Axonius | Elastic | Huntress | Sublime Security
Q1. As a former CISO at Disney what security challenges did you face that you now have an opportunity to tackle from the vendor perspective at Axonius? What's the biggest disconnect you've observed between what security vendors think practitioners need versus what actually keeps CISOs up at night?
At Disney, and in conversations with other CISOs, one thing was clear - the scale and complexity of modern digital environments are outpacing the ability of cybersecurity programs to keep up. The asset landscape, from cloud infrastructure to connected devices, grows faster than most organizations can adapt. Vendors often assume that adding more tools is the solution, but in reality, tool sprawl leads to fragmented visibility and control, which increases risk.
Now at Axonius, I’m focused on addressing this challenge. The key isn’t just adding tools, it’s ensuring that organizations have complete, accurate, and always up-to-date asset intelligence. That’s what enables actionability. Our platform correlates data from across the entire technology footprint, providing CISOs with a unified picture that makes it easier to tackle exposures, misconfigurations, and inefficiencies before they become problems.
What keeps CISOs up at night isn’t the lack of tools, it’s the lack of clarity and confidence in their environment. When I was at Disney, the “unknown unknowns” were always the biggest source of risk. CISOs need to know what they have, what’s at risk, and what to do about it. That’s the gap we’re closing at Axonius – turning asset intelligence into intelligent action.
Q2. Asset visibility and cyber asset management have become board-level conversations. What's driving the sudden interest considering this has been a foundational challenge at many organizations for a long time?
The reality is that today’s businesses are inherently digital, and their technology landscapes are growing exponentially - whether it’s cloud infrastructure, SaaS applications, or connected devices. But this growth has created a critical gap: cybersecurity programs haven’t scaled at the same pace. Boards are starting to ask tough questions because they know that effective cybersecurity depends on complete visibility and the ability to take action on that information.
Here’s what’s changed. Boards now recognize that you can’t protect what you can’t see. Asset visibility and management have shifted from being technical challenges to business-critical issues. Without comprehensive asset intelligence, organizations can’t effectively manage risk or demonstrate progress in improving their security posture.
At Axonius, we help organizations bridge this gap by providing a unified platform that delivers total visibility and actionability across their entire technology footprint. This isn’t just about uncovering blind spots - it’s about enabling teams to address exposures, streamline operations, and show measurable results that matter to the business.
Q3. What are your company's plans to engage with customers, researchers and the broader cybersecurity community at Black Hat USA 2025? What events, talks and demos can attendees expect from Axonius at the event?
Black Hat is always one of the highlights of the year for us. It's an incredible opportunity to connect with customers, researchers, and the broader cybersecurity community, not just to showcase what we've been working on, but to hear what challenges organizations are facing in the field.
This year, Axonius is bringing asset intelligence and actionability to the forefront. Here's what attendees can expect:
CISO Summit: We're a foundation sponsor of the exclusive, invitation-only CISO Summit on Tuesday, August 5. It's a chance for senior leaders to discuss emerging threats, share strategies, and explore how asset intelligence can help close critical gaps.
Speaking Sessions: We're hosting several sessions with security experts. One I'm particularly excited about is "The Truth Layer: Finding Exposures Your Stack Can't See," where Liz Morton from Axonius will demonstrate how a unified data model can uncover hidden risks
Live Demos: At our booth, we'll be showcasing the Axonius Asset Cloud. These demos will highlight how we deliver total visibility and actionable insights across cyber assets, software, SaaS applications, and identities. For those who want a deep dive, we're offering one-on-one sessions with our product experts.
Booth Presence: We'll have a major booth in the Business Hall - Booth #3051. It's where you can connect with our team, see our platform in action, and learn how Axonius transforms asset intelligence into intelligent action. Plus, you'll want to stop by for the swag.
Community Engagement: Outside of the main conference, we're sponsoring several events where we'll be engaging with the cybersecurity community. Be sure to swing by and say hello.
At Axonius, we're focused on helping organizations move from visibility to action, and Black Hat is the perfect place to showcase how we do that.
Q1. What were the strategic drivers for Elastic’s recent acquisition of Keep? How will customers benefit from it?
Elastic’s acquisition of Keep was driven by a need that surfaced across our massive and passionate user community. Users wanted a built-in, native way to manage alerts and take actions directly within Elastic. While we’ve made strides in this space like embedding actions into Kibana, using our native endpoint for response, orchestrating across third-party systems, and integrating with key partners, bringing Keep into the platform means we’re delivering exactly that: a seamless, in-product experience for turning insights into action, all without leaving the Elastic ecosystem.
With the addition of Keep, all Elastic users will gain access to a dedicated workflow application directly within Elastic's Search AI Platform to streamline response and automation across observability, security, and search use cases. Keep’s commitment to as-code representations of workflows will be fully carried into Elastic, ensuring users can manage automation both through a visual UI editor and a code-based approach. This gives teams the flexibility to build, customize, and scale workflows in the way that best fits their environment—whether they prefer point-and-click simplicity or the precision of code.
