Enhance your knowledge in Exposure Management

Press release

Press release

Press release

Reach Security, the company pioneering advanced AI to reinvent security operations, today announced its listing in the CrowdStrike Marketplace, a premier technology marketplace and world-class ecosystem of third-party security products that integrate with CrowdStrike.

Press release

TechCrunch reports on the cybersecurity budget challenges faced by organizations, with Reach Security offering a solution.

Reach Security, a California startup promising technology to help businesses manage the maze of security tools and products, has raised $20 million in early stage venture capital funding.

Cybersecurity startup Reach Security Inc. announced today that it has raised $20 million in new funding to develop more artificial intelligence security features.

The investment is led by Ballistic Ventures and sees contributions from Artisanal Ventures and notable industry figures such as Mark McLaughlin, former CEO and President of Palo Alto Networks, and Denise Persson, CMO of Snowflake.

A conversation with Joe Masud, VP of Cyber Security & Engineering, Aristocrat.

A conversation with Raymond Winder, Director of Information Security, Autodesk; Joe Masud, VP of Cyber Security & Engineering, Aristocrat; Joshua Jones, VP of Western Division, Tevora; and Garrett Hamilton, Founder & CEO, Reach.

A conversation with Joshua Jones, VP of Western Division, Tevora.

A conversation with Geoff Belknap, Deputy CISO, Microsoft; Raymond Winder, Director of Information Security, Autodesk; Joe Masud, VP of Cyber Security & Engineering, Aristocrat; and Barmak Meftah, Co-Founder & General Partner, Ballistic Ventures.

A conversation with Geoff Belknap, Deputy CISO, Microsoft; Nicole Perlroth, New York Times Bestselling Author; and Colt Blackmore, Co-Founder & CTO, Reach Security.

Trey Ford and RSnake did a great demo day with Reach Security. It blew what little hair RSnake has left back. A person-based risk approach to IT governance and control? Who would have thought of such a thing? Definitely worth a watch if you control security at a large organization.

Reach Security CEO & Co-Founder Garrett Hamilton sits down with Trinity Chavez of the NYSE to explore how Reach takes organizations from “architecture to action” with Zero Trust.

Dive into the complexities, strengths, shortcomings, and novel uses of machine learning with Colt in this BSides talk.

Organizations are asked, told, reminded, and even have their security measured against industry best practices configurations. But could they actually be detrimental to your company and the industry as a whole?

Vulnerability management has long been seen as one of the most straightforward areas in security. Scan your assets, identify vulnerabilities, prioritize the findings, and patch what you can. On paper, it looks like a repeatable process. But in reality, vulnerability mitigation is anything but simple.

Security posture assessments are a foundational part of any security program. They’re how organizations take stock of their defenses, evaluate coverage, and identify gaps. But in practice, many posture assessments have become stuck in a pattern.

As security teams face growing complexity across tools, identities, and threats, Reach Security continues to deliver targeted capabilities to help organizations mitigate risk sooner, align controls to real-world threats, and drive operational clarity. This quarter’s updates are all about proactive defense - helping you adapt in real time as your environment evolves.

Most security teams know what the “right” controls look like on paper. But real-world environments rarely match the blueprint. Between legacy systems, limited staffing, and overlapping tools, the gap between what’s ideal and what’s feasible is often wide.

Security teams today aren’t short on tools. Most environments are packed with security controls—spanning email, identity, network, endpoint, and cloud. But despite this abundance, risk remains stubbornly high. Attacks continue to land. Exposure persists.

Security teams are busier than ever, chasing alerts, deploying tools, and checking boxes. But under the surface, many are asking the same question: Are we actually reducing risk? This post explores why constant activity doesn’t always equal meaningful progress, and how to break free from reactive cycles to focus on what truly matters.

Zero Trust isn’t a product or a one-time implementation, it’s a strategic approach to cybersecurity that continuously evolves. Yet, many organizations struggle to move beyond theoretical frameworks and turn Zero Trust into real-world security improvements.

This past quarter, Reach Security delivered a series of powerful updates to help organizations unlock the full potential of their security tools and maintain a strong security posture.

