Enhance your knowledge in Exposure Management

Reach Security has been identified as a key vendor in the Gartner "Emerging Tech: Tech Innovators in Domain-Specific Language Models for SecOps.” Reach Security was named in the “Preemptive Capabilities for Tech Innovators in DSLM Models for SecOps category.”

March 10, 2026

Reach Security, an AI‑native security company that gives customers a single interface to understand and operate security controls at scale, is proud to announce that it has been named a finalist in the prestigious 2026 SC Awards.

March 9, 2026

Reach Security experienced record expansion across every dimension of the business in 2025. The company achieved 500% revenue growth, a 300% increase in new customers, and 300% team growth.

February 10, 2026

APMdigest examines how organizations can reclaim prevention by using exposure management and agentic AI to turn configuration awareness into operational resilience, drawing lessons from outages like Cloudflare’s.

February 4, 2026

E-ChannelNews reports on how Garrett Hamilton, CEO and co-founder of Reach Security, is addressing configuration drift and resource constraints by using AI to harden existing security tools and operationalize cyber resilience.

February 4, 2026

Security Boulevard examines how configuration drift has become a hidden but escalating security risk, as growing tool complexity, constant change, and emerging AI automation quietly erode enterprise security postures over time.

February 4, 2026

Reach Security announced today that it has been recognized as a Representative Provider in the Gartner Innovation Insight for Automated Security Control Assessment (ASCA) report.

February 2, 2026

SecurityWeek explores how zero trust is evolving from a static goal into a continuous, identity-driven journey, shaped by AI, non-human identities, and mounting operational and organizational challenges.

January 29, 2026

SecuritySenses analyzes how cybersecurity can move beyond an “assume breach” mindset by using domain-specific AI models to help security architects reduce misconfigurations, manage tool sprawl, and rebalance strategy toward prevention.

January 29, 2026

Security Boulevard explores how organizations can shift cybersecurity left of boom by using agentic AI to optimize existing security tools, improve visibility, and make threat prevention practical again.

January 7, 2026

CRN highlights 10 early-stage cybersecurity startups poised for growth in 2026, including companies advancing identity security, exposure management, data protection and hybrid attack surface solutions.

January 5, 2026

December 2, 2025

TechRound profiles Reach Security as a TechRound-100 company, highlighting how its AI-native exposure management platform helps organizations identify, prioritize, and remediate real security risk using the tools they already own.

November 26, 2025

SecuritySenses explains how organizations can reduce heightened Black Friday cyber risk by activating and properly configuring the security controls they already own, addressing misconfigurations and configuration drift before attackers exploit them.

November 20, 2025

November 10, 2025

Press release

July 28, 2025

Press release

April 28, 2025

Press release

April 22, 2025

Press release

February 11, 2025

Reach Security, the company pioneering advanced AI to reinvent security operations, today announced its listing in the CrowdStrike Marketplace, a premier technology marketplace and world-class ecosystem of third-party security products that integrate with CrowdStrike.

November 15, 2024

Press release

November 14, 2024

TechCrunch reports on the cybersecurity budget challenges faced by organizations, with Reach Security offering a solution.

November 10, 2024

Reach Security, a California startup promising technology to help businesses manage the maze of security tools and products, has raised $20 million in early stage venture capital funding.

November 9, 2024

Cybersecurity startup Reach Security Inc. announced today that it has raised $20 million in new funding to develop more artificial intelligence security features.

November 8, 2024

The investment is led by Ballistic Ventures and sees contributions from Artisanal Ventures and notable industry figures such as Mark McLaughlin, former CEO and President of Palo Alto Networks, and Denise Persson, CMO of Snowflake.

November 7, 2024

Todd shares his perspective from decades across startups, large enterprises, Cisco, and venture capital — and explains why Reach stood out as a platform focused on security hygiene, configuration awareness, and measurable outcomes, rather than more alerts.

