Armis | Palo Alto Networks | Vectra | ZeroFox
Q1. Armis earlier this year announced the acquisition of OTORIO. What are Armis' plans for leveraging OTORIO's Titan platform?
Armis provides one comprehensive platform that addresses the entire lifecycle of managing cyber threats. We continue to innovate our AI-powered Cyber Exposure Management Platform, Armis Centrix so that organizations and governments worldwide can protect their entire attack surface.
The recent acquisition of OTORIO expands Armis' capabilities in Operational Technology (OT), Industrial Control Systems (ICS) and Cyber-Physical Systems (CPS) security. By integrating OTORIO's Titan platform into Armis Centrix™, Armis is delivering a powerful solution tailored to critical infrastructure, manufacturing and industrial environments.
The integration bolsters the Armis Centrix platform with key enhancements, including:
Armis continues to demonstrate incredible business growth and momentum. Our team has recently completed three acquisitions in less than 12 months, surpassed $200 million in annual recurring revenue and increased our valuation to $4.2 billion. I look forward to continuing this trajectory, enabling Armis to support global organizations in light of today's dynamic risk landscape.
Q2. How must asset intelligence evolve to manage the exploding number of IT, OT, and IoT devices in enterprise environments over the next few years? What specific advancements is Armis making to its Asset Intelligence Engine to stay ahead of this curve?
Given the proliferation of connected assets – including IT, OT, IoT, IoMT, building management systems (BMS), cloud, software and more – organizations face increasing challenges in protecting their growing attack surfaces and managing cyber risk exposure in real time. That is why contextual awareness of an organization's environment and asset intelligence is so critical and must evolve to keep pace with these dynamic enterprise environments.
Armis is committed to protecting all physical and virtual assets, from the ground to the cloud. Our AI-driven Armis Asset Intelligence Engine monitors billions of assets worldwide to identify cyber risk patterns and behaviors. It powers the Armis Centrix™ platform with unique, actionable cyber intelligence to detect, prioritize and remediate real-time threats across the entire attack surface.
We continue to expand the breadth and impact of the Armis Asset Intelligence Engine. Currently, it tracks over six billion (and growing) assets across 25,000 locations, 165 countries and multiple industries. Armis collects anonymized data about the attributes and behaviors of each monitored asset, putting together a baseline profile for each asset type. By analyzing these asset profiles, we not only gain more context of each asset but also add more data about them based on the knowledge gathered from similar assets that are being monitored.
Our team at Armis Labs, Armis’ dedicated research practice, also conducts in-depth research on various assets and how attackers try to breach them, directly feeding these insights into the Asset Intelligence Engine.
Most recently, we launched the Armis Vulnerability Intelligence Database which integrates data from the Asset Intelligence Engine and other sources to deliver timely, highly contextualized insights. By delivering these critical insights faster than traditional databases, organizations can harden their environments before vulnerabilities or risks are widely exploited.
Q3. What events, hands-on sessions and presentations does Armis have planned for Black Hat US 2025?
I am excited about the activities that Armis has planned for Black Hat. Attendees can stop by Booth #3233 to connect with experts and learn more about the Armis Centrix platform and each of our five solutions:
We'll have presentations and product demos throughout the week, in addition to parties and other events. You can also make a difference with our Win & Give initiative. Try your luck at the prize vending machine located at our booth, and each scratch-off redemption automatically triggers a donation to St. Jude Children's Research Hospital.
For more details on what Armis has in store at Black Hat and to book a meeting with one of our executives, please visit our website.
Q1. With the rapid integration of generative AI in both cyber defense and cyber threats, how do you see the role of human analysts evolving over the next five years in organizations like Unit 42?
The rapid adoption of generative AI is impacting both how we defend and how adversaries attack. Palo Alto Networks recent State of Generative AI report noted an 890% global surge in GenAI traffic over the past year alone. For SOC analysts and teams, this is a phenomenal opportunity for evolution, not obsolescence. In the next five years, generative AI will increasingly take on the highly repetitive, high-volume tasks that currently consume a lot of analyst time: initial triage, sifting through mountains of logs, and generating basic reports. This automation will free up our time towards activities like critical thinking, complex problem-solving, and strategic decision-making to help shorten time to detection and response. Not only that, but AI has the opportunity to close the existing skills gap and reduce burnout that we commonly see in these hard-working teams.
On the attacker side, however, AI-assisted attacks will drastically cut down the "time-to-impact" for attackers. Palo Alto Networks Unit 42 simulated attacks showing exfiltration time reduced from a median of two days to just 25 minutes – a 100x increase in attack speed. This kind of speed demands an automated first line of defense. AI will free up our analysts' time to dive deeper into nuanced investigations, the strategic threat hunting, and the complex problem-solving that only a human can truly master at this time.
They'll be the architects of our AI defenses, ensuring these systems are properly tuned, and critically, they'll be the ones interpreting the subtle signals and anomalous behaviors that even the most advanced AI might miss. We'll be moving from just responding to alerts to a more proactive, predictive posture, using AI as a force multiplier for security outcomes. It's an exciting time to be in cybersecurity!
