This is a roll-up of recent platform updates across Blue Shield, Red Shield, and Risk Management. All changes are live for existing customers; nothing is opt-in or extra cost.
Blue Shield
One-click host isolation
From any incident view, analysts (and approved customer responders) can now isolate an affected host directly. The action calls into CrowdStrike, SentinelOne, or Defender depending on the EDR present, with a unified UI and full audit trail. No more switching consoles mid-incident.
Faster identity correlation
Triage agents now incorporate Entra ID risk signals and recent OAuth grants directly into the alert dossier. Average time-to-context dropped 23% in our internal benchmarks.
Expanded log retention
Standard tier now includes 12 months of hot, searchable retention (up from 6). Compliance-tier customers continue to get 7 years.
Red Shield
O365 / Microsoft 365 assessments
The cloud assessment library now covers the full Microsoft 365 control plane: Conditional Access, Exchange Online, SharePoint, Teams, Defender for Office, and Purview. Findings are mapped to CIS M365 v3 benchmarks and rated by exploitability rather than just severity.
Google Workspace assessments
Parity for Google Workspace shipped in the same release. Drive sharing posture, OAuth app inventory, admin role auditing, alert center integration.
Continuous external scanning
External attack surface scanning moved from weekly to daily. Newly exposed services are flagged in the customer dashboard within an hour of detection. Critical CVEs trigger pager-style notifications.
Risk Management
SentinelOne integration
Asset discovery now joins SentinelOne's device inventory alongside CrowdStrike and Defender, with automatic deduplication across all three.
Cloud asset reconciliation
AWS, Azure, and GCP resources are now reconciled against the unified CMDB with ownership, tags, and last-modified timestamps preserved. Cross-cloud queries ("show me all production databases across all three clouds") work in one shot.
Executive risk scoring v2
The board-level risk dashboard rebuilt around three top-line metrics: exposed surface, actively exploited risk, and mean-time-to-remediate. Each drillable to the underlying assets and findings.
Coming next
- Identity Threat Detection & Response (ITDR) — purpose-built detections for Entra ID, Okta, and AD attack patterns. Beta in Q3.
- SaaS posture management — extending the Risk Management approach beyond M365 and Google Workspace into the long tail of SaaS apps via OAuth-based discovery.
- Customer-built detection rules — fully-managed deployment of your own custom rules through the Blue Shield UI, including version control and rollback.