December 23, 2025

November 6, 2025

Security configurations change constantly. Policies, exclusions and rules are modified, and updates aren’t always shared with the security team. Over time, this configuration drift erodes defenses quietly, leaving gaps over time. Reach detects and remediates configuration drift across your integrated security tools. Using cybersecurity domain-specific AI agents, Reach uncovers drift, shows you potential impact to your security posture, and then automates remediation to keep you aligned to policy and fix these issues before they introduce risk.

October 23, 2025

Join Reach Security CEO & Co-Founder Garrett Hamilton in an in-depth conversation with Jay Wilson, CIO & CISO at Insurity. Recorded at Black Hat USA 2025, Jay shares how Insurity is leveraging AI to sustain Zero Trust, streamline operations, and bridge the gap between IT and security leadership. The discussion explores the emergence of dual CIO/CISO roles, the transformation of subjective security practices into objective, data-driven automation, and why the future of cybersecurity relies on partnership, collaboration, and AI-powered platforms.

October 15, 2025

Reach Security's updated user interface includes an expanded asset inventory page which offers a centralized location to access threat and risk metrics for users, devices, and integrated product capabilities.

September 29, 2025

Reach Security's updated user interface allows you to monitor configuration drift efficiently and create tailored rules for more precise security controls.

September 29, 2025

Reach Security's updated user interface supports an integrated workflow with quicker access to information. To learn more, visit reach.security

September 29, 2025

Reach Security has a fresh modern look that simplifies navigation, reduces clicks, and improves usability. Take the grand tour. Learn more at reach.security

September 29, 2025

Join Reach Security CEO & Co-founder Garrett Hamilton in an in-depth conversation with cybersecurity legend Kevin Mandia, founder of Mandiant and partner at Ballistic Ventures. Recorded at Black Hat USA 2025, Kevin shares his 30-year journey in incident response, the professionalization of cyber threats, AI's impact on security, and advice for founders building the next generation of solutions. Key insights include why "security is a calling where you can never rest" and the shift toward holistic cyber defenses.

September 23, 2025

Our CEO & co-founder, Garrett Hamilton, chats with Nicole Perlroth following her Black Hat USA 2025 keynote, where the former New York Times cybersecurity reporter, venture partner at Ballistic Ventures and founding partner at Silver Buckshot Ventures delivers a stark warning: AI is supercharging cyber threats.

August 29, 2025

In this episode, we sit down with Garrett Hamilton, Co-Founder and CEO of Reach Security, to talk about the hidden risks most enterprises overlook—misconfigurations, exposures, and underutilized security tools. Garrett shares his journey from working at leading cybersecurity companies to building Reach, a platform designed to identify and fix hidden risks using AI, APIs, and your existing security stack. We cover:

August 14, 2025

July 9, 2025

A conversation with Joe Masud, VP of Cyber Security & Engineering, Aristocrat.

February 6, 2025

A conversation with Raymond Winder, Director of Information Security, Autodesk; Joe Masud, VP of Cyber Security & Engineering, Aristocrat; Joshua Jones, VP of Western Division, Tevora; and Garrett Hamilton, Founder & CEO, Reach.

February 6, 2025

A conversation with Joshua Jones, VP of Western Division, Tevora.

February 6, 2025

A conversation with Geoff Belknap, Deputy CISO, Microsoft; Raymond Winder, Director of Information Security, Autodesk; Joe Masud, VP of Cyber Security & Engineering, Aristocrat; and Barmak Meftah, Co-Founder & General Partner, Ballistic Ventures.

February 6, 2025

A conversation with Geoff Belknap, Deputy CISO, Microsoft; Nicole Perlroth, New York Times Bestselling Author; and Colt Blackmore, Co-Founder & CTO, Reach Security.

February 6, 2025

Trey Ford and RSnake did a great demo day with Reach Security. It blew what little hair RSnake has left back. A person-based risk approach to IT governance and control? Who would have thought of such a thing? Definitely worth a watch if you control security at a large organization.

