Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Extortionware involves stealing sensitive data from an organization and threatening to leak it. It’s become a core tactic in the modern ransomware playbook, and if your business holds valuable or confidential information, it’s a threat you can’t afford to ignore. Today, we’re taking a closer look at what extortionware is, how it works, and why it’s become one of the most difficult cyber threats to defend against.

By integrating Cisco’s Firepower Threat Defense (FTD) with Splunk’s analytics platform, your security team immediately gains comprehensive, organization-wide visibility into network threats far beyond what any single firewall can detect alone. Yet, despite the critical need to bridge network and security data, many organizations still deploy perimeter defenses like Cisco's FTD but struggle to convert its rich telemetry into actionable insights useful to a SOC.

SOC leaders that aren’t thinking about the future are already behind — and what’s beyond 2025 is rapid evolution. The breakneck pace of AI innovation, a widening skills gap, and increasingly sophisticated threat tactics will encourage (one could even say force) SOC teams to embrace forward-leaning strategies to stay resilient.

When I started learning about cybersecurity, I thought it was only about firewalls and antivirus software. I didn’t know how fast things change and threats evolve. Whenever I felt like I had a handle on things, something new came in headlines: ransomware, phishing kits, zero-day attacks. It’s a lot. If you work in tech, you’ve probably felt that too. Even if cybersecurity isn’t your full-time job, it still touches everything. And keeping up with everything is not easy.

Software composition analysis is a type of security testing that identifies the open-source and third-party components used in modern software. Historically, most applications were built entirely in-house. Today, however, with the widespread use of package managers, cloud-native development, and reusable code, developers rely heavily on external libraries and modules. In fact, open-source code makes up as much as 70–90% of the codebase for a single app.

Bring application and security teams together with end-to-end application threat detection and response—right inside Splunk.

Recently we released the Splunk App for Data Science and Deep Learning (DSDL) v5.2.0. This update introduced new features for integrating large language models (LLMs) and retrieval-augmented generation (RAG). With DSDL v5.2.0, users can easily perform LLM prompts, vector searches, RAG, and function calling directly from the app's dashboards.

Have you ever sat in an interview and felt that something wasn't quite right? Your intuition may have been closer to the truth than you realized. A new kind of adversary has emerged, and they aren’t trying to break through your firewall; instead, they are logging in through your VPN using their freshly issued business credentials.

For several years now, adversaries and red teams have increasingly leveraged Living-off-the-Land Binaries (LOLBins) techniques to compromise targeted systems. By exploiting pre-installed, legitimate software, these attackers are able to evade detection tools, seamlessly blending malicious activities with normal system processes. This approach presents a significant challenge for traditional security measures, which often struggle to differentiate between legitimate use and malicious intent.

Databases are an integral part of modern IT infrastructure and power almost every modern application. After all, databases store the persistent information that applications run on. That’s why monitoring these databases is crucial: ensuring system health and performance and forming a vital component of any observability practice.