// Intelligence
Security Insights
Threat briefs, advisories, and field notes from the Dephiant intelligence team. Written for security operators, not marketers.
53 articles
Post-Quantum Cryptography: When to Start, What to Do
The post-quantum migration is the largest cryptographic transition in three decades. For most organizations the right answer is *not yet*, but the right *preparation* starts now.
Vendor Due Diligence Without the Spreadsheet
The standard vendor security questionnaire is a 200-row spreadsheet that nobody enjoys filling out and nobody reads when it comes back. There is a better way.
Building a Security Champions Program
A 10-person security team will never out-write or out-review a 200-person engineering org. A champions program borrows leverage from people already embedded in the work.
Practical Threat Hunting for Small SOCs
Threat hunting is often described as an art practiced by analysts with decades of experience. That framing keeps small teams from trying. The truth: structured hunting works at any team size if you co
Network Segmentation Without the Datacenter
The classic segmentation playbook, VLANs, firewalls, DMZ, assumed a physical datacenter you owned. For cloud-native and hybrid environments, the moves are different but the goal is the same: limit b
Securing Kubernetes Without a Dedicated Platform Team
If a single engineer set up your Kubernetes cluster and now no one quite understands it, you have company. Here is the minimum security baseline for small-team Kubernetes.
Logging and Telemetry: What to Keep and Why
Logging programs fail in two directions: too little to investigate anything, or too much to afford. The middle path is intentional.
The Three Conversations Every CFO Needs About Cyber
CFOs are increasingly accountable for cybersecurity outcomes, SEC disclosure, insurance underwriting, M&A diligence, without being trained in the field. Three conversations bridge the gap.
Threat Intelligence on a Budget
A premium CTI feed runs six figures a year. Most mid-market companies cannot justify the spend and end up with no threat intelligence at all. There is a middle path.
Why Your Vulnerability Scanner Lies (and What to Do)
A typical enterprise vulnerability scan reports 40,000 findings. The number of those findings that actually reduce risk if remediated this quarter is closer to 200.
Cloud Identity Federation 101
If you still have IAM users with long-lived access keys in your AWS, Azure, or GCP environment, federation is the single highest-ROI change you can make this quarter.
The Case for Privileged Access Management
PAM tools are expensive and operationally heavy. They are also, by a wide margin, the control with the highest evidence base for reducing the impact of an intrusion.
Tabletop Exercises That Don't Waste Anyone's Time
A bad tabletop is a two-hour status meeting in costume. A good tabletop is the cheapest insurance you can buy.
PCI DSS 4.0: What Changed and What to Do
PCI DSS 4.0 became mandatory in early 2024 with a long tail of "future-dated" requirements landing March 31, 2025. If you are still operating to 3.2.1, the gap is wider than it looks.
Securing Remote Workforces in 2024
Hybrid work is permanent. The security model that worked in 2020, VPN, corporate laptop, occasional office visit, is showing its age.
The Anatomy of a Business Email Compromise
A typical BEC investigation we run unfolds in five acts. Recognizing them in progress is the difference between a near-miss and a six-figure loss.
AI-Generated Phishing: New Defenses for an Old Problem
The grammar mistakes are gone. The bizarre formatting is gone. The "Dear Sir/Madam" salutations are gone. Generative AI removed the surface-level tells that defenders trained users to look for.
Cyber Hygiene Metrics Your Engineers Will Trust
Engineering teams treat most security metrics like marketing numbers, directionally true, locally meaningless. Here are five that survive engineering scrutiny.
Securing Your Software Supply Chain
SolarWinds was not an outlier. It was a preview. Every modern build pipeline is a high-value target because compromising one upstream package compromises every downstream consumer.
Email Security Beyond DMARC
DMARC is necessary and not sufficient. Once your domain is no longer spoofable, attackers shift to lookalike domains, compromised vendor mailboxes, and conversation hijacking.
Container Security on a Shoestring Budget
You do not need a $250k cloud-native security platform to run secure containers. A disciplined developer team can hit 80% of the value with open-source tooling and a half-day per quarter.
The Truth About Penetration Testing for SMBs
Most penetration tests sold to SMBs are vulnerability scans with a manual write-up. Real pentests are scarcer, more expensive, and more useful, when you actually need one.
Insider Threat Programs Without the Surveillance Theater
The phrase "insider threat program" conjures keystroke loggers and screenshot monitors. The version that actually reduces risk looks more like good HR plus targeted detections.