February 5, 2025

Reach Security CEO & Co-Founder Garrett Hamilton sits down with Trinity Chavez of the NYSE to explore how Reach takes organizations from “architecture to action” with Zero Trust.

February 5, 2025

Dive into the complexities, strengths, shortcomings, and novel uses of machine learning with Colt in this BSides talk.

November 18, 2024

Organizations are asked, told, reminded, and even have their security measured against industry best practices configurations. But could they actually be detrimental to your company and the industry as a whole?

November 17, 2024

Continuous Threat Exposure Management is a continuous security framework for identifying, assessing, validating, and reducing the exposures that matter most to an organization.

March 12, 2026

March 9, 2026

Most security teams know what the “right” controls look like on paper. But real-world environments rarely match the blueprint. Between legacy systems, limited staffing, and overlapping tools, the gap between what’s ideal and what’s feasible is often wide.

February 3, 2026

Security teams today aren’t short on tools. Most environments are packed with security controls—spanning email, identity, network, endpoint, and cloud. But despite this abundance, risk remains stubbornly high. Attacks continue to land. Exposure persists.

February 3, 2026

True security optimization isn’t about buying more technology; it’s about maximizing the impact of the tools you already have. This means shifting from a reactive, tool-centric approach to a proactive, outcome-driven strategy; one that ensures security investments deliver measurable risk reduction.

February 3, 2026

To address this growing challenge, the concept of Automated Security Control Assessment (ASCA) was defined and named by Gartner, setting a new standard for how organizations evaluate and optimize their security controls. By automating these processes, ASCA empowers organizations to reduce exposure, enhance their defenses, and stay ahead of emerging threats.

February 3, 2026

To achieve effective system hardening, a systematic approach is crucial. This involves identifying, auditing, managing, and mitigating cybersecurity vulnerabilities throughout your IT infrastructure. Additionally, it requires continuous monitoring and optimizing of security controls to address threats targeting and impacting your environment. This article explores the importance of system hardening.

February 3, 2026

January 27, 2026

Recent research from Proofpoint highlights a growing trend in identity-based attacks. Rather than stealing passwords or exploiting software flaws, multiple threat actors are now abusing legitimate Microsoft authentication workflows to gain access to Microsoft 365 accounts at scale. This technique, known as device code phishing, is not new. What is new is how widespread the technique has become, particularly among both state-aligned and financially motivated adversaries. More importantly, it underscores a recurring theme in modern security incidents. The attack succeeds not because a control failed, but because it was not properly configured to stop this behavior.

January 8, 2026

A recent Dark Reading article highlighted a sobering shift in how nation-state threat actors are gaining access to critical infrastructure. According to reporting on a new Amazon Threat Intelligence disclosure, Russian actors affiliated with the GRU have spent years refining a campaign that increasingly bypasses traditional vulnerability exploitation altogether. Instead, they are walking straight through the front door left open by misconfigured network edge devices.

December 19, 2025

Threat exposure management refers to the continuous process of assessing how vulnerable an organization is to actual attack paths across all systems, applications, and environments. This includes both direct assets and external dependencies like cloud services, SaaS platforms, and third-party integrations.

November 26, 2025

You can use AI to help you detect and correct defensive weaknesses in the form of exposures, misconfigurations, underutilized security tool capabilities, and configuration drift. There are advantages to knowing where you’re weak before an attacker does, and then quickly fixing it. Domain-specific cybersecurity models can help you fully understand your environment and the exposures present, and ideally, automate the remediation process for rapid security hardening.

November 20, 2025

Traditional NSPM tools excel at defining and enforcing policies but struggle to verify that those configurations remain intact. Once deployed, policies can drift quietly for weeks or months, only surfacing when an incident or audit exposes the discrepancy. Reach Security extends NSPM beyond policy management into policy assurance – ensuring that what’s configured always matches what’s intended.

