SureStack unveils AI platform for real-time cyber defence
The platform is built on SureStack's patent-pending "Resilient Intelligence" technology and combines Generative AI, human expertise, and real-time environment analysis. According to the company, this integration is intended to assist security teams in identifying misconfigurations and vulnerabilities that can leave systems open to cyber attacks, while also maximising the efficacy of investments in cybersecurity tools.
Adam Bennett, Co-Founder and Chief Executive Officer of SureStack, said: "Misconfigurations and vulnerabilities inherent in security tools are one of the leading vectors of cyber attacks, and today's cybersecurity teams are overwhelmed, with even well-funded organisations continuing to suffer incidents and breaches. SureStack was built to help defenders reclaim control — ensuring that every tool in their security stack is properly configured, continuously validated, up-to-date, and working optimally to protect from cyber attacks."
Elaborating on the value proposition, Austin Hochstedler, Co-Founder and Chief Technology Officer of SureStack, stated: "Building a good security stack isn't enough — you need to constantly verify that it's still protecting you as the environment and cyber threats evolve. SureStack delivers real-time visibility into live configurations and vulnerabilities, giving security teams the clarity they need to stay ahead of attackers and focus their efforts where they can do the most good."
SureStack integrates with a range of existing cybersecurity tools used by organisations, including firewalls, endpoint protection, authentication services, Security Information and Event Management (SIEM), ticketing systems, email security, and vulnerability management solutions. The system continuously monitors configurations for deviations, misconfigurations, vulnerabilities, and security gaps, delivering alerts and updates through its dashboard interface.
Integration partners at launch include CrowdStrike, Fortinet, Palo Alto, Sonic Wall, and Trellix. The company has indicated that additional integrations are in development.
The platform's features include StackChat, an AI-powered cybersecurity assistant designed to support users in real time. StackChat allows security professionals to query live environments, troubleshoot problems, and access information about deployed tools, configurations, and policies. SureStack says that by providing a unified knowledge base, StackChat helps decrease training periods, improve operational efficiency, and support faster resolution of issues.
Other capabilities within SureStack comprise real-time validation of stacks against known threats and vulnerabilities, daily monitoring of external threat landscapes for new vulnerabilities related to the user's security stack, and regular data collection from sources such as security vendor websites, the National Institute of Standards and Technology (NIST), and vulnerability databases.
An automated grading system is also included to help defenders identify priorities and act on the changes that could most quickly reduce risk. The platform also enables adversarial attack simulations, validating whether current configurations would mitigate common threat tactics and vulnerabilities, referencing the MITRE ATT&CK framework as a benchmark.
SureStack provisions each customer with a private tenant and provides several deployment and hosting options. Organisations with strict compliance or sovereignty needs can choose self-hosted environments.
The service is available with tiered pricing structures catering to managed service providers (MSPs), managed security service providers (MSSPs), mid-sized organisations, large enterprises, and government bodies.
The founding team at SureStack brings experience from sectors including defence, intelligence, healthcare, and financial services. Insights from defending high-target environments are embedded in the platform's methodology.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
5 days ago
- Techday NZ
How emerging technologies in critical infrastructure are expanding cyber risks
Emerging technologies like industrial Internet of Things, unified platform architectures, and cloud-integrated operational technology (OT) are transforming the critical infrastructure (CI) landscape. This transformation, driven by the need for greater agility and pursuit of competitive advantage, is unlocking unprecedented levels of automation, operational efficiency, and data-driven decision-making. However, it's also significantly expanding the cyber threat surface, often in ways that many leaders are yet to fully grasp. CI was once more difficult to penetrate for malicious threat actors due to its complexity. Legacy systems were fragmented and comprised of disparate technologies that accumulated over decades. Threat actors had to invest substantial time and resources into reconnaissance to launch an attack. Today, many new facilities are built on unified platforms, creating a predictable and repeatable attack surface. A single successful exploit can cascade across multiple sites that share the same platform or architecture. The reduction in complexity has simplified operations for businesses, yet it can also lower the barrier to entry for cybercriminals. The scale and frequency of attacks are simultaneously increasing. Fortinet's research shows that cybercriminals launched over 36,000 malicious scans per second in 2024 alone, leveraging automation to probe global infrastructure for weaknesses. (1) A key focus of these scans are widely used though often unmonitored OT protocols such as Modbus transmission control protocol (TCP) and session initiation protocol (SIP). These underpin critical sectors including telecommunications, industrial control systems, and manufacturing. OT protocols are typically unencrypted, making them significantly easier to intercept and manipulate unlike encrypted internet protocols used in IT networks. This trend is especially alarming for the manufacturing sector, which has become the most targeted industry for ransomware attacks. Companies operating in this space often underestimate their importance within the broader national interest. For example, a plastics moulding plant might appear to be a low-value target until geopolitical conditions change and its outputs are redirected toward other critical