Q2. How is AI-driven security analytics transforming SecOps and the SoC? What are some of the biggest challenges you've seen organizations face when integrating AI into their SecOps workflows?
AI is transforming SecOps by helping analysts move faster, from detection to investigation to response, with greater precision and less noise. But real transformation doesn’t come from just plugging in a model; it comes from grounding AI in your own data, on your terms. At Elastic, we’re enabling that shift with capabilities like Retrieval-Augmented Generation (RAG), which securely feeds private organizational context (alerts, cases, telemetry) into AI workflows. The result isn’t a generic answer from a public model, but a relevant, grounded response built from what’s actually happening in your environment.
Still, one of the biggest challenges we see is a lack of transparency and control. Too many solutions offer black-box models with pre-baked outputs, leaving SOC teams unsure of how decisions were made. Even worse, it can leave them unable to trust or verify the output. That creates risk. At Elastic, we take a different approach: we let you bring your own model, host it where you want, and see exactly what data is driving the outcome. You can use Elastic’s managed LLM, integrate your preferred model and even keep everything fully air-gapped for compliance. AI shouldn’t add uncertainty. It should add clarity, speed, and trust, and that only happens when it’s open, transparent, and built on your terms.
Q3. What key innovations or capabilities does Elastic plan to highlight at Black hat USA 2025? What has the company planned by way of events, talks, contests and other engagements at the show?
We’ll be showcasing the growing range of use cases across our security portfolio, with a particular focus on AI-driven capabilities designed to empower the security analyst. One major highlight is the evolution of our Attack Discovery feature—originally launched last year—which now fully automates the complex task of correlating disparate alerts from any source. What once took hours of manual effort to connect across behaviors and MITRE ATT&CK tactics can now be done in seconds. We’ll also dive into how agentic workflows are redefining threat investigation, making natural language query creation fast, intuitive, and grounded in your actual data. Analysts can now work in their own language—not one invented by a vendor—bringing speed, clarity, and confidence to every investigation.
As for sessions, events, and contests, I will be speaking alongside my colleague James Spiteri, director of Product Management, about the importance of applying AI in the SOC. As security teams manage an expanding ecosystem of security tools and data, the challenge isn't just in detecting threats, but in harnessing insights wherever they live. If this sounds like something you're interested in, check us out. We'll be in Business Hall Theater E on Thursday, August 7th, from 11:25am-11:45am. If you can't make it but the session sounds interesting, James will be doing a standalone session on the same topic at the AI Summit on Tuesday, August 5th, from 2:25 pm-3:20pm at Oceanside D, Level 2.
Elastic is also hosting a networking event on August 5th from 6:30-8:30pm at The Skyfall Cyber Lounge that overlooks the Las Vegas Strip with over 300 cybersecurity professionals, executives, and industry decision-makers! We'll have a live DJ, rich networking opportunities, and curated cocktails.
Finally, we'll be hosting a trivia game at our booth throughout the event for a chance to win a LEGO Lamborghini Sián FKP 37 - come join us and test your security smarts! The winner will be announced at the end of the event.
Interested in learning more? Stop by booth #3546! We’d love to show you a live demo or simply chat about all things security. Our CEO and other Elastic leaders will be onsite and available for 1:1 meetings. Don’t miss the chance to connect—see you there.
Q1. You recently described your company's mission as helping smaller and mid-market businesses move above the cybersecurity poverty line. How do you see the threat landscape evolving specifically for these smaller targets? Are cybercriminals adapting their tactics to specifically exploit these targets, or are these businesses getting hit with the same attacks that work against everyone?
The threat landscape has shifted dramatically in recent years. Cybercriminals have evolved their tactics, applying the same sophisticated methods used against large corporations to businesses of all sizes. Advanced evasion techniques like endpoint detection and response (EDR) tampering, bring your own vulnerable driver (BYOVD) privilege escalations, and User Account Control (UAC) bypasses—which were once exclusive to advanced persistent threats targeting major enterprises—are now normal.
This is no coincidence. Attackers recognize that businesses often run on similar foundational software platforms regardless of size. What’s different is the level of defense. Large enterprises usually have the tools, expertise, and resources to counter these threats. Growing businesses, however, often lack these resources, making them attractive targets. Cybercriminals are adapting their playbooks to exploit these gaps, preying on what they perceive as easier opportunities.
Adding to this, ransomware-as-a-service (RaaS) groups have made it easier than ever to carry out attacks with pre-packaged, customizable tools and detailed playbooks. These groups operate with a “quantity over quality” mindset, casting a wide net and targeting as many organizations as possible, regardless of size, industry, or perceived value. This indiscriminate model, combined with the low barrier to entry for launching attacks, has created significant risks for businesses that lack the resources to defend against these threats.
