Welcome to our blog

Most SOCs assume alerts are inevitable: something will fire, and when it does, the job is to move fast. But watch what actually happens during an investigation and a lot of it doesn’t look like response. It looks like archaeology.

MCP gives agents a standard way to use tools, but most security MCP setups are thin API wrappers over a single product. Real value comes when MCP sits on full visibility and natural language over federated data.

Last week, as we all left RSA, the Mythos leak dominated every conversation. Is it smarter? Is it a leap? Will it change everything? Maybe. But that’s not the question security teams should be asking right now.

Centralized SIEMs require data to be ingested and indexed before it can be analyzed. That works for recent data, but becomes operationally complex at scale. Federated security analytics takes a different approach - queries run against data in its original location rather than requiring centralized ingestion.

Every year at RSA the vocabulary rotates. The architecture doesn’t.This year the big word is “agentic.” Last year it was “AI-native.” Before that, XDR. Walk enough booths and you’ll notice something: very different products using almost identical language to describe very different things. In general, buzzwords are fine - but only if they can deliver.

AI agents are changing the operating system for SecOps - where specialized agents handle detection, triage, and response across a federated Security Analytics Mesh, reasoning across all your data without requiring centralized storage.

Every SOC leader today is getting asked some version of the same question:“ What’s our AI strategy?” It sounds simple until you try to answer it.

Query languages like KQL excel at fetching data, but analyzing results - finding patterns, running statistics, exploring iteratively - remains manual work. In this post, we share how we built a code execution sandbox that enables AI agents to analyze logs in real-time by dynamically generating and executing Python code. This capability powers multiple features across our platform, from automated data source mapping to intelligent query summaries and AI-assisted triage.

Three months isn’t long in most contexts, but it’s enough to know whether you’ve joined a company with real momentum.