supply chains. The result is not dissimilar to perfume manufacturers or distillers pivoting towards producing hand sanitiser during the COVID-19 pandemic. The ability to redirect industrial capabilities during times of crisis depends on uninterrupted operations, even in assets that might otherwise be considered low-risk or under-protected. The financial consequences of disruption are also staggering. Estimates suggest that the cost of downtime for Australian industrial organisations can exceed AU$349,000 per hour. (2) Despite this, many businesses still fail to quantify their risk, making it difficult to justify or prioritise cybersecurity investment. This leaves decision-makers blind to the urgency and scale of the threat and without a clear understanding of the operational and financial ramifications of compromise. The hyper-connected nature of today's supply chains compounds the risk for manufacturers and CI providers as operations are no longer as siloed as they once were. Manufacturing facilities, raw material suppliers, and distribution networks are now linked through automated systems that dictate production targets, manage procurement, and schedule delivery with little human oversight. The effects ripple across the entire chain, often with devastating speed, when one node is disrupted, whether that's through a cyberattack or a natural disaster. This interconnectedness is now central to cost efficiency and competitiveness, yet it has exposed previously obscured dependencies. What's clear now is that resilience must be built into every part of the value chain, from procurement to production to logistics. Policy shifts have attempted to address some of these gaps. The Australian Security of Critical Infrastructure (SOCI) Act recognises that cyber threats must be treated alongside physical and environmental risks and promotes an all-hazards approach. This means companies must account for malicious actors as well as natural disasters that can disable infrastructure just as effectively. Critically, the move to platform-based infrastructure creates systemic risk if not managed appropriately, despite its operational advantages. A single vulnerability in a widely adopted platform can propagate across an entire industry, making it easier for malicious threat actors to compromise more organisations with less effort. The challenge for business leaders is to balance the efficiencies gained from standardisation with the need for layered defences, segmentation, and continuous visibility across all connected assets. Mitigation demands more than firewalls and endpoint detection. It starts with selecting the right architectural framework. International Electrotechnical Commission 62443 (IEC 62443) remains the most widely accepted global standard for operational environments, with variants tailored for sectors such as transport (TS50701), maritime (E26/E27), and energy (National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)). These frameworks are not interchangeable; they reflect the specific risk profiles, interdependencies, and compliance requirements of each industry. A one-size-fits-all strategy is not just ineffective; it's potentially dangerous. The CI threat landscape is evolving faster than many companies can respond, and the assumption that certain sectors are too minor or obscure to attract attention is outdated. Every connected node contributes to national resilience or vulnerability, regardless of its perceived value. Recognising this is the first step toward closing the gaps that adversaries are eager to exploit. Delaying that recognition is no longer an option for organisations that underpin essential services. References: (1) resources/reports/threat- landscape-report (2) detail/108529/abb-survey- reveals-unplanned-downtime- costs-the-typical-australian- industrial-business-349000- per-hour
Techday NZ
6 days ago
- Techday NZ
Fortinet lifts outlook as quarterly revenue climbs to USD $1.63bn
Fortinet has reported financial results for the second quarter ended 30 June 2025, showing a 14 per cent year-on-year increase in revenue to USD $1.63 billion and a raised outlook for full-year billings by USD $100 million. Second quarter highlights The company's billings for the quarter reached USD $1.78 billion, a 15 per cent increase compared to the corresponding period last year. Key businesses within Fortinet's portfolio showed notable performance, including unified secure access service edge (SASE) annual recurring revenue (ARR), which grew by 22 per cent year over year, and security operations ARR, which increased by 35 per cent. Fortinet reported a generally accepted accounting principles (GAAP) operating margin of 28 per cent and a non-GAAP operating margin of 33 per cent for the quarter. Executive commentary "Our strong second quarter performance and consistent track record of growth are a direct result of our continued innovation and customer-first strategy, enabling us to beat our billings guidance for the quarter and raise our full year billings outlook. We are the industry leader in network security, with the most deployed firewalls worldwide, a New-Generation SASE Firewall, and recognised leadership in the 2025 Gartner Magic QuadrantTM for SASE Platforms. This recognition, along with our strong business momentum, financial outlook, innovation, and leadership across five separate network security Magic QuadrantTM reports, underscores the strength of our AI-driven security approach and the strategic advantage of our unified FortiOS operating system." Ken Xie, Founder, Chairman and Chief Executive Officer of Fortinet, reflected on the quarterly performance using the above statement. Industry recognition and technology developments Fortinet was recognised as a Leader in the 2025 Gartner Magic Quadrant for SASE Platforms and achieved the number one position in the Critical Capabilities for SASE Platforms report for the Secure Branch Network Modernisation use case. The company was also the only vendor mentioned in five distinct network security Magic Quadrant reports in 2025. The company expanded its FortiCloud portfolio with three new natively integrated services: FortiIdentity, FortiDrive and FortiConnect. In addition to this, Fortinet was named the Overall Leader for the third consecutive year in the Westlands Advisory IT/OT Network Protection Platform Navigator 2025 report and was recognised