Q2. What lessons from the highest impact breaches you've investigated have fundamentally changed how you think about cyber resilience?
From my two decades of experience responding to some of the world's largest and most impactful breaches, to most recently leading Palo Alto Networks Unit 42, a few fundamental lessons have truly reshaped my perspective on cyber resilience. The first is that breaches are not a matter of if, but when. This isn't a defeatist attitude; even with the best defenses, a determined adversary will eventually find a way in. This realization shifts the focus from simply preventing intrusions to building an organization's ability to withstand, respond to, and recover from an attack with minimal disruption to your business or customers.
Secondly, I've learned that cyber resilience is fundamentally a business problem, not just a technical one. The highest impact breaches weren't just about compromised systems; they were about disrupted operations, reputational damage, and significant financial fallout. This means that true resilience requires buy-in and active participation from the board, executive leadership, and every single employee. This means embedding security into the culture of the business, understanding where your sensitive data lies, and having a clear, rehearsed plan for incident response and recovery.
The most resilient organizations I've seen are those that prioritize proactive intelligence and continuous training and learning. They don't wait for the next attack to reflect. Instead, they actively consume threat intelligence to understand who their adversaries are, what tactics they employ, and what vulnerabilities they target. They conduct regular tabletop exercises, test their recovery plans, and constantly refine their security posture based on the evolving threat landscape. It's about being adaptive, agile, and always striving to improve, because the adversaries certainly are.
Q3. What are your company's plans at Black Hat USA 2025? What key technologies or initiatives does PAN plan on showcasing or unveiling at the event?
Palo Alto Networks presence at Black Hat will undoubtedly reflect the critical trends we're seeing, many of which are highlighted in the Unit 42 2025 Global Incident Response Report. You can anticipate us discussing significant advancements in AI-driven security, and demonstrating how we're leveraging AI and machine learning to empower security operations to see more and respond faster, using capabilities like automated threat detection and remediation. It's about making security teams more effective in the face of increasingly sophisticated threats.
We are proud to be a sponsor of Black Hat USA 2025. I encourage everyone to visit us at Booth #3240, and don't forget to attend our Palo Alto Networks keynote by our CTO and VP of Engineering, Michael Sikorski on Wednesday, August 6 at 10:15 a.m. PT.
Q1. Vectra AI recently announced a partnership with CrowdStrike to launch a jointly packaged offering specifically for small and medium-sized businesses. How are you balancing the need to deliver enterprise-grade security capabilities with the simplicity and speed that leaner, smaller security teams might require?
Small and midmarket security teams are facing the same advanced threats as large enterprises, but without the same resources – so we knew we had to take a different approach. That’s what drove us to expand our partnership with CrowdStrike. Their Falcon platform is already widely used in these environments, and by integrating the Vectra AI Platform’s network detection and response (NDR) capabilities with Falcon’s endpoint protection, we’re able to bring enterprise-grade threat detection to these teams in a way that’s simple to deploy and manage.
The joint solution is designed to minimize operational overhead while maximizing security outcomes. It’s pre-integrated, fast to value, and focused on surfacing real attacks – without the noise. That means teams aren’t wasting time chasing false positives or toggling between tools. They get a clear picture of what’s happening and can act quickly.
Ultimately, our goal is to help leaner teams respond with the same level of confidence and precision as a fully staffed SOC – without requiring one.
Q2. Vectra AI’s AI agent portfolio now spans everything from automated triage capabilities through analyst-level response automation. How is the growing availability of such technologies impacting SOC workflows? How do you perceive the role of human security analysts evolving as these technologies take root?
We’re seeing a real shift in how work gets done in the SOC. AI agents aren’t just accelerating workflows – they’re changing the shape of them. By taking on high-volume, repeatable tasks like alert triage and root cause analysis, these agents are giving human analysts back the time and mental bandwidth to focus on more nuanced tasks – like complex investigations or threat hunting.
We are achieving amazing results from our agent functionality. We recently partnered with IDC to help quantify the impact and learned that customers are spending 51% less time on alert monitoring and triage, 60% less time on assessing and prioritization and 50% less time on investigation.
The best way to think about it is as a force multiplier. These agents don’t replace analyst – they give them leverage. We see this driving a new kind of role inside the SOC. Analysts are becoming more like operators of intelligent systems – coordinating automation, validating actions, and escalating when human judgment is needed. That’s a much more sustainable model, especially given the talent shortages so many teams are facing.
This isn’t about removing the human from the loop – it’s about removing the bottlenecks that slow them down.
Q3. What product, service or research-related announcements does Vectra AI plan on making at Black Hat USA 2025? What is the company's main focus and messaging at the event?
At Black Hat this year, we’re continuing our focus on something that’s become a critical challenge for security teams: signal clarity. Despite the improvements I cited earlier, there is still tremendous opportunity to improve the SOC team’s experience and efficiency. That’s where our AI-enabled investigation capabilities come in.
As you know, we’ve been investing in AI agents for years, but we recently announced our investigative agent and the progress that we’re making in this space is really exciting. We’ve been able to incorporate the long-tail reasoning capabilities of LLMs and fuse that with our deep knowledge of threat detection. I’m particularly excited by how this new system “shows its homework” to allow security practioners to confirm the agent’s reasoning. The goal isn’t just faster detection – it’s cutting through the noise to deliver decisive insight, faster.