November 19, 2025

In cybersecurity, detection and response are table stakes. Attackers are faster, techniques more subtle, and the cost of even small missteps on the part of the defender is growing. To truly shift from reactive defense to proactive protection, teams need something more: continuous exposure assessment, management, and prevention.

October 22, 2025

By shifting focus left of boom—closing exposures before attackers exploit them—security teams can regain control of their defenses, get ahead of threats, maximize their existing security tool investments, and stop the cycle of reactive firefighting.

October 16, 2025

In today’s rapidly evolving cybersecurity landscape, exposure management has become a critical practice for organizations looking to stay ahead of potential threats. Unlike traditional approaches that focus solely on vulnerabilities, exposure management examines the broader context of how and why specific issues could impact an organization and prioritizes actions based on risk. A key aspect of this practice is understanding the exposure of employees, contractors, and even executives as attackers often attempt to exploit human vulnerabilities as well as critical systems.

September 10, 2025

Reach Security CEO & Co-Founder Garrett Hamilton sits down with Trinity Chavez of the NYSE to explore how Reach takes organizations from “architecture to action” with Zero Trust.

September 10, 2025

Conditional Access contains simple yet powerful sign-on attributes that can be tailored to your business with a risk-based approach. Whether you're undergoing security tool consolidation efforts or embarking on an IAM hardening project, consider starting with a series of tailored sign-on policies that address risk where most breaches start.

September 10, 2025

As we continue to navigate the complexities of cybersecurity, our focus remains on providing solutions that not only secure but also streamline operational processes. The new ServiceNow integration is a testament to our dedication to mastering the last mile, ensuring that our clients can achieve and maintain the highest levels of security maturity.

September 10, 2025

Zero Trust isn’t a product or a one-time implementation, it’s a strategic approach to cybersecurity that continuously evolves. Yet, many organizations struggle to move beyond theoretical frameworks and turn Zero Trust into real-world security improvements.

July 30, 2025

This growing issue not only increases an organization’s exposure to potential cyberattacks but also wastes money and time spent by security analysts chasing down alerts that could have been stopped upstream. By understanding the implications of security debt and implementing strategies for security hardening, organizations of all sizes can minimize risk and maximize their return on investment.

July 30, 2025

Upgrading Microsoft enterprise licensing from E3 to E5 or P1 to P2? Whether your company is upgrading or considering the move, you may be facing questions about how to leverage this shift for your security team’s advantage.

July 30, 2025

July 17, 2025

The constant evolution of today's threat landscape has organizations counting on security controls to keep the bad actors out and safeguard their people, sensitive data, critical infrastructure, operations, and brand. However, even the most sophisticated security tools can present a risk to organizations when they are improperly configured. And unfortunately, even the best security teams can make mistakes. Whether it’s a firewall rule left too permissive, a mismanaged IAM rule, or an EDR process monitoring bypass, the implications can range from severe financial loss to risks with the customer base that can lead to significant and sometimes irreparable reputational damage.

July 7, 2025

Zero Trust is no longer a novel idea, it's a security imperative. While most organizations have embraced Zero Trust in principle, putting it into practice is another story.

June 25, 2025

Security posture is the ability of your environment to withstand real-world threats, not just meet compliance requirements. Strong posture doesn’t just reflect what’s present. It reflects how well your protections are working, how proactively you reduce risk, and how resilient your systems are when tested.

May 22, 2025

In many organizations, configuration management is treated as a background process. It’s something handled during deployment or reviewed during compliance audits. But when viewed through a security lens, configuration becomes one of the most important factors in reducing exposure.

May 22, 2025

Security teams are buried in findings. Whether it scans for vulnerabilities, evaluates configurations, or monitors runtime behavior, every tool delivers its own version of “what’s wrong.” The result is a sprawling list of issues, all marked urgent, with little consistency in how they’re scored or what should happen next.

May 22, 2025

Vulnerability management has long been seen as one of the most straightforward areas in security. Scan your assets, identify vulnerabilities, prioritize the findings, and patch what you can. On paper, it looks like a repeatable process. But in reality, vulnerability mitigation is anything but simple.