2024 was a year of incredible momentum for Reach Security. As we enter 2025, one thing is clearer than ever: security teams don’t need more dashboards telling them what’s wrong, they need a way to fix the exposure.

True security optimization isn’t about buying more technology; it’s about maximizing the impact of the tools you already have. This means shifting from a reactive, tool-centric approach to a proactive, outcome-driven strategy; one that ensures security investments deliver measurable risk reduction.

Left unchecked, configuration drift increases exposure to cyber threats. Yet, many organizations remain unaware of how much drift has occurred until an audit, incident, or breach exposes the issue. Understanding what configuration drift is, how it happens, and how to prevent it is critical for maintaining a strong security posture.

Staying ahead of adversaries is a constant challenge due to the evolving tactics and techniques that they leverage to gain access and achieve their objectives. While frameworks like MITRE ATT&CK have become an industry standard for understanding and discussing adversary behaviors, it can be challenging for defenders to map their own defenses.

One of the key value propositions of Reach is that our platform not only increases your security posture by providing critical insights, but it also allows customer to take action and deploy configurations with automation.

This growing issue not only increases an organization’s exposure to potential cyberattacks but also wastes money and time spent by security analysts chasing down alerts that could have been stopped upstream. By understanding the implications of security debt and implementing strategies for security hardening, organizations of all sizes can minimize risk and maximize their return on investment.

In today’s rapidly evolving cybersecurity landscape, exposure management has become a critical practice for organizations looking to stay ahead of potential threats. Unlike traditional approaches that focus solely on vulnerabilities, exposure management examines the broader context of how and why specific issues could impact an organization and prioritizes actions based on risk. A key aspect of this practice is understanding the exposure of employees, contractors, and even executives as attackers often attempt to exploit human vulnerabilities as well as critical systems.

To address this growing challenge, the concept of Automated Security Control Assessment (ASCA) was defined and named by Gartner, setting a new standard for how organizations evaluate and optimize their security controls. By automating these processes, ASCA empowers organizations to reduce exposure, enhance their defenses, and stay ahead of emerging threats.

The constant evolution of today's threat landscape has organizations counting on security controls to keep the bad actors out and safeguard their people, sensitive data, critical infrastructure, operations, and brand. However, even the most sophisticated security tools can present a risk to organizations when they are improperly configured. And unfortunately, even the best security teams can make mistakes. Whether it’s a firewall rule left too permissive, a mismanaged IAM rule, or an EDR process monitoring bypass, the implications can range from severe financial loss to risks with the customer base that can lead to significant and sometimes irreparable reputational damage.

To achieve effective system hardening, a systematic approach is crucial. This involves identifying, auditing, managing, and mitigating cybersecurity vulnerabilities throughout your IT infrastructure. Additionally, it requires continuous monitoring and optimizing of security controls to address threats targeting and impacting your environment. This article explores the importance of system hardening.

We’re thrilled to introduce the new Compliance View within Reach! Built to support Governance, Risk and Compliance (GRC) teams, Reach customers can now drill in to see how the configurations in their enterprise security products tie back into prominent GRC frameworks, and how they can use these products to improve their maturity with a given framework.

Through collaboration among our teams, we've identified the top 10 misconfigurations that often slip through the cracks and significantly impact an organization's security.

Upgrading Microsoft enterprise licensing from E3 to E5 or P1 to P2? Whether your company is upgrading or considering the move, you may be facing questions about how to leverage this shift for your security team’s advantage.

Reach Security CEO & Co-Founder Garrett Hamilton sits down with Trinity Chavez of the NYSE to explore how Reach takes organizations from “architecture to action” with Zero Trust.

We're excited to announce the launch of Reach’s Licensing View, which was built to help customers better understand the value they are getting from the licensed features they are paying for in their security products.

One of the most exciting parts of joining an early-stage company is the opportunity to do things differently. Shortly after I joined Reach, I learned that customers were using Reach to help streamline authentication processes for low-risk users, particularly those who log in from the same locations and devices each day. Rather than constantly prompting for multi-factor authentication, Reach enables security teams to identify and control exposure in place for users in familiar scenarios, reducing the friction for users, while maintaining security.

