The shift moves the industry away from blaming users for failing to patch promptly and toward holding manufacturers accountable for shipping products that are secure from day one — even if that means slowing feature delivery or re‑engineering legacy approaches to reduce systemic risk.

Why Secure by Design matters most for cybersecurity solutions

It’s a striking reminder that even security tools can sometimes become the entry point for an attack. Yet it happens with alarming regularity.

This highlights a critical weakness for many organizations: Once a perimeter device is exposed, attackers will keep coming back to it repeatedly until it is fully secured. Firewalls and other edge systems can remain vulnerable even after a fix is available. Across all confirmed exploited vulnerabilities in recent analysis of incidents Sophos remediated, the median time between a vendor publishing an advisory or patch and an attacker exploiting that flaw was 322 days — almost a full year of opportunity for adversaries. Cybersecurity vendors can’t assume users are going to patch immediately.

The privileged position problem

Cybersecurity tools operate in the most sensitive and privileged parts of an organization’s infrastructure. Endpoint detection agents run with kernel-level access. SIEM platforms ingest logs from every system. Identity providers hold the keys to every account. Firewalls sit at the boundary between trusted and untrusted networks.

When security products sit at the heart of an organization’s defenses, they carry a heightened responsibility to follow Secure by Design principles. Vendors in our industry play a critical role in protecting customers, and that trust comes with expectations around how products are engineered.

This privileged position means that a vulnerability in a security product doesn’t just expose itself, it exposes everything it was designed to protect. An attacker who compromises an endpoint detection and response (EDR) agent doesn’t just own one tool — they own the endpoint with the highest privileges. A flaw in a VPN appliance doesn’t just break remote access, it hands an adversary a direct tunnel past every perimeter control.

What happens when Secure by Design is ignored? 

The consequences of neglecting Secure by Design principles are well-documented and, if not followed properly, leave businesses, users, and the internet as a whole less safe.

• Escalating breach costs. When vulnerabilities are discovered post-release, fixing them is exponentially more expensive than addressing them during development.
• Erosion of trust. Customers, regulators, and partners lose confidence in organizations that suffer repeated security incidents. Reputation damage can outlast the technical remediation by years.
• Regulatory and legal exposure. Governments worldwide are tightening cybersecurity regulations. The European Union’s Cyber Resilience Act, for example, will impose mandatory security requirements on products with digital elements sold in Europe. Organizations that ignore Secure by Design principles risk non-compliance, fines, and market exclusion.
• National security risks. Critical infrastructure — power grids, water treatment, healthcare systems — increasingly relies on internet-connected devices and systems. Insecure-by-default products in these environments create openings for state-sponsored adversaries and ransomware operators, with potential consequences that could upend someone’s everyday life.
• Perpetual patch fatigue. Without secure foundations, organizations are trapped in a reactive loop: scanning for vulnerabilities, prioritizing patches, testing updates, and deploying fixes — repeatedly. This drains resources that could be spent on deeper cybersecurity investigations.

Sophos’ commitment to Secure By Design 

On May 8, 2024, Sophos became one of the first organizations to commit to CISA’s Secure by Design initiative, which focuses on seven core pillars of technology and product security:

1. Multi-factor authentication.
2. Default passwords.
3. Reducing entire classes of vulnerability.
4. Security patches.
5. Vulnerability disclosure policy.
6. CVEs.
7. Evidence of intrusions.

Aligned with our core organizational values around transparency, Secure by Design has been a guiding force as we continually evaluate and improve our security practices.

We published our pledges for improvement and publicly share the progress we are making against the seven core pillars of the Secure by Design framework. Of course, cybersecurity is constantly evolving and the job is never “done.” Continuing to refine and enhance the application of Secure by Design principles across our portfolio is an ongoing — and central — part of our ethos.

In just one example, the latest version (v22) of Sophos Firewall further extends the Secure by Design capabilities of the solution, including:

• A new Health Check feature to reduce the risk of a misconfiguration leading to a potential attack.
• An all-new containerized control plane re-architected for maximum security and scalability that eliminates a whole class of vulnerabilities.
• The addition of a Sophos XDR Linux Sensor enables real-time monitoring of the system integrity of our entire customer base by our own security teams to identify and respond to attacks more quickly.
• Firmware updates that are encrypted and certificate-pinned for authenticity.

Together, the changes in v22 and previously delivered capabilities in Sophos Firewall strengthen forensic visibility, logging, and protective monitoring. These enhancements also support closer alignment with many of the areas covered by the U.K.’s National Cyber Security Centre’s guidance for network devices.

Additionally, our work in the Pacific Rim campaign gave us a front‑row view into how determined, well‑resourced threat actors operate — and what it really takes to defend against them. The campaign reinforced that adversaries aren’t waiting for weaknesses to appear; they’re actively hunting for design shortcuts, configuration gaps, and unpatched systems across global infrastructure. That experience directly shaped our Secure by Design approach.

It underlined that modern defenses must start with reducing the attack surface at the product level, building in strong defaults, tightening authentication paths, and eliminating opportunities for misuse long before a vulnerability ever makes it into the wild.

The path forward 

Secure by Design doesn’t eliminate all vulnerabilities, nor does it absolve organizations from ongoing vigilance. But it has become a fundamental foundation to cybersecurity for reducing the attack surface. The question is no longer whether Secure by Design is a good idea. It is how quickly it is adopted.

Source: Sophos

In our industry, trust isn’t an abstract concept. It’s the currency of cybersecurity – the foundation of every partnership we build and every protection we provide.

However, a recent independent, vendor-agnostic survey of 5,000 cybersecurity decision-makers across 17 countries reveals a stark reality: we’re facing a trust crisis.

According to our findings in Sophos’ Cybersecurity Trust Reality 2026 report, only 5% of respondents say that both they and their organization have full trust in their cybersecurity vendors.