May 1, 2025

Security posture assessments are a foundational part of any security program. They’re how organizations take stock of their defenses, evaluate coverage, and identify gaps. But in practice, many posture assessments have become stuck in a pattern.

May 1, 2025

As security teams face growing complexity across tools, identities, and threats, Reach Security continues to deliver targeted capabilities to help organizations mitigate risk sooner, align controls to real-world threats, and drive operational clarity. This quarter’s updates are all about proactive defense - helping you adapt in real time as your environment evolves.

April 21, 2025

Security teams are busier than ever, chasing alerts, deploying tools, and checking boxes. But under the surface, many are asking the same question: Are we actually reducing risk? This post explores why constant activity doesn’t always equal meaningful progress, and how to break free from reactive cycles to focus on what truly matters.

April 3, 2025

This past quarter, Reach Security delivered a series of powerful updates to help organizations unlock the full potential of their security tools and maintain a strong security posture.

February 10, 2025

2024 was a year of incredible momentum for Reach Security. As we enter 2025, one thing is clearer than ever: security teams don’t need more dashboards telling them what’s wrong, they need a way to fix the exposure.

February 10, 2025

Left unchecked, configuration drift increases exposure to cyber threats. Yet, many organizations remain unaware of how much drift has occurred until an audit, incident, or breach exposes the issue. Understanding what configuration drift is, how it happens, and how to prevent it is critical for maintaining a strong security posture.

January 31, 2025

Staying ahead of adversaries is a constant challenge due to the evolving tactics and techniques that they leverage to gain access and achieve their objectives. While frameworks like MITRE ATT&CK have become an industry standard for understanding and discussing adversary behaviors, it can be challenging for defenders to map their own defenses.

January 9, 2025

One of the key value propositions of Reach is that our platform not only increases your security posture by providing critical insights, but it also allows customer to take action and deploy configurations with automation.

December 10, 2024

We’re thrilled to introduce the new Compliance View within Reach! Built to support Governance, Risk and Compliance (GRC) teams, Reach customers can now drill in to see how the configurations in their enterprise security products tie back into prominent GRC frameworks, and how they can use these products to improve their maturity with a given framework.

November 20, 2024

Through collaboration among our teams, we've identified the top 10 misconfigurations that often slip through the cracks and significantly impact an organization's security.

November 13, 2024

We're excited to announce the launch of Reach’s Licensing View, which was built to help customers better understand the value they are getting from the licensed features they are paying for in their security products.

October 31, 2024

One of the most exciting parts of joining an early-stage company is the opportunity to do things differently. Shortly after I joined Reach, I learned that customers were using Reach to help streamline authentication processes for low-risk users, particularly those who log in from the same locations and devices each day. Rather than constantly prompting for multi-factor authentication, Reach enables security teams to identify and control exposure in place for users in familiar scenarios, reducing the friction for users, while maintaining security.

October 24, 2024

With Cybersecurity Awareness Month in full swing and the 2024 Grace Hopper Celebration behind us, I had the opportunity to present a choose-your-own-adventure tabletop session on ransomware. After reflecting on my discussions with attendees at GHC, ransomware emerged as a challenge and top priority for many.

October 17, 2024

In today’s fast-evolving cybersecurity landscape, integration architecture is not just a necessary feature, but the backbone of how security systems communicate and protect organizations. Reach has approached integrations from a unique perspective, opting to take the hard road of building a system that is not tied solely to best practices, but fundamentally designed to adapt, learn, and integrate with purpose-built AI. It’s a decision that reflects our commitment to innovation, a deep understanding of the cybersecurity market alongside the products within a customer’s ecosystem, and a belief that the best path is rarely the easiest one.