Consequently, growing businesses have not only become exposed to the same attacks as large enterprises but are now easier targets due to the commoditization of cybercrime. This trend has paved the way for more frequent and sophisticated attacks, fundamentally altering the cybersecurity challenges that businesses face today.
Q2. With AI, automation, and threats evolving so quickly, what’s one assumption about how we approach cybersecurity today that you think will be completely obsolete in the next five years?
The assumption I see fading into obscurity is the idea that AI and automation can fully replace human judgment in cybersecurity. Right now, there’s this shiny, over-simplified belief that if you throw enough data at AI, it’ll build an impenetrable wall. Spoiler alert: it won’t.
Here’s the thing—AI excels at pattern-matching, not reasoning. It can sift through mountains of data and flag potential threats faster than humans ever could. But the problem is what it can’t do. It doesn’t understand nuance. It doesn’t consider context. And when you rely solely on it, you risk drowning in false positives or, worse, missing something critical altogether. That’s where some approaches today fall short. They double down on feeding AI more and more data to “fix” the problem, but what they really end up with is diminishing returns and increased complexity.
The future of cybersecurity isn’t about replacing humans with AI; it’s about empowering humans with AI. AI should be an assistive tool, a co-pilot if you will, helping SOC analysts interpret data and focus their efforts where it actually matters. The human decision-making layer isn’t going anywhere—not in five years, not in ten.
What will be obsolete is the illusion that we can automate our way out of every problem. The smarter play is blending human expertise with AI’s speed and scalability to stay adaptive. That’s how we’ll keep up with the threats ahead.
Q3. What insights or innovations does Huntress plan to showcase at Black Hat USA 2025? What can attendees expect from your company at the event?
At Black Hat USA 2025, Huntress is gearing up with an exciting lineup of in-booth theater sessions designed to deliver relevant, actionable insights to the cybersecurity community. We’ll cover a range of topics, from core tradecraft techniques to the latest product advancements that help organizations stay a step ahead of evolving threats.
The focus is simple: giving you practical takeaways that matter. Whether it’s honing your skills, understanding emerging adversarial tactics, or exploring how Huntress solutions can help strengthen your defenses, we’ve tailored these sessions with your priorities in mind. Each one is concise, informative, and led by seasoned experts who bring real-world experience to the table.
For those interested in endpoint security, identity threat detection and response, security information and event management (SIEM), or security awareness training solutions, our team will showcase how our technology provides real-time protection for endpoints, email, and employees.
We’re also sharing real-world stories straight from our team. These insights into active attack scenarios and lessons learned offer actionable strategies you can take with you.
If you’re heading to Black Hat, make sure to visit us at booth #2451. It’s a chance to engage directly with our team, absorb valuable knowledge, and ask questions that spark meaningful conversations. You’ll walk away with fresh perspectives and strategies to tackle today’s top threats. We look forward to seeing you there.
Q1. Email continues to be the top entry point in many breaches. What core change in mindset or strategy do you think is needed to better combat this threat? With AI-generated attacks increasing, how do we shift from reactive defense to proactive protection?
We are now living in a post-LLM world. Attackers are sending high-volume spearphishing campaigns generated by LLMs, as covered in recent research from the Google Gemini and OpenAI teams. Defenders (and vendors) need to rapidly adapt to this new world. If attackers are going to attack at speed and scale, we need to defend at speed and scale.
Q2. How does Sublime's approach enable better defenses against new and fast-evolving email threats?
Transparency means being honest when you’re wrong. Sublime isn’t perfect. Like any detection vendor, when we’re wrong — [when] we miss an attack or FP — it’s usually for one of two reasons: the customer environment is unique, or attackers have evolved and learned to bypass us. We built Sublime to be resilient to both scenarios. Using a Distributed Detection Model (DDM) vs the traditional Centralized Detection Model (CDM) helps us tailor our coverage to meet unique customer needs. ADE, our Autonomous Detection Engineer, lets Sublime update coverage at the customer-level at LLM-speed. We think this approach is the future of detection and prevention.
Q3. What are Sublime Security's plans at Black Hat USA 2025? What is your main focus and messaging at the event?
We’re really excited to announce our Autonomous Detection Engineer, ADE. ADE is our second AI Agent after our Autonomous Security Analyst (ASA), which we announced at RSAC earlier this year.
While ASA was built to save analysts massive amounts of time by automating Tier 1 / Tier 2 email analyst triage, ADE was built to rapidly adapt to emerging threats. ADÉ can investigate new techniques, write new AI-powered detections, test over historical data, iterate, and submit new detection coverage for human review or (soon) auto-deploy based on predefined success criteria. ADE empowers security teams to adapt to the rapidly changing email threat landscape faster than ever before.
Like everything we do at Sublime, transparency and control are key. ADE shows its work and chain of thought, and its detections and efficacy results are fully transparent to build trust. We’re excited to show folks how it works.
