Black Hat 2025: Where Community Meets Innovation

The air outside is a wall of heat. Inside, the Mandalay Bay convention floor hums with thousands of conversations, security researchers debating zero-days, vendors unveiling new tools, and old friends spotting each other across the crowd. It’s loud, chaotic, and absolutely electric!  

For us at Databahn, Black Hat isn’t just a showcase of cutting-edge research and product launches. It’s where the heartbeat of the cybersecurity community comes alive in the handshakes, the hallway chats, and the unexpected reunions that remind us why we’re here in the first place.

From security engineers and researchers to marketers, event organizers, and community builders, every role plays a part in making this event what it is. Like RSAC, Black Hat feels less like a trade show and more like a reunion, one where we share new ideas, catch up with longtime peers, and recognize the often-unsung contributors who quietly keep the cybersecurity world moving.

AI and Telemetry Take Center Stage

While the people are the soul of Black Hat, the conversations this year reflected a major shift in technology priorities: the role of telemetry in the AI era.

Why Telemetry Matters More Than Ever

AI, autonomous agents, and APIs are transforming security operations faster than ever before. But their effectiveness hinges on the quality of the data they consume. Modern detection, response, analytics, and compliance workflows all depend on telemetry that is:

• Selective: capturing only what matters ‍
• Low-latency: delivering it in near-real time ‍
• Structured: making it usable for SIEMs, data lakes, analytics, and AI models

Introducing the Smart Agent for the Modern Enterprise

We took this challenge head-on at Black Hat with the launch of our Smart Agent: a lightweight, programmable collection layer designed to bring policy, precision, and platform awareness to endpoint telemetry.

• Reduce Agent Sprawl: Minimize deployment overhead and avoid tool bloat ‍
• Lower Hidden Costs: Prevent over-collection and unnecessary storage expenses ‍
• Adapt to Any Environment: Tailor data collection to asset type, latency requirements, and downstream use cases

Think of it as a precision instrument for your security data that turns telemetry from a bottleneck into a force multiplier.

Breaking the Agent vs. Agentless Binary

For years, the industry has debated: agent or agentless? At Databahn.ai, we see this as a false binary. Real-world environments require both approaches, deployed intelligently based on:

• Asset type
• Risk profile
• Latency sensitivity
• Compliance requirements

The Smart Agent gives security teams that flexibility without forcing trade-offs. Learn more about our approach here.

Empowering Teams Through Smarter Technology  

As we push the envelope in telemetry, our goal remains the same: build the platform that enables people to do their best work. Because in cybersecurity, the human element isn’t just important; it’s irreplaceable. If you missed us at Black Hat, let’s talk about how the Smart Agents can help your team cut data waste, improve precision, and stay ahead of evolving threats.

This blog is based on a CXO Insight Series conversation between Preston Wood and Aditya Sundararam on LinkedIn Live. Watch the full episode here.

In today’s cybersecurity landscape, it’s no longer enough to ingest more logs. CISOs face deeper, more systemic challenges as the foundational architecture of the modern enterprise SOC relies on antiquated SIEMs, siloed data landscapes, and brittle data pipelines which have reached their limit.

The main takeaway? If CISOs don’t rethink their approach to telemetry and pipelines, they’ll continue to fall behind. Not because they lack the tools, but because data strategies don’t work on a broken data foundation.

The Real CISO problem: Data Sprawl without Context

Preston opened the session by recounting a familiar story for many security leaders: SOCs using SIEMs that are drowning in irrelevant data, security analysts overwhelmed by a noisy tsunami of alerts, and struggling to investigate and manage their security posture effectively.

“You’ve got a 24/7 SOC and a dozen tools throwing off logs, but your team is still asking the same questions: what’s actually going on here?”

Preston

The issue isn’t visibility, it’s clarity. As Preston noted, enterprise SOCs don’t just suffer from managing volume; they suffer from lack of trust in their data. When logs are duplicated, out of order, lack context, and come in formats that were invented long after the tools meant to make sense of them, analysts spend more time normalizing and querying than detecting and responding.