With Cybersecurity Awareness Month in full swing and the 2024 Grace Hopper Celebration behind us, I had the opportunity to present a choose-your-own-adventure tabletop session on ransomware. After reflecting on my discussions with attendees at GHC, ransomware emerged as a challenge and top priority for many.

In today’s fast-evolving cybersecurity landscape, integration architecture is not just a necessary feature, but the backbone of how security systems communicate and protect organizations. Reach has approached integrations from a unique perspective, opting to take the hard road of building a system that is not tied solely to best practices, but fundamentally designed to adapt, learn, and integrate with purpose-built AI. It’s a decision that reflects our commitment to innovation, a deep understanding of the cybersecurity market alongside the products within a customer’s ecosystem, and a belief that the best path is rarely the easiest one.

Beginning in October, Microsoft will mandate multi-factor authentication (MFA) for multiple Azure components, including the Entra admin portal. Given Microsoft’s research indicates that MFA can prevent over 99.2% of account compromise attempts, this is great news! For those utilizing Entra Conditional Access to govern how users authenticate to mission-critical applications, there are additional measures you can take within Entra to further reduce the risk of credential compromise. Let’s explore some strategies to elevate your Conditional Access implementation beyond MFA using the features you’re licensed for.

While Gartner is helping to shape this new market category, companies like Autodesk and Nutanix are already realizing the benefits of this approach through Reach’s platform. By focusing on continuous security control assessments that leverage both business and adversarial threat context, Reach helps organizations like Autodesk and Nutanix understand the specific risks they face. Reach automates configuration changes to align with these risks, while also ensuring that organizations maximize the value of their existing security tools.

Phishing and credential theft remain two of the top methods adversaries use to breach networks. To counter these effectively, it’s not enough to understand the attacks themselves—you also need a strong defensive strategy. That’s where a framework like MITRE D3FEND can make all the difference, providing a structured approach to securing your organization.

As organizations expand and evolve, the relationship between IT and security becomes equally as important as it is complex. The rapid pace of technology changes to drive revenue and streamline operations, coupled with an increasing number of sophisticated cyber threats, forces both IT and security teams to constantly adapt. This dynamic environment makes it challenging to maintain the integrity of security controls while ensuring operational efficiency and availability. For security teams, this challenge is especially evident when it comes to monitoring and maintaining established security controls from a configuration lens.

Integrating Reach with Okta is a game-changer for boosting your security in the event of credential compromise. With Reach’s advanced analytics and proactive recommendations, organizations can better defend against threats from attackers looking to spoof their location and gain access to sensitive infrastructure. This combo not only maximizes the value of Okta’s Adaptive features, but also adds an extra layer of security for a more comprehensive approach to your IAM deployment.

At Reach, we prioritize the safety and control of our users by leveraging a staged environment for automation. This approach not only safeguards the production environment but also ensures that changes are meticulously tested and approved before going live. Whether it’s implementing Conditional Access policies or deploying other critical updates, Reach’s staged automation empowers organizations to increase their cybersecurity posture with confidence, efficiency, and ease.

As we continue to navigate the complexities of cybersecurity, our focus remains on providing solutions that not only secure but also streamline operational processes. The new ServiceNow integration is a testament to our dedication to mastering the last mile, ensuring that our clients can achieve and maintain the highest levels of security maturity.

The last mile is a critical component of cybersecurity operations. By embracing a comprehensive approach that goes beyond mere reports to actionable and automated implementation, Reach ensures that your organization is not only secure but also agile and efficient. Stay tuned for our upcoming posts where we will delve deeper into specific use cases and solutions that exemplify our commitment to mastering the last mile in cybersecurity.

Conditional Access contains simple yet powerful sign-on attributes that can be tailored to your business with a risk-based approach. Whether you're undergoing security tool consolidation efforts or embarking on an IAM hardening project, consider starting with a series of tailored sign-on policies that address risk where most breaches start.

You may hear terms like "tools rationalization" or "maximizing tool effectiveness," but their meanings can vary. Are you following a vendor best practice checklist, mapping CVEs to specific configurations, or tracking workforce risk and ensuring your licensed capabilities address this risk? Whichever path you choose, understanding the value of each approach is crucial.