The SMB Guide to Endpoint Detection and Response
For years, "EDR" meant a six-figure budget, a dedicated SOC, and a 200-page deployment guide. That has changed. A 100-person company can deploy modern EDR in a week and operate it with one part-time a
Patch Management That Actually Works
Most patch programs fail not because tools are bad, but because no one owns the calendar. Here is the operating model we recommend.
Choosing Between SIEM, XDR, and MDR
The acronyms overlap, the vendor pitches contradict each other, and every product claims to replace the other two. Here is a plain-English decoder.
Zero Trust for Resource-Constrained Teams
Zero Trust is not a product. It is a posture: never trust the network, always verify the request. For an under-resourced team, the trick is to sequence the work so each step delivers a measurable risk
Backups Are Not Recovery: A Practical Guide
Every company we engage post-ransomware has backups. Half of them cannot recover from those backups within their stated RTO. The gap between "we back up" and "we can restore" is where ransomware actor
Five Security Metrics Your Board Will Actually Read
Skip the heatmap. Five numbers that drive real conversation in the boardroom.
What is a Virtual CISO (vCISO)? A Practical Guide for SMBs
A plain-English guide to the virtual CISO role: what a vCISO does, how engagements work, what they cost, and when an SMB should hire one.
Phishing-Resistant MFA: Moving Beyond SMS
SMS-based MFA used to be the gold standard. In 2024 it became table-stakes, and table-stakes are exactly what attackers target first.
Building an Incident Response Plan in 30 Days
The best incident response plan is the one you can actually execute at 2am on a Sunday. Here is how to build one in four weeks without hiring a consulting firm.
Securing Microsoft 365 for Growing Teams
Microsoft 365 ships with defaults that prioritize compatibility over security. For a 50-person company that traded an on-prem Exchange server for E3 last year, those defaults are the single biggest so
Azure Landing Zone Essentials for Mid-Market
Subscription design, policy guardrails, and the management group structure that scales.
The SMB Incident Response Runbook We Actually Use
A one-page runbook covering the first 90 minutes. When clarity matters most.
Rolling Out Phishing-Resistant MFA Without Breaking the Helpdesk
A staged rollout plan for FIDO2 and passkeys that keeps support tickets predictable.
Data Classification That Actually Sticks
Three tiers, plain English, and labels that survive contact with real users.
Supply Chain Attacks on npm and PyPI: What Changed in 2025
Typosquatting, dependency confusion, and the compensating controls we now recommend by default.
Google Workspace Hardening Checklist (2026 Edition)
The settings we change first on every Google Workspace tenant. Annotated for 2026 defaults.
Detection Engineering for Okta and Entra ID
The five identity detections that catch the attacks we actually see in the field.
Vendor Risk Management Without the Spreadsheet Spiral
A pragmatic tiering model and a 12-question intake that catches 80% of the real risk.
Threat Modeling Agentic Workflows
A practical STRIDE-style threat model tailored for multi-step AI agents with tool access.
What Cyber Insurance Underwriters Want in 2026
The control checklist that determines whether your premium goes up, down, or sideways.
CISA Reports BRICKSTORM Used For Long-Term Access
Tactics used to maintain long-term implants in U.S. systems. And detection guidance you can apply this week.
Achieving SOC 2 Without a Dedicated SOC Team
How resource-constrained SMBs can reach SOC 2 Type II without hiring an in-house security operations team.
Defeating MFA Fatigue Attacks in 2026
Push-bombing is back. Number-matching, FIDO2, and risk-based policies that actually move the needle.
The 90-Minute Ransomware Tabletop
A leadership-ready tabletop script you can run this quarter. No consultant required.
Secure-by-Default Patterns for LLM-Powered Apps
Output filtering, tool sandboxing, and provenance. Concrete patterns for teams shipping LLM features.
Harnessing AI in Cybersecurity
How AI-driven innovations are reshaping threat detection, response, and prevention for resource-constrained security teams.
AI in Cyber Intelligence
Transforming cyber intelligence through advanced analytics. And why compliance is not the same as security.
Cybersecurity Best Practices Guide
Essential measures to fortify your defenses. The SMB-specific checklist we actually recommend.
Cloud Computing Security Essentials
Strategies to enhance operational excellence in cloud security across AWS, Azure, and GCP.
Zero-Click Agentic Browser Attacks
How crafted emails can exfiltrate cloud drives through AI-driven browser agents. And what to do about it.