Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-evolving landscape of digital security, staying ahead of threats and ensuring organizational protection is paramount. Enter OpenSSL3.0—a major step forward in modernizing cryptographic standards and compliance. OpenSSL3.0 is redefining how organizations and developers safeguard their digital environments.

Log management becomes more challenging as both log volume and diversity rapidly grow. Yet many companies still rely on legacy log management and SIEM solutions that aren’t designed to cost-effectively or securely handle the large scale of logs today coming from sources both in the cloud and on premises.

Let’s be real—running Security Operations is like trying to drink from a firehose while juggling chainsaws blindfolded at the same time. The threats don’t take weekends, the alerts never stop, and just when you think you’ve seen it all, some new attacker decides to get creative. And let’s not forget we are simultaneously managing the needs of the business and managing a global team seated all over the world.

Sequenced event templates are pretty cool, but they were developed around the time that Risk-based Alerting (RBA) was developed in Splunk Enterprise Security. Additionally, they don’t have all the great context we can generate with the holistic picture provided by risk, so I want to provide guidance on how we would implement its equivalent in the RBA context as they are now deprecated in Splunk Enterprise Security 8.0. There are two approaches we can utilize that do slightly different things.

When people hear “SOAR,” they often think of Security, Orchestration, Automation and Response, a powerful solution for streamlining security operations. But SOAR’s capabilities don’t stop there. By driving efficiency and automation in IT operations, infrastructure management and cloud optimization, SOAR empowers teams across the organization to work smarter and respond faster.

CVE-2025-24813 is a critical vulnerability (CVSS base score of 9.8) affecting Apache Tomcat, a widely used open-source web server and servlet container. This issue affects Apache Tomcat: In this blog, we’ll simulate an attack and look at the activity within Graylog. Throughout the analysis, and at the conclusion of the post, we’ll provide practical threat-hunting and detection strategies you can implement in your own environments.

In the final entry of this blog series, we will discuss the challenges of managing assets and risks across multiple data systems. Then, we will discuss how Asset and Risk Intelligence integrates with multiple platforms to provide centralized visibility. From there, we will summarize the content of this blog post and go into a step by step guided demo. If you haven’t already, be sure to check out the first, second, and third entries in this series for more deep dives into Splunk ARI and its features.

Like every industry, the manufacturing sector has embraced digital transformation to improve operations. Digital manufacturing uses technologies like Internet of Things (IoT) devices, data analytics, and cloud computing to improve production processes and gain efficiencies. With businesses increasingly embracing digital transformation, they face the challenge of securing interconnected systems.

When it comes to your cybersecurity and daily security operations, a security operations center (SOC) is the central place for all these activities. In this in-depth SOC explainer, we’ll look at: And if you’re wondering whether you really need an SOC for your organization, the answer is probably yes. Read on and you’ll see why — and how.

SQL Server is more than just a database—it's a powerful platform that can be leveraged by attackers for system access, persistence, and code execution. While organizations focus on protecting their valuable data, they often overlook the inherent capabilities within SQL Server that make it an attractive target for adversaries looking to establish footholds in Microsoft environments.