SIEMs aren’t the Answer - they’re the Bottleneck

The session detailed serious limitations of the SIEM-centric model:

• Too rigid:
  Legacy SIEMs demand proprietary formats and expensive tuning to onboard new sources
• Too noisy:
  SIEMs want to collect all your data for pattern analysis; but all they do is raise costs, and leave it to the SOC to figure out what matters
• Too slow:
  Detection happens after-the-fact, after data is shipped, indexed, and queried.
• Too expensive:
  License and compute costs scale linearly with ingestion, which has grown 1000x in the last 10 years; but SIEM effectiveness has not increased

“When your security ROI is gated by how many terabytes you can afford to ingest, you’re already behind.”

Preston

Preston argued that SIEMs still have a role - but not as the data movement engine. That role now belongs to something else: the security data pipeline.

Security Data Pipelines: Why they Matter

For security leaders wrestling with log sprawl, cloud complexity, and regulatory risk, the answer isn’t going to come from continuing to overload the SIEM; that has led to overwhelming telemetry sprawl, increasingly fragmented environment, and mounting telemetry pressure. To elevate enterprise SOC operations, security leaders should focus on treating the data pipeline as the part of their security architecture that can unlock the future for them.

The shift means rethinking how data flows through the stack. Instead of sending everything to the SIEM and dealing with the noise later, security teams should be routing and filtering telemetry at the edge, well before it even reaches their analytics tools. Enrichment can happen upstream as well, happening left-of-SIEM and ensuring contextual signals from the enterprise environment, and reducing dependency on external threat feeds. Normalization can occur just once as the data is collected and aggregated, ideally using open schemas like OCSF, so that data can be reused for different use cases – detection, investigation, and compliance. By placing intelligent data pipelines before the SIEM, teams can significantly cut egress, compute, and SIEM licensing costs while improving the signal-to-noise ratio.

Ultimately, this isn’t about adding a new tool into an already complex toolchain. It’s about building an intelligent and foundational data fabric layer which understands the environment, aligns with business and risk priorities, and prepares the organization for an AI-driven future. This is essential for SOCs looking to lean into AI use cases, because without AI-ready data, security tools leveraging AI are just window dressing.

AI-ready Security starts with Agentic Pipelines

Preston warned his fellow CISOs about how most security vendors are racing to bolt AI onto their dashboards to leverage the current hype cycle. True AI-driven security begins at the pipeline layer, which delivers structured, enriched, clean telemetry that is collected and governed in real-time. This is the input LLM or reasoning engines can build on for future SOC use cases.

DataBahn’s platform was purpose-built for this future: using Agentic AI to automate parsing, schema detection, enrichment, and routing. With products like Cruz and Reef operating as intelligent assistants embedded in the data plane - leveraging Agentic AI to learn, adopt, evolve, and grow into helping security teams - security decision makers can begin to empower their teams away from the manual drudgery of managing data movement and focus them on strategic goals. Agentic AI pipelines also create a foundational data layer to ensure that your AI-powered security tools are equipped with the data, context, policy, and understanding required to deliver value.

"Agentic AI doesn't start in the UI. It starts with the data fabric. It starts with being able to reason over telemetry that actually makes sense."

Preston

What CISOs should do now

The session closed with a call to action for CISOs navigating their next big data decision: whether that’s SIEM migration, XDR adoption, or cloud expansion.

1. Rethink your architecture:
   Stop treating your SIEM as the center; start with the pipeline.
2. Control your data before it controls you:
   Invest in a governance-first pipeline layer that helps you decide what gets seen, stored, or suppressed.
3. Choose future-proof platforms:
   Look for vendor-agnostic, AI-native solutions that decouple ingestion from analytics, and  leverage agentic AI to let you evolve without replatforming.

The future belongs to organizations that control their telemetry, set up a streamlined data fabric, and prepare their stack for AI – not just in theory, and not for tomorrow, but put into practice today.

‍This blog is based on a CXO Insight Series conversation between Preston Wood and Aditya Sundararam on LinkedIn Live. Watch the full episode here.

Why is DataBahn building agents? Why now?  

Agents are not new. But the problem they were created to solve has evolved. What’s changed is not just the technology landscape, but the role of telemetry in powering modern detection, response, AI analytics, and compliance. 