October 10, 2024

Beginning in October, Microsoft will mandate multi-factor authentication (MFA) for multiple Azure components, including the Entra admin portal. Given Microsoft’s research indicates that MFA can prevent over 99.2% of account compromise attempts, this is great news! For those utilizing Entra Conditional Access to govern how users authenticate to mission-critical applications, there are additional measures you can take within Entra to further reduce the risk of credential compromise. Let’s explore some strategies to elevate your Conditional Access implementation beyond MFA using the features you’re licensed for.

September 26, 2024

While Gartner is helping to shape this new market category, companies like Autodesk and Nutanix are already realizing the benefits of this approach through Reach’s platform. By focusing on continuous security control assessments that leverage both business and adversarial threat context, Reach helps organizations like Autodesk and Nutanix understand the specific risks they face. Reach automates configuration changes to align with these risks, while also ensuring that organizations maximize the value of their existing security tools.

September 19, 2024

Phishing and credential theft remain two of the top methods adversaries use to breach networks. To counter these effectively, it’s not enough to understand the attacks themselves—you also need a strong defensive strategy. That’s where a framework like MITRE D3FEND can make all the difference, providing a structured approach to securing your organization.

September 12, 2024

As organizations expand and evolve, the relationship between IT and security becomes equally as important as it is complex. The rapid pace of technology changes to drive revenue and streamline operations, coupled with an increasing number of sophisticated cyber threats, forces both IT and security teams to constantly adapt. This dynamic environment makes it challenging to maintain the integrity of security controls while ensuring operational efficiency and availability. For security teams, this challenge is especially evident when it comes to monitoring and maintaining established security controls from a configuration lens.

August 29, 2024

Integrating Reach with Okta is a game-changer for boosting your security in the event of credential compromise. With Reach’s advanced analytics and proactive recommendations, organizations can better defend against threats from attackers looking to spoof their location and gain access to sensitive infrastructure. This combo not only maximizes the value of Okta’s Adaptive features, but also adds an extra layer of security for a more comprehensive approach to your IAM deployment.

August 15, 2024

At Reach, we prioritize the safety and control of our users by leveraging a staged environment for automation. This approach not only safeguards the production environment but also ensures that changes are meticulously tested and approved before going live. Whether it’s implementing Conditional Access policies or deploying other critical updates, Reach’s staged automation empowers organizations to increase their cybersecurity posture with confidence, efficiency, and ease.

July 31, 2024

The last mile is a critical component of cybersecurity operations. By embracing a comprehensive approach that goes beyond mere reports to actionable and automated implementation, Reach ensures that your organization is not only secure but also agile and efficient. Stay tuned for our upcoming posts where we will delve deeper into specific use cases and solutions that exemplify our commitment to mastering the last mile in cybersecurity.

July 10, 2024

You may hear terms like "tools rationalization" or "maximizing tool effectiveness," but their meanings can vary. Are you following a vendor best practice checklist, mapping CVEs to specific configurations, or tracking workforce risk and ensuring your licensed capabilities address this risk? Whichever path you choose, understanding the value of each approach is crucial.

May 21, 2024

February 6, 2026

Reach integrates with your existing security tools to proactively identify and remediate misconfigurations, activate underutilized capabilities, and continuously monitor for configuration drift to close security gaps and supercharge security posture.

February 6, 2026

NIST Special Publication 1800–35 offers one of the most detailed and actionable roadmaps for implementing Zero Trust in complex, real-world environments.

January 30, 2026

Prepared by TAG Infosphere, this Executive Brief highlights ROI-driven results from Reach Security’s remediation and posture assessment platform.

January 30, 2026

January 30, 2026

January 30, 2026

January 30, 2026

January 28, 2026

January 28, 2026

December 11, 2025

January 9, 2025

February 24, 2026

February 24, 2026

February 24, 2026

February 24, 2026

February 24, 2026

February 23, 2026

A new ROI analysis by trusted analyst firm TAG Cyber shows how Reach helps security leaders reduce exposure, reclaim time, and optimize their budgets.

June 5, 2025

June 4, 2025