That’s a number that should serve as a wake-up call for our entire industry.

The high cost of low trust

Assessing trust is inherently difficult. Our research shows that 79% of organizations find it challenging to assess the trustworthiness of new cybersecurity partners, and 62% struggle even with their existing vendors.

The consequences of this uncertainty are tangible. When trust is absent, anxiety fills the void.

We found that 51% of leaders believe a lack of trust leads to anxiety that their organization is more likely to experience a significant cyber incident. Furthermore, 45% say it increases their propensity to switch vendors, and 42% cite an increased requirement for oversight.

What actually drives trust?

To bridge this gap, we’ve got to understand what actually builds confidence. The survey identified the top drivers of trust for both IT teams and senior leadership, and the results were clear. It’s not about marketing claims, it’s about evidence.

1. Verifiable artifacts: The number one driver of trust is the presence of verifiable artifacts indicative of cybersecurity maturity, such as an active bug bounty program, a Trust Center with security advisories, and third-party certifications.
2. Transparency in crisis: The second most critical factor is transparency and timely communications during incidents and disclosures.
3. Expertise and delivery: Following closely are expert commentary during major cyber events, the consistent delivery of high-quality services, and validation through analyst reports.

Our commitment to you

At Sophos, we understand that trust is built, not claimed. We’re committed to earning that trust through transparency, integrity, and a steadfast commitment to protecting your security and privacy.

We’ve aligned our operations directly with these drivers of trust:

Transparency by default: We believe in radical transparency. A prime example: our “Pacific Rim” research, where we provided a full, detailed disclosure of a five-year investigation into China-based threats targeting perimeter devices. We disclosed the timeline, the attack vectors, and exactly how we responded at every stage.

Verifiable maturity: We maintain a comprehensive Trust Center to provide you with the artifacts you need to assess our security posture. We also adhere to leading compliance standards, including ISO, SOC, and PCI DSS.

Secure by Design: We’ve outlined our progress and public commitments under CISA’s Secure by Design pledge, which focuses on seven core pillars including MFA, eliminating default passwords, reducing classes of vulnerabilities, and more. This initiative is an ongoing, industry-wide shift rather than a one-time effort, and we commit to providing regular, open updates on our progress and areas for improvement.

Trust is hard to earn and easy to lose. By prioritizing transparency, third-party validation, and consistent execution, we aim to ensure that when you partner with Sophos, you can do so with complete confidence.

I invite you to review the full findings of our research and visit our Trust Center to see exactly how we’re working to secure your world.

Source: Sophos

Fortra, a global cybersecurity software and services provider, announced today the acquisition of Zero-Point Security, a specialized cybersecurity training firm based in Warrington, UK. This will expand Fortra’s offensive security education capabilities, bringing additional expertise in red team operations, adversary emulation, and penetration testing training. Zero‑Point Security is widely recognized for its trusted red team operations training and has built a strong reputation delivering its high-demand, self-paced courses to individuals and businesses seeking advanced offensive operations skills.

Organizations today operate under a substantial number of IT and cybersecurity compliance obligations. By defining requirements for areas such as access control, incident response, encryption, governance, and vendor management, compliance standards help reduce the likelihood and impact of cyberattacks, support regulatory and legal obligations, and build trust in digital ecosystems.

5,000 IT and cyber leaders share their compliance experiences

To shine a light on the IT and cybersecurity compliance reality facing organizations today, Sophos commissioned an independent survey of 5,000 IT and cybersecurity leaders across 17 countries and a broad range of public and private sector industries. Conducted in early 2026, key findings include:

• Multiple regulatory obligations: Respondents report adhering to 5 compliance standards on average (median), underscoring the breadth of regulatory obligations across regions and industries.
• Widespread non-compliance concerns: 82% of leaders are concerned that their organization may not be fully compliant with all necessary regulations and requirements, with almost a quarter (24%) very concerned. Just 18% report being unconcerned about their compliance status.
• Significant resourcing overhead: 39% of the IT and cybersecurity team’s time is spent on compliance-related activities.
• Difficulties keeping up: 79% of organizations find it challenging to keep with changes in compliance requirements, with 19% saying it is “very challenging.”
• Smaller businesses are disproportionately impacted: Smaller companies facing a similar volume of compliance frameworks as larger ones but with fewer resources and expertise to deliver them.

Industry and geography play a role

Across 17 countries in the Americas, EMEA and Asia Pacific and 15 different industries, the most cited regulations include:

• ISO 27001/2: 51.2% of respondents
• GDPR: 40.4% of respondents
• CIS: 29.7% of respondents
• NIST CSF: 23.8% of respondents
• PCI DSS: 23.1% of respondents
• HIPAA: 21.7% of respondents
• DORA: 19.8% of respondents
• NIS2: 16.1% of respondents

While these represent the most frequently cited standards overall, adoption varies significantly by industry and region.

For example, 66% of organizations in the distribution and transport sector cited ISO 27001/2, compared with 38% in state and local government. Similarly, 60% of businesses in Spain aim to comply with ISO 27001/2, compared with 35% in Mexico, and 30% of organizations in the U.S. comply with NIST CSF, compared to 13% in Australia.

Compliance today: Three key takeaways

The survey findings show that the compliance burden on organizations is high and maintaining compliance is an ongoing challenge. Key takeaways for IT and cybersecurity leaders include:

Compliance complexity is outpacing IT capacity

Maintaining compliance with one regulatory standard is tough, managing compliance across five is a huge task for any organization. Many frameworks require similar information, resulting in high levels of duplicative work for those involved. And with eight in 10 organizations (79%) finding it challenging to stay up to date with changes in compliance requirements, it’s clear that IT and cybersecurity teams are struggling to keep up.

Compliance has a major impact on resourcing

Compliance‑related activities can range from understanding regulatory requirements and implementing required controls, to reporting adherence status. With two fifths of the typical IT and cybersecurity team’s time dedicated to compliance efforts, it’s essential that organizations put in place the right level of resourcing to meet their compliance obligations and the wider IT and cybersecurity needs of the business.

Lack of visibility creates compliance and security blind spots

It’s not enough to think you are compliant — you need to know that you are. However, with 82% of IT and cybersecurity leaders concerned that they may not be fully compliant with all necessary regulations and requirements, it’s clear that teams are lacking the visibility they need to be sure of their compliance status. Without full visibility, organizations also run the risk of being blind to security and operational gaps that increase their risk of experiencing cyber incidents and data loss.

Maintaining ongoing compliance with multiple regulatory and compliance standards is a major undertaking for all organizations, and particularly for smaller businesses who are disproportionately impacted by the financial overhead of hiring in additional headcount to manage multiple, evolving regulations. With compliance requirements likely to grow in volume and complexity, organizations should consider how best to support their ongoing compliance obligations, including the possibility of working with external specialists who can provide expertise and resourcing support.

 Source: Sophos

Sophos has been named a 2026 Gartner® Peer Insights™ Customers’ Choice in the 2026 Gartner® Peer Insights™ Voice of the Customer for Managed Detection and Response (MDR).

This marks our second Gartner Peer Insights Customers’ Choice distinction of 2026, coming off the heels of Sophos’ fifth consecutive Customers’ Choice for Endpoint Protection Platforms in January 2026.

Since Gartner began generating Voice of the Customer (VoC) reports for the MDR category, Sophos has been recognized as a Customers’ Choice vendor in every iteration of the report. This recognition is based directly on customer feedback, and we’re truly thankful to our customers for taking the time to share their experiences.

In the 2026 VoC report for MDR, Sophos has an overall rating of 4.8 / 5.0 based on 290 reviews, making Sophos the most-reviewed vendor in the report. To go with this, customers rated Sophos with a 95% Willingness to Recommend score.

We believe these results reflect Sophos’ mission to deliver superior cybersecurity outcomes for our customers through powerful, comprehensive end-to-end solutions.

Recognition driven by real customer experiences

Gartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. We feel being named a Customers’ Choice reflects both high overall ratings and strong willingness to recommend, consistently validating Sophos’ commitment to customer success.

We are incredibly grateful to our customers worldwide for their continued trust and feedback, which directly contribute to shaping and improving Sophos’ solutions.

Here are some examples of what customers had to say about Sophos MDR: 

“Our overall experience with Sophos MDR has been very positive. The team monitors our infrastructure 24×7 and alerts us to any malicious activity. This service is not only helping us to stay protected but also reducing the burden on our internal team.” –Cloud Support Engineer in the Software Industry (review link).

“Sophos MDR has dramatically reduced our cyber risk by cutting incident response times from days to hours. The 24x7x365 monitoring and remediation service has proven its worth multiple times, identifying and stopping active attacks before any damage can be done.” –IT Manager in the Manufacturing Industry (review link).

“The Sophos MDR service is an exceptionally great product altogether. It is extremely suitable in these tough times of cybersecurity issues which are growing and getting more and more complex.” –IT Manager in the IT Services Industry (review link).

“We have been using Sophos MDR to protect our organization’s endpoints and servers and it has been a game changer. Their team is constantly monitoring, quickly identifying issues and fixing them. They make my job easier.” -Manager of IT Services in the Government Industry, Gov’t/PS/ED (review link).

Source: Sophos

In everyday conversations, “AI and data security” tends to blur two big ideas together: using AI to strengthen traditional security measures and applying standard protections to the vast amounts of data organizations already manage. AI data security, however, tells a more focused story. It’s about safeguarding the data that fuels AI and machine learning (ML) itself. This would encompass the training data that shapes its intelligence, the inputs it analyzes in real time, and the outputs it generates. In other words, it’s not just about keeping data safe in an AI-enabled world; it’s about protecting the very lifeblood of AI systems.

AI for security = AI improving security tools and processes

AI data security = Protecting data used by and produced by AI systems

However, security has struggled to keep pace with the rapid integration of AI across business operations. Models are being deployed faster than security frameworks can adapt, often pulling from massive, sensitive datasets without adequate controls in place. This gap has widened the attack surface, increasing the risk of data exposure and enabling more sophisticated threats. When safeguards fall behind innovation, the consequences ripple outward, creating downstream risks that include compliance violations, loss of customer trust, compromised decision-making, and long-term damage to organizational resilience. AI’s promise is powerful, but without security evolving alongside it, that promise can quickly turn into liability.

How Is Data Used in AI? 

Data is central to every stage of AI growth. During training and testing, AI models learn patterns and behaviors from large datasets, which may include structured internal data like business records as well as external data such as public text, images, or sensor inputs. Once deployed, AI systems continuously process new data to generate predictions, recommendations, or automated actions in real time. Over time, additional data is used to retrain and refine models, helping them adapt to changing conditions, improve accuracy, and bias.

Learn more about how: Your AI Model Might Not Be Worth Using – Without the Right Data Security in Place

Threats to AI Data

AI data faces a growing range of threats as models become more powerful and more widely deployed. Attackers may attempt data poisoning, model inversion, or adversarial attacks to manipulate training data, extract sensitive information, or distort model behavior, while automated malware uses AI itself to scale and adapt attacks faster than traditional defenses can respond. Risks also emerge from within, as rushed deployments, weak governance, and generative AI misuse can expose sensitive data through prompts, outputs, or unintended model behavior. Combined with privacy breaches, compliance violations, and prompt injection attacks, these threats highlight why securing AI data requires more than traditional controls. AI data demands safeguards designed specifically for how AI systems learn, operate, and evolve.