as a Leader in the Gartner Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure for the second year running. Fortinet was also named a Gartner Peer Insights Customers' Choice for SD-WAN for the sixth year in a row and for Endpoint Protection for the third year in succession. The company stated that it has crossed 1,400 issued patents worldwide, including over 500 issued and pending artificial intelligence-related patents, attributed to its research and development investments. Financial guidance Looking forward to the third quarter of 2025, Fortinet expects revenue in the range of USD $1.67 billion to USD $1.73 billion and billings between USD $1.76 billion and USD $1.84 billion. The company anticipates a non-GAAP gross margin of between 80.0 per cent and 81.0 per cent, with an operating margin range of 32.5 per cent to 33.5 per cent. Diluted non-GAAP net income per share is projected to be between USD $0.62 and USD $0.64, based on a non-GAAP effective tax rate of 18 per cent and a diluted share count of 772 million to 776 million shares. For the entire fiscal year 2025, projected revenue is between USD $6.675 billion and USD $6.825 billion, with service revenue expected to total between USD $4.55 billion and USD $4.65 billion. Fortinet forecasts billings in the range of USD $7.325 billion to USD $7.475 billion. Non-GAAP gross margin is anticipated to be from 79.0 per cent to 81.0 per cent, and non-GAAP operating margin from 32.0 per cent to 33.5 per cent. Diluted non-GAAP net income per share guidance is set between USD $2.47 and USD $2.53, assuming a non-GAAP effective tax rate of 18 per cent and a diluted share count of 773 million to 777 million. The company explained that its guidance on non-GAAP financial measures excludes certain items, including stock-based compensation and amortisation of acquired intangible assets, among others, due to the inherent uncertainty or unpredictability of these items.
Techday NZ
6 days ago
- Techday NZ
CrowdStrike unveils AI-driven updates to Falcon threat intelligence
CrowdStrike has announced the latest release of Falcon Adversary Intelligence, providing real-time, personalised threat intelligence embedded into security operations centre workflows. The new version of Falcon Adversary Intelligence aims to align threat intelligence with each customer's environment, exposures, and detections, operationalising intelligence at scale for improved detection, hunting and response. CrowdStrike has a history of tracking over 265 nation-state, eCrime and hacktivist groups globally. Its current offering seeks to address the challenge security teams face with fragmented intelligence across disconnected tools and the lack of context needed to understand how adversary threats apply to an organisation's specific risk profile and technology stack. The company stated that adversaries are growing in sophistication, leveraging artificial intelligence to accelerate attacks while also targeting AI-supported business operations. The latest update of Falcon Adversary Intelligence is designed to address these developments by replacing fragmented intelligence tools and static feeds with a personalised approach that uses the Falcon platform's first-party telemetry. This system prioritises and personalises intelligence according to each organisation's unique environment and risk factors. Key features Among the main features introduced is automated onboarding and intelligent rule creation. The system integrates infrastructure mapping and utilises knowledge from across the Falcon platform to deliver customer-specific intelligence. This includes reporting on relevant threats and trends, monitoring dark web activities, and highlighting information according to industry, technology stack, and detection data. Platform-driven prioritisation is another component, generating contextual threat profiles that reflect real-time detections, known exposures, and company profiles. For example, if a new threat targets a specific industry, the system automatically elevates its priority, providing in-depth threat profiles, Tactics, Techniques, and Procedures, targeting patterns, and related intrusion information to support rapid decision-making by analysts. The release also introduces Threat Hunting Guides within Falcon Adversary Intelligence Premium. These guides allow analysts to shift directly from threat insights to targeted investigations across their environments. With prebuilt queries and guided workflows, analysts can avoid time-consuming manual research, reducing investigations from as many as 15 steps to just a few clicks. When used with Falcon Next-Gen SIEM, the platform's click-to-hunt capabilities are intended to further reduce manual effort and enable faster response to emerging threats. Additionally, Intelligence Explorer provides analysts with a consolidated workspace to investigate threats, cross-reference adversary context, and correlate detection results within a single view for streamlined operations. "Today's adversaries are treating speed and stealth like weapons, using GenAI, cross-domain attacks, and targeted social engineering to move faster than ever while staying undetected," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "Threat intelligence can't just inform – it has to drive action. This is a smarter, more dynamic way to deliver intel aligned to each customer's environment. By boosting relevance, accelerating response, and delivering real operational ROI, analysts can act faster, hunt smarter, and stay ahead of today's most sophisticated threats." The approach taken by Falcon Adversary Intelligence is intended to increase the relevance and timeliness of data available to security analysts, replacing manual workflows with automation where possible and reducing investigation time. The system continually adapts based on live data from the client's environment, supporting prioritisation of threats that are most pertinent to each organisation's exposures and operations. CrowdStrike highlighted its intention for the Falcon platform to contribute to more effective and context-driven threat defence as adversaries escalate the use of automation and AI in their attacks against enterprise environments. The company reports that these updates are now available to customers, enabling security teams to access real-time intelligence and workflow support within the Falcon ecosystem.