You’ll hear us talk a lot about how we’re enabling defenders to get ahead of threats, not just react to them. We’re not just layering on AI – we’re rethinking how investigations happen in the SOC, and what analysts should expect from their tools.
So, in a nutshell, our focus is clear: helping security teams work smarter, act faster, and stay ahead – with the power of AI that actually works for them.
Q1. How is ZeroFox evolving its detection technology to stay ahead of AI-generated threats such as deepfakes, synthetic media, and AI-generated phishing content?
AI-powered cyber threats are increasing rapidly because they’re cheap and fairly easy to create. They’re also continually evolving, giving bad actors the ability to increase speed and stealth and offering greater opportunities to further their motivations. As defenders, we need to move just as quickly, ideally faster. One of the best ways to do that is by also harnessing the benefits of AI; fighting fire with fire.
We expanded AI capabilities within our detection platform to combine machine learning algorithms, natural language processing, and computer vision techniques to monitor and analyze social media, digital ads, and other online platforms for potential threats. To stay ahead, we need to ditch the manual, time-intensive processes of analyzing the troves of potentially weaponized images and videos and ensure detection capabilities are accurate.
We offer a variety of AI-driven technologies such as text, video and image analysis where our models can pick up subtle signals in tone, structure, and style that are indicative of machine-generated content as well as break down content to its subcomponents to detect signs of manipulation. As a result, we’re boosting productivity and precision when mitigating threatening content.
We also built an open-source framework, dubbed Deepstar, which encourages experimentation with detection tools for deepfakes. It was important to us as a company that we contribute this toolkit back to the community and make it easily accessible on GitHub. We know that future challenges in the area are on the horizon, and we want security leaders to have an additional tool in their arsenal.
Q2. Threat actors are increasingly exploiting social media platforms and brand impersonation techniques to target organizations and their customers. How do threat intelligence and automation capabilities need to evolve to address these threats? What technical challenges do you see getting in the way?
This is one of the biggest shifts we’ve seen over the last few years. Attackers are moving outside the perimeter and using public platforms like social media, surface web forums, or even messaging apps to launch impersonation attacks and social engineering campaigns at scale. Automation capabilities will be critical in monitoring, detecting and taking down fraudulent social media accounts, spoofed websites, and other threat infrastructure. A few years ago, not enough security teams were utilizing automation, and I think now the narrative is finally changing thanks to AI. I believe many organizations are grappling with implementation challenges due to fragmented technology stacks that include legacy systems and piecemeal solutions that have poor interoperability.
On the other hand, threat intelligence has been evolving over the past few years to encompass organizations’ growing attack surfaces. By bolstering social media monitoring, we’re gaining new threat insights, detecting threats earlier and accelerating incident response. The technical challenge will be ensuring speed and contextual relevancy. You need systems that can continuously scan, identify patterns, and prioritize what matters without burning out your security team. But it’s not just about speed. Context really matters here, too. Not every fake account is equally dangerous. Some are part of coordinated influence campaigns, others are targeting customers with scams, and some might just be trolling. The intelligence layer needs to be smart enough to distinguish signal from noise in order to help security teams focus on truly dangerous threats. There are definitely hurdles. For example, a lot of digital platforms operate in silos or behind strict privacy frameworks, which limits visibility.
Attackers are also using AI themselves now to generate more convincing fake personas, automating engagement, and even testing which content performs best. This means detection is getting harder, not easier. There’s also the inconsistency in how platforms respond. Some are quick to act on takedown requests. Others, not so much. That’s why collaboration and building partnerships is going to be just as important as the technology itself. Our goal is to stay ahead of the curve by building flexible, smart systems that can adapt as these threats evolve.
Q3. What technologies or services does ZeroFox plan on highlighting at Black Hat USA 2025? What are you hoping customers and other attendees at the event will take away from your company’s participation at the event?
Most businesses are now faced with an exponentially larger attack surface that extends much beyond their perimeter and has created gaping holes in existing security coverage. We’re looking forward to connecting with attendees to dive deeper into today’s actors and their TTPs, spearheading conversations on who we’re up against and how they’re modernizing campaigns so that security leaders can better manage their exposure. And, we’re also hoping that we can educate them on who ZeroFox really is; our platform is the pre-eminent solution for organizations wanting to manage the risks associated with their digital footprint.
At Black Hat, we’ll be demonstrating how the ZeroFox platform combines Threat Intelligence, Attack Surface Discovery, Digital Risk Protection and Adversary infrastructure Disruption. It's only when these ingredients come together that we can meet the challenge of exposing, disrupting and responding to these external threats. We will also be highlighting how AI is changing the threat landscape and how the security community can counter their advances with defense AI technologies that can keep pace.
Our goal is to use AI as a catalyst for helping the humans in the loop make sense of complex risk data sets faster and more completely, reducing time to decision and improving decision accuracy for those who have to defend organizations; not just using it as a tool for smarter detection or process automation.