Data Security Use Cases with Fortra

Fortra’s platform is a way to layer multiple data security controls, including file transfer protection, classification, encryption, email security, DLP tuning, secure collaboration, and cross‑network transfer controls. These solutions address real‑world risks like ransomware, data leakage, and compliance violations. Here are a few ways Fortra protects your data:

• Add security layers to file transfers (managed file transfer with malware scanning, redaction, and blocking of sensitive files).
• Protect and control files wherever they travel, so policies and protections follow the data, not just the device or network.
• Label, protect, and encrypt data wherever it goes using classification plus encryption and access controls.
• Send outbound emails securely, reducing the chance of sending sensitive data to the wrong people or in the wrong format.
• Improve DLP accuracy and cut false positives by enriching DLP with better classification and policy context.
• Share files only with authorized users and prevent further sharing, even in cloud collaboration environments.
• Move large, sensitive files between secure networks while checking for both data exfiltration and incoming threats.

How Are AI Models Secured? 

Securing AI model training and deployed AI models requires a security‑by‑design approach that protects data at every AI stage. During training, strong posture management, encrypted data storage, and a secure AI SDLC help reduce risk from the outset. Once models are deployed, input and output validation, continuous monitoring, adversarial training, and red‑team testing are essential for detecting manipulation and misuse. Cross‑functional governance ensures these AI data security best practices remain effective as models evolve, scale, and integrate into business operations.

AI Data Security Best Practices

Regulatory compliance and ethical AI use are tightly connected, especially as AI systems increasingly handle sensitive personal data governed by laws like GDPR and CCPA. As users share more personal and confidential information with AI tools, protecting that data becomes critical — not only to meet regulatory requirements, but to maintain trust and prevent misuse. At the same time, the data an AI model is trained on and prompted with directly influences how it behaves, making strong data governance essential for ensuring AI outcomes remain fair, compliant, and ethical.

The Security of AI

AI data security is about protecting the data used by and generated from AI systems, not just using AI to improve traditional security. AI relies on data throughout its lifecycle making that data a high‑value target for attackers and growing threats such as data poisoning, model inversion, prompt injection, generative AI misuse, and AI‑powered cyberattacks. It is imperative that securing both AI model training and deployed models through practices like posture management, encryption, continuous monitoring, adversarial testing, and cross‑functional governance are implemented.

Source: Fortra

Many organisations take a phased approach to deploying password managers, starting with IT and security teams and planning to expand later. This approach is often shaped by practical constraints such as budgets, licensing and the need to balance competing priorities.

Partial cybersecurity coverage leaves organisations exposed to breach paths that are actively exploited. When only part of the workforce is protected, compromised credentials, shared access and unmanaged accounts become easy entry points for external attackers, malicious insiders and third-party misuse.

Teams under pressure create workarounds to keep business moving, such as sharing credentials insecurely, retaining admin rights longer than necessary or spinning up unmanaged tools and accounts. These practices increase the likelihood of credential theft, privilege escalation and lateral movement, which are common stages in modern breaches.

These situations don’t happen because security policies are ignored. They happen because security controls haven’t yet scaled to reflect how access is actually used across the organisation. Until coverage is complete, attackers can exploit inconsistencies, turning temporary gaps into breaches with lasting impact.

The downfall of partial password security coverage

Partial password coverage doesn’t reduce risk — it merely shifts it. Attackers bypass well-defended user accounts and target unmanaged or weakly governed privileged access instead. From an attacker’s perspective, areas of an organisation’s architecture that are unmanaged or only partially managed are far easier to exploit than tightly controlled administrator accounts. Without complete visibility, elevated access can quietly become the most direct path to broader system compromise.

Partial coverage helps organisations get started, but it doesn’t go far enough. Password management protects individual users, while privileged access across shared systems, infrastructure and cloud environments requires a higher level of control.

This is where KeeperPAM® becomes the natural next step. Privileged access requires more advanced controls, such as managing shared administrator accounts, enforcing time-bound access and maintaining clear audit records. Capabilities like Just-in-Time access (JIT), session recording and centralised visibility become increasingly important as environments grow.

By extending visibility across infrastructure, applications and cloud environments, KeeperPAM helps organisations close the gaps that often appear as password management programs mature.

A scalable way forward

As organisations mature, early decisions around access controls need to be revisited. Many teams are moving away from evaluating fragmented tools and toward treating identity security as a connected system. They are choosing one platform that can scale over time without adding unnecessary cost or operational complexity.

Keeper is designed to support the natural progression that comes with business growth across any industry. Keeper Enterprise Password Manager makes it easier to extend credential protection beyond IT, enabling organisations to broaden coverage while keeping deployment seamless and license provisioning straightforward. From there, KeeperPAM builds naturally on that foundation, securing privileged access to servers, databases and cloud environments without relying on shared administrator credentials.

Because KeeperPAM operates on the same zero-trust security platform, organisations can extend privileged access controls without rearchitecting their security stack or adding new infrastructure. Teams can start quickly and scale at their own pace, rolling out role-based access, session visibility and audit-ready reporting in line with phased deployments and budget requirements. By unifying password management and privileged access management, organisations close critical gaps, reduce reliance on shared credentials and strengthen audit readiness without adding complexity.

In identity security, progress doesn’t have to mean compromise. With the right foundation, organisations can evolve their programs in a way that balances cost, coverage and risk. Consolidating the tech stack and moving toward a single platform to secure credentials, secrets, connections and endpoints enables faster organisation-wide deployment and provides access to all cybersecurity tools in one unified vault.

Source: Keeper Security

G2 has published its Spring 2026 Reports, and customers once again ranked Sophos as a top security vendor.

Sophos is ranked as the #1 Overall solution in Endpoint Protection Platforms (EPP), Managed Detection and Response (MDR), Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), and Firewall Software.

Speaking to the power of our platform, Sophos is named as a Leader for the 15th consecutive time across every G2 Overall Grid® that defines modern security operations: Endpoint Protection Platforms, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software, and Managed Detection and Response (MDR).

