Our latest news and insights
Detecting RedSun Local Privilege Escalation
Windows Defender as an attack vector. That’s what makes the RedSun exploit chain worth paying attention to.
Our detection engineer Jani Vleurinck didn’t just read the advisory. He compiled the PoC, reproduced the full exploit chain, analyzed the Defender for Endpoint telemetry, and built a KQL detection rule that catches the three behaviors this exploit can’t avoid: named pipe creation, AV trigger, and a System32 process spawn from the same hash.
That detection has already been deployed across all of our SOC customers.
Microsoft Entra ID Is Changing How Passkeys Are Managed
Microsoft is introducing passkey profiles in Entra ID, replacing the current Passkeys (FIDO2) setup with a more granular model. Tenants with FIDO2 already enabled will be migrated automatically between April and May 2026. Here’s what’s changing and what admins should review now.
Identity Over Infrastructure: Why Forward-Thinking Companies Are Replacing VPNs with Microsoft GSA
Every company has employees working remotely. Either logging in from home, a coffee shop, or a business trip at the other end of the world. When this is the case, your firewall never sees it. Either because you allow direct internet access, or maybe because the user disables their VPN because the network connection is too slow. When VPN is needed to access private applications or file shares, the VPN connection stays active regardless of the security state of the device or user. Your perimeter no longer exists in the way it was designed, forcing you to trade-off between productivity and security. But what if we tell you, this no longer has to be the case?
Press Release: IT service providers VanRoey and Dynamate announce intention to merge
IT service providers Dynamate and VanRoey today announced their intention to merge strategically. Both companies want to combine their activities into a single integrated IT group for managed IT services, which will continue under the name Dynamate. The completion of the transaction is subject to approval by the competent competition authorities.
Visit The Collective at ICT4care 2026
The Collective will be at ICT4care, one of Belgium’s leading events for ICT in healthcare. Join us at De Montil on March 31 to discover how we help healthcare organisations strengthen their cybersecurity and protect increasingly complex digital environments. In...
Detection Engineering in a modern SOC
Detection Engineering forms the backbone of a modern Security Operations Center (SOC). It ensures proactive threat identification by creating and refining detection logic based on real-world attack patterns. This process is a continuous lifecycle that evolves dynamically with the ever-changing threat landscape.
At The Collective, our Managed Detection & Response service features a dedicated Detection Engineering team responsible for maintaining an up-to-date and effective detection base.
OpenClaw: The shadow IT threat your security team needs to address now
OpenClaw has exploded across the tech world, with employees eagerly installing it on corporate devices to boost productivity. But behind the hype sits a rapidly growing Shadow AI problem: an autonomous, high‑privilege agent quietly entering enterprise environments with full access to email, calendars, messaging apps, and system‑level commands — often without IT approval.
The Collective welcomes industry veteran Tim De Keukelaere to lead Managed Endpoint Services
The Collective, a premier cybersecurity specialist, is proud to announce the appointment of Tim De Keukelaere as Lead of Managed Endpoint Services. Tim joins the team with over 25 years of experience in endpoint management and security. In his new role, Tim will oversee The Collective’s Managed Endpoint Services (MES), ensuring clients benefit from proactive device management, security compliance, and seamless application delivery across their entire device fleet.
Press release – VanRoey acquires The Collective
Increased expertise in cybersecurity and foothold in East Flanders: VanRoey acquires The Collective Turnhout, January 23, 2026 – VanRoey acquires The Collective, a Belgian cybersecurity specialist with in-depth expertise in Microsoft-based security, endpoint...
Microsoft Ignite 2025 Recap: Key Security and Infrastructure Updates
Microsoft Ignite 2025 brought a wave of announcements that will shape how we approach security and infrastructure in 2026. We’ve analyzed the key updates and identified what matters most for security and infrastructure engineers. Here’s what you need to know across Security and Identity, Endpoints, and Azure.