Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When people hear “SOAR,” they often think of Security, Orchestration, Automation and Response, a powerful solution for streamlining security operations. But SOAR’s capabilities don’t stop there. By driving efficiency and automation in IT operations, infrastructure management and cloud optimization, SOAR empowers teams across the organization to work smarter and respond faster.

CVE-2025-24813 is a critical vulnerability (CVSS base score of 9.8) affecting Apache Tomcat, a widely used open-source web server and servlet container. This issue affects Apache Tomcat: In this blog, we’ll simulate an attack and look at the activity within Graylog. Throughout the analysis, and at the conclusion of the post, we’ll provide practical threat-hunting and detection strategies you can implement in your own environments.

In the final entry of this blog series, we will discuss the challenges of managing assets and risks across multiple data systems. Then, we will discuss how Asset and Risk Intelligence integrates with multiple platforms to provide centralized visibility. From there, we will summarize the content of this blog post and go into a step by step guided demo. If you haven’t already, be sure to check out the first, second, and third entries in this series for more deep dives into Splunk ARI and its features.

When it comes to your cybersecurity and daily security operations, a security operations center (SOC) is the central place for all these activities. In this in-depth SOC explainer, we’ll look at: And if you’re wondering whether you really need an SOC for your organization, the answer is probably yes. Read on and you’ll see why — and how.

Like every industry, the manufacturing sector has embraced digital transformation to improve operations. Digital manufacturing uses technologies like Internet of Things (IoT) devices, data analytics, and cloud computing to improve production processes and gain efficiencies. With businesses increasingly embracing digital transformation, they face the challenge of securing interconnected systems.

SQL Server is more than just a database—it's a powerful platform that can be leveraged by attackers for system access, persistence, and code execution. While organizations focus on protecting their valuable data, they often overlook the inherent capabilities within SQL Server that make it an attractive target for adversaries looking to establish footholds in Microsoft environments.

Over the past few years, cyberattacks have escalated to unprecedented heights. Just last year, in 2024, 94% of organizations reported being the victims of phishing attacks. And in the first five weeks of 2025, ransomware attacks increased by 149% in the first 5 weeks of 2025. Organizations and users need help understanding and navigating these changing risks to fight against the rising tide of cybercrimes. Thankfully, that is exactly what The OWASP Foundation aims to do.

Success in threat hunting is vastly different from incident response. Incident responders can measure success in criteria like ticket volume, mean time to close, or escalations. For threat hunting, the number of hunts vs. incidents is not comparable because hunts take longer, and the average time to complete a hunt can vary wildly. More importantly, most hunts will not result in incidents. We can’t use the same metrics! Our critical metrics of success are our outputs/deliverables and documentation.

Estee Robinson leads global alliances for Devo and is responsible for defining and executing Devo’s channel strategy. She was named a 2025 Channel Chief by CRN, which recognizes influential leaders who drive the channel agenda and evangelize the importance of channel partnerships. Estee’s work on channel strategy helped land Devo in the CRN Partner Program Guide and inclusions in the CRN Cloud 100 and Security 100 lists for 2025.

In cybersecurity, the adage “what’s old is new” continues to hold true as attackers resurface longstanding techniques or repurpose them with new twists and adaptations. The popularization of Living Off the Land Binaries (LOLBins) — legitimate, Windows-native tools commonly abused for malicious uses — is a great example of this.