Most endpoint agents were designed for a narrow task: collect logs, ship them somewhere, and stay out of the way. But today’s security pipelines demand more. They need selective, low-latency, structured data that feeds not just a SIEM, but an entire ecosystem, from detection engines and data lakes to streaming analytics and AI models. 

Our mission has always been to eliminate data waste and simplify how enterprises move, manage, and monitor security data. That’s why we built the Smart Agent: a lightweight, programmable collection layer that brings policy, precision, and platform awareness to endpoint telemetry – without the sprawl, bloat, and hidden costs of traditional agents. 

A Revolutionary Approach to Endpoint Telemetry

Traditional agents are often built as isolated tools – one for log forwarding, another for EDR, a third for metrics. This results in resource contention, redundant data, and operational sprawl. 

DataBahn's Smart Agent takes a fundamentally different approach. It’s built as a platform-native component, not a point solution. That means collect once from the endpoint, normalize once, and route anywhere, breaking the cycle of duplication.  

Here’s what sets it apart: 

- Modular, Policy-Driven Control: Enterprise teams can now define exactly what to collect, how to filter or enrich it, and where to send it – with full version control, change monitoring, and audit trails.  

- Performance Without Sprawl: Replace 3–5 overlapping agents per endpoint with a single lightweight Smart Edge agent that serves security, observability, and compliance workflows simultaneously.  

- Built for High-Value Telemetry: Our agents are optimized to selectively capture only high-signal events, reducing compute strain and downstream ingestion costs.  

- AI-Ready, Future-Proof Architecture: These agents are telemetry-aware and natively integrated into our AI pipeline. Whether it’s streaming inference, schema awareness, or tagging sensitive data for compliance – they’re ready for the next generation of intelligent data pipelines.  

This isn’t just about replacing old agents. It’s about rethinking the endpoint as the first intelligent node in your data pipeline. 

Solving Real Enterprise Problems 

We’ve spent years embedded in complex environments – from highly regulated banks to fast-moving cloud-native tech firms. And across the board, one pattern kept surfacing: traditional approaches to endpoint telemetry don’t scale. 

• Agent Sprawl is Draining Resources: Too many agents, too much overhead. Each one comes with its own update cycles, configuration headaches, and attack surface. Our agents consolidate that complexity – offering centralized control, real-time health monitoring, and zero-downtime updates. 

• Agentless Left Security Teams in the Dark: APIs and control planes can’t capture runtime behavior, memory state, or user actions in real time. Our agents plug that gap – giving enterprises low-latency, high-fidelity data from endpoints, VMs, containers, and edge devices. 

• Latency, Duplication, and Blind Spots: Polling intervals and subscription models delay detection. Meanwhile, multiple agents flood SIEMs with duplicate telemetry. DataBahn's agents are event-driven, deduplicated, and volume-aware – reducing noise and improving signal quality. 

• A Platform Approach to Edge Data: DataBahn’s agents are not just better versions of old tools – they represent a strategic shift: a unified data layer from endpoint to cloud, where telemetry is no longer hardcoded to tools, vendors, or formats. 

What that enables: 

• Multiple Deployment Models: Direct-to-destination, hybrid agentless, or agent-per-asset based on asset value. 

• Seamless integration with our Smart Edge: Making it easy to extend telemetry pipelines, apply real-time transformations, and deliver enriched data to multiple destinations – without code. 

• Compliance-Ready Logging: Built-in support for log integrity, masking, and tagging to meet industry standards like PCI, HIPAA, and GDPR. 

The End of the Agent vs. Agentless Debate  

The conversation around data collection has been stuck in a binary: agent or agentless. But in real-world environments, that framing doesn’t hold.  

What enterprises need isn’t one or the other but the ability to deploy the right mechanism based on asset type, risk, latency sensitivity, and the downstream use case.  

The future isn’t agent or agentless – it’s context-aware, modular, and unified. Data collection that adapts to where it’s running, integrates cleanly into existing pipelines, and remains extensible for what comes next, whether that’s AI-driven security operations, privacy-focused compliance, or cross-cloud observability.  

That’s the shift we’re enabling with the DataBahn Smart Agent. Not just a product – but a programmable foundation for secure, scalable, and future-ready telemetry.

‍