These recognitions come from verified peer review and reflect what security teams value most: faster time to outcome, simpler operations, and the confidence of a platform that scales from prevention to managed response.

Managed Detection and Response 

In addition to being the #1 Overall ranked MDR solution, Sophos MDR was named the #1 solution among the Enterprise and Mid-Market customer segments. Sophos MDR also earned the Best Results and Best Usability distinctions among both Enterprise and Mid-Market customers.

Endpoint

The Spring 2026 Reports marks the first time Sophos Endpoint was recognized as the #1 Overall solution across EPP, EDR, and XDR. In total, Sophos Endpoint was ranked #1 in 37 total reports across these 3 categories. The Sophos XDR platform earned the Best Usability, Best Results, Best Relationship, and Most Implementable distinctions – a testament to its industry-leading security outcomes and customer experience.

Firewall

The G2 Spring 2026 Reports marks Sophos Firewall’s 13^th consecutive #1 Overall Firewall ranking. It’s also the third consecutive G2 Seasonal Report where all customer segments (Enterprise, Mid-Market and Small Business users) rated Sophos Firewall as the #1 solution. Sophos Firewall also earned the Overall Best Results, Best Usability, Best Relationship, and Most Implementable badges.

What Sophos customers are saying

“One of the most trustworthy endpoint security products” said a user in the Mid-Market segment.

“I like Sophos endpoint for its strong real time protection ransomware defense and centralized management through Sophos central” said a user in the Small Business segment.

“Total peace of mind with Sophos MDR: 24/7 security and clear alerts” said an Infrastructure Security Analyst in the Mid-Market segment.

“[Sophos MDR’s] 24/7 security coverage provides continuous monitoring and alerts us promptly to any suspicious activity, ensuring our network’s safety and allowing us to track and resolve issues efficiently” said a user in the Mid-Market segment.

“The advanced threat protection features like Intrusion Prevention, Web Filtering, and Sandstorm make Sophos Firewall a powerful tool against both known and unknown threats” said an IT Infrastructure Manager in the Mid-Market segment.

“What I like best about Sophos Firewall is its strong security features combined with an easy-to-use interface, making it simple to manage threats, monitor traffic, and protect the network without complex configuration” said a System Security Administrator in the Mid-Market segment.

For more information on our services and products, speak to your Sophos partner or representative and visit our website.

Source: Sophos

If 2024 was the year AI reshaped IT operations, 2025 was the year Autotask brought it all together.

From smarter billing and automated ticketing to a modernized interface designed for the way you work today, this year’s releases delivered some of Autotask’s most impactful improvements yet. And IT teams took notice, with top-tier recognition from G2, Capterra and Software Advice underscoring Autotask’s position as a leader in PSA software.

Here’s a look back at the innovations that made 2025 one of Autotask’s biggest years ever — and how they help teams save time, reduce friction and run more profitable, scalable IT services businesses.

A smarter way to manage client relationships: Umbrella Contracts

Managing multiple agreements for the same client has long been one of the most complex aspects of running an IT services business. In 2025, we changed that.

Umbrella Contracts, introduced in the 2025.5 release, give you one unified container for everything — managed services, time and materials, project work and more — so you can manage client agreements holistically instead of hunting across multiple contract screens.

Why customers love it

• One contract, total clarity: View every service, change and activity in one place. No more jumping between separate agreements.
• Cleaner billing with fewer errors: In-frame drawers, inline editing and advanced table filters turn contract management into a streamlined workflow, not a scavenger hunt.
• Roll out at your pace: Use Umbrella Contracts for new clients immediately while keeping existing agreements intact until you’re ready to migrate.

It’s simpler, more organized and reduces risk — which means more predictable billing and better client conversations.

A modern Autotask experience: The new UI arrives

Autotask’s biggest visual and usability transformation in more than a decade launched in 2025. Built on the Kaseya Design System, the new interface delivers a cleaner, more intuitive experience that reduces clicks, maintains context and helps technicians stay focused.

What changed

• Collapsible left navigation for more screen space and faster access
• Reorganized top navigation with simplified icons
• Improved search, with global search coming soon
• Refreshed dashboards with drag-and-drop widget resizing
• Updated Worklist panel to keep priorities front and center

The new UI eliminates friction and supports how modern service teams work. Whether you’re managing projects, reviewing tickets or billing clients, everything feels faster, clearer and more consistent across the entire IT Complete platform.

This refresh is just the first step — with more streamlined grids, inline editing, enhanced previews and bulk updates coming next.

Source: Datto

As Artificial Intelligence (AI) agents become more autonomous by accessing critical systems and acting without real-time human oversight, they are evolving from productivity tools into active Non-Human Identities (NHIs) like service accounts or API keys that require the same oversight and controls as human users. This shift expands organizational attack surfaces, introducing new security risks related to overprivileged access and lateral movement of NHIs across cloud infrastructure. When AI agents are compromised, cybercriminals may exploit prompt injection to manipulate an agent into executing unauthorized actions, stealing credentials or moving laterally across cloud environments.

To keep up with these challenges, organizations must rethink how zero-trust security applies to autonomous AI agents. The Model Context Protocol (MCP) introduces a context-driven framework for governing how AI agents access tools and data by emphasizing identity, access and intent, helping organizations apply zero-trust principles to the forefront of every machine-driven interaction.

Continue reading to learn more about MCP, how it enables zero-trust principles and how Keeper^® enables zero trust for AI agents.

What is the Model Context Protocol (MCP)?

