Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role in the water, manufacturing, power, and distribution systems that transformed industry into the modern age. All of these systems function to operate, automate, and manage industrial machines.

Binary diffing, a technique for comparing binaries, can be a powerful tool to facilitate malware analysis and perform malware family attribution. This blog post describes how AT&T Alien Labs is leveraging binary diffing and code analysis to reduce reverse-engineering time and generate threat intelligence.

Over the last year, many of us have been introduced to the term “Software Supply Chain”. For better or worse, it is now part of our defense vernacular and won’t be going away any time soon. If anything, it has consumed us in many ways and has been the cause of many nights of lost sleep. Well, that could just be us on the SURGe team here at Splunk.

In today’s dynamic threat landscape, having different tools to meet unique security requirements helps keep data protected. However, businesses today have 10 to 50+ security tools and consequently spend too much time managing them instead of protecting against cybercrime. This security tool overload creates internal challenges and potentially distracts from the primary business mission.

Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for.conf! Our two on-demand BOTS modules will show you how Corelight data in Splunk can accelerate your processes and help analysts spend more time analyzing and less time fumbling with queries and gluing together data sources.

An intrusion detection system (IDS) is a software application or hardware device that detects vulnerability exploits, malicious activity, or policy violations. IDSs place sensors on network devices like firewalls, servers, and routers, or at a host level. Once the IDS detects any cyber threats, the system will either report this information to an administrator or a security information and event management (SIEM) system collects it centrally.

The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.

Keeping up with today’s rapidly evolving threat landscape is an ongoing battle for software development organizations, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery.