Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you have ever built a LEGO set, then you have a general idea of how telemetry works. Telemetry starts with individual data points, just like your LEGO build starts with a box of bricks. In complex IT environments, your security telemetry is spread across different technologies and monitoring tools, just like in a large build your LEGO bricks come separated into smaller, individually numbered bags. In both cases, the individual bricks or data points aren’t special.

At RSAC 2025 Conference we announced new innovations to Splunk Security. Today, we are pleased to announce the general availability of Splunk Enterprise Security 8.1. Splunk becomes the only vendor to bring truly unified threat detection, investigation, and response (TDIR) workflows fueled by automation to both customer managed deployments and FedRAMP Moderate environments.

Key takeaways Most modern software isn’t built from scratch. It’s assembled from dozens, sometimes hundreds, of external components like open-source libraries, third-party APIs, CI/CD tools, build scripts, and deployment pipelines. This entire ecosystem is what we call the software supply chain. Similar to a physical supply chain, if one weak link breaks, the whole system is at risk.

The traditional approach to managing security operations centers (SOCs) is straining the mental and physical reserves of even the most skilled security analysts—while also failing to provide the protection organizations need against today’s threats. Analysts are left to respond to a never-ending stream of alerts, resulting in an overwhelming, reactive cycle that stifles proactive investigation and threat hunting.

Organizations rely on best-in-class solutions for observability and security, and various teams within an organization often have preferences for different platforms. For example, your security team may use a SIEM platform like Microsoft Sentinel and Google Security Operations (SecOps) to detect and investigate threats, while your DevOps teams use Datadog Log Management for real-time troubleshooting and monitoring.

Domain Name System (DNS) is a critical Internet service. DNS simplifies the process of finding Internet resources by resolving user-friendly domain names, such as splunk.com, into machine-readable IP addresses like 192.168.1.1. Many sophisticated cyberattacks rely on DNS activities. Let’s review the risks DNS services face and what organizations can do to guard against DNS attacks. We’ll cover the following critical DNS security topics.

Gamers of a certain age likely remember the video game Asteroids. You played as a little triangular spacecraft shooting at big space rocks that started traveling towards you slowly at first, then gained speed. As you revolved around trying to protect yourself by shooting them, you inevitably had to make some rapid decisions about which asteroids would harm your ship the most and which ones you could potentially ignore.

Cisco Foundation AI’s Foundation-sec-8b model brings a new wave of innovations and efficiency to security operations. As a purpose-built, open-weight Large Language Model (LLM) designed specifically for cybersecurity, Foundation-sec-8b enables security teams to act faster, reduce fatigue, and scale operations without compromising accuracy.

With the recent increase in use and popularity of Large Language Models (LLMs), many organizations are still trying to approach the use of this technology. In this blog, we approach the different log sources that can be potentially used to monitor a local LLM.

Extortionware involves stealing sensitive data from an organization and threatening to leak it. It’s become a core tactic in the modern ransomware playbook, and if your business holds valuable or confidential information, it’s a threat you can’t afford to ignore. Today, we’re taking a closer look at what extortionware is, how it works, and why it’s become one of the most difficult cyber threats to defend against.