The Model Context Protocol (MCP), an open standard introduced by Anthropic, is designed to securely govern how AI agents autonomously access tools, data and systems in enterprise environments. Instead of allowing AI agents to operate with static or broad access controls, MCP emphasizes embedding context into every request an AI agent makes. For example, rather than granting an AI agent blanket read access to an entire database, MCP can evaluate whether a specific query, at that moment and for that task, should be permitted, retrieving only the specific access role required. This structure ensures that AI actions are transparent and aligned with organizational policies and security requirements.

MCP plays an important role in contextualizing and controlling AI agent behavior in real time. By embedding context into every interaction, MCP helps organizations continuously verify NHIs with least-privilege access and risk-based decisions, mitigating modern AI-specific attack vectors. A context-aware approach enables security teams to evaluate who or what is requesting access, as well as why and how the request is being made. As a result, MCP helps transform AI agents from high-risk identities into governed entities that work within a zero-trust environment, enabling organizations to scale AI adoption without jeopardizing safety or visibility.

How MCP enables zero-trust principles in AI workflows

Traditional zero-trust security models were made for human users, not autonomous AI agents that compromised workflows can influence. Without continuous identity verification, AI agents may unknowingly act on malicious instructions, reuse exposed credentials or create ideal conditions for privilege escalation and lateral movement. The MCP extends zero-trust principles to AI-driven workflows by ensuring each action is continuously verified, tightly controlled and fully auditable. With MCP, each request an AI agent makes is assessed based on context, including identity, task and environment, to adapt to changing conditions. For example, a DevOps AI agent deploying code may be limited to a specific environment for a set period, while a customer support AI agent may access only the customer records necessary to resolve a ticket. If an agent’s task or scope changes, access can be revalidated or revoked, reinforcing continuous verification.

This approach to real-time authentication limits credential exposure, preventing AI agents from accessing systems beyond their intended purpose. Time-limited access for AI agents reduces credential exposure while enforcing least-privilege access across environments. In addition, MCP enhances visibility and accountability by enabling contextual logging of autonomous actions, which security tools can use to support session recording, auditing and incident response.

Securing AI agent workflows with KeeperPAM

Although MCP defines how context should be applied to AI interactions, organizations still need Privileged Access Management (PAM) solutions to enforce zero-trust principles. KeeperPAM^® secures AI-driven workflows by combining context-aware controls, zero-knowledge encryption and policy-based automation without exposing credentials or disrupting operations.

Building AI systems you can trust

As AI agents become embedded across enterprise environments, zero-trust security is crucial for maintaining secure, autonomous, machine-driven access. The MCP introduces a foundational context layer needed to continuously verify AI agents’ identities, intents and access at scale. To enhance modern security postures, organizations need zero-trust controls within a strong PAM solution that integrates with MCP. With its MCP integration, KeeperPAM delivers the privileged access and secrets management required to securely enable AI-driven workflows without exposing credentials or losing visibility.

Start your free trial of KeeperPAM today to secure AI agents with zero-trust security across your organization.

Source: Keeper

Most IT teams are doing impressive work under difficult conditions. Tickets get closed. Systems stay online. Users are supported. On paper, everything is functioning.

And yet, there’s a persistent feeling that progress is harder than it should be.

As expectations for faster, more consistent and more scalable IT service delivery rise, many teams are starting to feel overwhelmed. Too much time is still spent on manual documentation, repetitive service tasks and disconnected processes that slow response times and pull focus away from higher-impact, proactive work.

The natural assumption is that demand exceeds the team’s ability to keep up. More endpoints, more users, more complexity — surely the answer is more people.

But for many IT organizations, the challenge isn’t just a headcount numbers game. The real limitation is how much of the day is still consumed by manual, repetitive work.

Manual workloads quietly become the bottleneck

Manual, repetitive work rarely shows up as a red flag. It blends into the background of daily IT operations. A technician copies information from one system into another. Someone searches for documentation that exists — just not where they need it.

Each instance may seem minor, or even necessary, on its own. But over time, they accumulate. As IT environments grow more complex, manual tasks multiply, context becomes increasingly fragmented and resolution paths stretch longer than they should.

What used to feel manageable starts to feel overwhelming, simply because every task takes more effort than it should. This is the tipping point where managing manual workloads stops being routine and start becoming a liability.

Why manual repetitive work becomes technical debt

As IT environments evolve, processes built for speed eventually fall behind. Teams compensate by relying on workarounds, institutional knowledge and manual effort instead of consistent systems.

The cost isn’t obvious at first. However, over time, it shows up as:

• Longer resolution times for routine issues
• Inconsistent outcomes between technicians
• Burnout among the people who know the environment best
• Increased risk from missed steps and missing context

Over time, those manual tasks become a form of technical debt that IT teams struggle to escape. Technicians feel the debt first

Technicians are on the front lines, and they feel the burden most. A significant portion of their day is often spent searching for information across fragmented systems or recreating work because documentation is missing or outdated. Instead of resolving issues, they’re stuck navigating disconnected tools and repetitive, manual tasks.

Over time, this erodes momentum. Skilled technicians spend their days executing processes instead of improving them. The job becomes about keeping up rather than moving forward.

This is usually the first signal that manual work has crossed the line from “how things are done” to “what’s holding us back.”

Managers see the impact when scale stops working

For IT operations leaders, the consequences of manual workloads surface differently.

Scaling IT effectively requires more than hiring. Leaders are under pressure to keep pace with growing demand while also giving their teams room to develop skills and improve how work gets done. Organizations must balance workload, automation and upskilling to ensure teams can operate effectively today while preparing for what’s next.

Manual workloads introduce friction at every stage of the ticket lifecycle. When prioritization and triage rely on human review, tickets wait in queues, urgency is misjudged and critical issues are often buried behind lower-impact requests. As volumes grow, teams spend more time sorting and routing work than resolving it.

Why fixing individual tasks won’t solve the problem

When teams start to feel the weight of manual work, the first instinct is usually to automate pieces of it. A script here. A rule there. Maybe a new tool to speed up one step in the process. Those changes can help — but they rarely change how the work actually feels day to day.

That’s because automating isolated tasks inside broken workflows just creates faster fragments. Technicians still have to jump between monitoring alerts, ticket queues and documentation systems to understand what’s happening. Context still lives in multiple places. And work still depends on people stitching everything together by hand.

At that point, the problem isn’t effort or expertise. It’s that service delivery itself is fractured across disconnected systems.

Real progress starts when teams step back and ask a harder question: How should this work flow from start to finish?

Where AI actually changes the equation

That question — how work should flow end to end — is where AI begins to matter in a meaningful way.

Instead of automating individual steps, AI makes it possible to connect them. When service delivery runs through an integrated, AI-driven workflow, alerts flow directly into tickets, relevant context surfaces automatically and repetitive decisions no longer require human intervention.

Issues get resolved faster and service delivery starts to feel more predictable and consistent. Teams spend less time chasing information and more time fixing issues. Processes become consistent. Outcomes become repeatable. And the operation can scale without adding complexity, headcount or burnout.

AI doesn’t solve the problem by working harder. It solves it by changing how the work fits together.

The real shift IT operations need to make

Organizations that take this step reduce operational friction, lower costs and make service delivery easier to manage. It’s time to shift gears and strategically evaluate how AI can transform your IT operations and reduce the technical debt of manual workloads.

Those that wait risk falling behind, constrained by manual processes and fragmented systems that make it harder to respond quickly to evolving market demands and technology change.

IT operations are entering a new phase. Discover how AI is becoming a game changer for IT operations — from automating documentation workflows to accelerating ticket resolution and helping teams work smarter, not harder.

Source: Kaseya

Sophos has been named a 2026 Gartner® Peer Insights™ Customers’ Choice in the 2026 Gartner® Peer Insights™ Voice of the Customer Report for Endpoint Protection Platforms . This marks our first Gartner Peer Insights Customers’ Choice distinction of 2026 and a fifth consecutive Customers’ Choice for Sophos in the EPP category. This recognition comes directly from customer feedback, and we’re truly thankful for the time customers take to share their experiences and for the trust they place in Sophos.

In the 2026 Voice of the Customer report for Endpoint Protection Platforms, Sophos’ rating is based entirely on verified customer feedback based on 286 total reviews as of 30 November 2025:

• Named a Customers’ Choice vendor for the 5th consecutive time
• 4.9 / 5.0 overall rating – the highest rating among vendors in the Customers’ Choice Quadrant
• 4.8 / 5.0 rating for Product Capabilities – the highest among vendors in the Customers’ Choice Quadrant
• 98% Willingness to Recommend – tied for the highest among vendors in the Customers’ Choice Quadrant

We believe these results reflect Sophos’ focus on delivering powerful, easy-to-manage endpoint protection that combines advanced threat prevention, detection, and response across modern work environments.

Built for Modern Workspaces and Evolving Threats

We believe Sophos’ continued recognition in the Gartner® Peer Insights™ Voice of the Customer Reports for Endpoint Protection Platforms aligns with its broader strategy to secure today’s dynamic, hybrid work environments. With capabilities that extend beyond traditional endpoint security, Sophos helps organizations protect users, devices, and data wherever work happens. The recent introduction of Sophos Workspace Protection is the ideal complement to Sophos Endpoint, Sophos MDR, and Sophos Firewall and extends and unifies these great products and services to remote and hybrid workers everywhere they go.

Recognition Driven by Real Customer Experiences

Gartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. We feel being named a Customers’ Choice reflects both high overall ratings and strong willingness to recommend, consistently validating Sophos’ commitment to customer success. We are incredibly grateful to our customers worldwide for their continued trust and feedback, which directly contribute to shaping and improving Sophos’ solutions.

Here are some examples of what customers had to say about Sophos Endpoint: 

“Our overall experience with Sophos Endpoint has been exceptionally positive. It delivers enterprise-grade protection without the complexity. The seamless integration and proactive defense against emerging threats have given our IT team complete peace of mind and significantly reduced our management overhead.” – CIO in the Manufacturing Industry, $50M-$250M, Review Link

“Everything about Sophos, from their admin tools to the user experience to the support and sales team, is top-notch. We have been using Sophos Endpoint for almost 13 years now, as Endpoint protection is the bare minimum requirement of our security-minded clients and audits. Every year, we add more and more users to our Endpoint protection, scattered across our five offices located in LA, NY, Austin, London, and Tokyo” – Director, IT Security and Risk Management in the Media Industry, $50M-$250M, Review Link

To learn more about how Sophos Endpoint can help your organization, visit: https://www.sophos.com/en-us/products/endpoint

Source: Sophos  

The World Economic Forum’s Global Cybersecurity Outlook 2026 delivers a clear and uncomfortable truth: cyber risk is accelerating faster than our traditional defenses can keep up. AI-driven attacks, geopolitical volatility, supply-chain fragility, and widening cyber inequity reshape the threat landscape at a systemic level.

What stands out most, however, is not just what is changing—but where defenses are consistently failing.

Across AI misuse, ransomware, fraud, supply-chain compromise, and cloud outages, identity remains the dominant attack path. Whether human or non-human, identities have become the new control plane of modern cybersecurity.

In this blog, I break down five Identity Security lessons we can learn from the research.

Lesson 1: AI has turned identity abuse into a force multiplier

According to the report, 94% of organizations identify AI as the most significant driver of cyber risk, and 87% cite AI-related vulnerabilities as the fastest-growing threat. While much attention is placed on AI models themselves, the more systemic risk lies elsewhere.

AI agents, like other identities, don’t break in—they log in.

Attackers are using AI to:

• Scale phishing and impersonation with unprecedented realism

• Automate credential harvesting and privilege escalation

• Exploit over-privileged service accounts, APIs, bots, and AI agents

The report explicitly highlights that the multiplication of identities—especially AI agents and machine identities—has outpaced governance and security controls. These non-human identities (NHIs) now outnumber human users in most environments, yet remain largely invisible, unmanaged, and implicitly trusted.

Security takeaway:
If organizations continue to protect networks and endpoints while trusting identities by default, AI will simply accelerate compromise.

This is why it’s important to apply Zero Trust principles to Identity Security. If authentication and authorization are where your security controls end, you’re likely not implementing a Zero Trust approach.

Instead, security-first approaches like adaptive MFA and risk-based access controls for all identities – whether it’s humans, service accounts, APIs, AI agents, legacy systems, and more – ensure your strategy is based on continuous validation. Rather than, “Do the credentials/access match the identity?” you should be able to answer questions like “Does this access make sense to allow based on the risk signals?”

Lesson 2: Cyber-enabled fraud is an identity problem, not a financial one

The report reveals that 73% of respondents were personally affected by cyber-enabled fraud, making it the top concern for CEOs—surpassing ransomware.

What’s driving this surge?

• AI-powered impersonation

• Credential reuse

• Lateral movement using legitimate access

• Abuse of trusted identities rather than malware

Fraud today succeeds not because systems are unpatched—but because identity verification stops too early.

Once credentials are obtained, most environments still fail to:

• Continuously validate access

• Detect abnormal identity behavior

• Apply step-up authentication dynamically

Security takeaway:
Fraud prevention and identity security are now inseparable. Fraud begins and end with identity abuse, meaning that real-time, context-aware controls are needed to stop fraudulent activity before material damage is done.

From the report, it’s also clear that CEO and CISO priorities are shifting, yet the foundation for where they can come together remains the same: through strong Identity Security.

Lesson 3: Supply-chain attacks inherit trust—and abuse it

The WEF report identifies third-party and supply-chain vulnerabilities as the top cyber resilience challenge for large organizations. Crucially, the most common supply-chain risk is not malware—it is inherited trust.

When vendors, partners, or managed services connect:

• They often authenticate via service accounts

• Credentials are long-lived and rarely rotated

• Access is broad, persistent, and poorly monitored

Attackers don’t need to breach the perimeter if they can log in through a trusted identity.

Security takeaway:
Supply-chain security failures are identity governance failures. Supply-chain breaches succeed by abusing inherited trust, not by exploiting technology gaps. Organizations should treat third-party access as an identity risk by maintaining a clear inventory of vendor identities, enforcing least-privilege and time-bound access, and eliminating standing permissions wherever possible. Strong authentication should be prioritized for high-risk vendor access, and access reviews must align with contract and business lifecycles. Even without new tools, disciplined governance can significantly reduce supply-chain exposure.

Lesson 4: Cyber resilience depends on identity visibility, not just recovery plans

While 64% of organizations claim they meet minimum cyber resilience requirements, only 19% exceed them. Highly resilient organizations share one defining trait: deep visibility and control across identities.

The report’s Cyber Resilience Compass shows that resilient organizations:

• Continuously assess AI and identity risks

• Monitor access across IT, OT, and cloud

• Reduce standing privileges

• Treat identity as a shared ecosystem risk

Yet identity remains fragmented across directories, clouds, SaaS platforms, legacy systems, and machine workloads.

Security takeaway:
You cannot be resilient if you don’t know who or what is accessing your systems—and why. That’s why it’s so important to retain a living, dynamically-evolving graph visualizing which identities exist and their access paths. This acts as a unified source of truth that can expose exploitable gaps that need closing.

Lesson 5: Cyber inequity makes identity the weakest link

The report highlights a widening cyber inequity gap, driven largely by skills shortages—particularly in identity and access management roles, which are among the top three most understaffed security functions globally.

Complex IAM implementations, agent-based controls, and application rewrites are no longer realistic for many organizations.

Security takeaway:
Identity security must become simpler, not more complex. IAM upskilling needs to happen in tandem with identity-first security solution implementation; this is how we close the gap between IAM and cybersecurity teams while reducing operational burden. Cyber inequity makes identity the most fragile control post – especially where skills are resources are limited.

Implementing security solutions designed with identity teams in mind offers many benefits. By standardizing identity policies (e.g., enforcing MFA on all remote and privileged access), organizations reduce dependency on scarce expertise, lower configuration errors, and achieve consistent risk reduction. For example, you can apply one access standard to employees, contractors, and service accounts, cutting operational overhead while measurably shrinking the attack surface.

The strategic shift: From perimeter security to identity-centric Zero Trust

The Global Cybersecurity Outlook 2026 reinforces a fundamental shift: Cybersecurity is no longer about defending a defined perimeter—it’s about securing infrastructure and access in real-time.

AI, cloud, supply chains, and geopolitics have dissolved the perimeter. Identity is what remains.

Organizations that will succeed in 2026 and beyond are those that:

• Treat identity as critical infrastructure

• Secure non-human identities with the same rigor as human users

• Enforce Zero Trust dynamically, everywhere

• Reduce implicit trust across ecosystems

Silverfort was built precisely for this moment—to secure identities wherever they exist, however they authenticate, and whatever they access.

Silverfort’s platform approach to Identity Security recognizes that identities span cloud, on-prem, legacy systems, service accounts, and non-human workloads—yet they are secured through fragmented controls. By acting as a unified enforcement layer across all authentication paths, the platform enables consistent Zero Trust policies without agents or application changes. This allows organizations to reduce identity risk holistically, rather than incrementally securing identities one system at a time.

Final thought

The WEF report concludes that cyber resilience is a shared responsibility and a strategic imperative. Identity Security is where that responsibility becomes actionable.

In the age of AI-driven threats, every breach is an identity breach first.

The question for organizations is no longer if identity should be central to their security strategy—but how quickly they can make it so.

Source: SIlverfort