Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

splunk

Why Security Teams Choose Splunk Enterprise Security: Three Core Benefits That Transform SecOps

Feb 28, 2025 By Olivia Henderson In Splunk
A SOC of the future is a resilient SOC that fosters a collaborative and proactive cybersecurity approach with a modern technology foundation. At the core of the SOC of the future is a unified threat detection, investigation, and response (TDIR) platform, representing the real-world requirements for how tools contribute to the SOC’s mission and strategy, providing integration and efficient process execution. The foundation for the unified TDIR platform is a modern SIEM.
Read Post
splunk

Infostealer Campaign against ISPs

Feb 28, 2025 By Splunk Threat Research Team In Splunk
The Splunk Threat Research Team has identified a campaign targeting ISP infrastructure providers on the West Coast of the United States and the country of China. This mass exploitation campaign originates from Eastern Europe and uses simple tools that abuse victim’s computer processing power to install cryptomining payloads and binaries with diverse functions such as.
Read Post

Keeping Secrets Out of Logs: Building a Robust Defence Against Log Leaks

Feb 27, 2025 By GitGuardian In GitGuardian
Ever found sensitive data in your logs? You're not alone - even tech giants like Google and Facebook have faced this challenge. Watch this actionable webinar on keeping secrets out of logs featuring our special guest speaker, Allan Reyes. �������� ������'���� ����������: No theoretical fluff - just practical solutions that you can start using tomorrow. Perfect for security engineers, developers, and tech leads who want to sleep better at night knowing their logs aren't accidentally exposing sensitive data.
View Video
graylog

Security Misconfigurations: A Deep Dive

Feb 27, 2025 By Jeff Darrington In Graylog
Managing configurations in a complex environment can be like playing a game of digital Jenga. Turning off one port to protect an application can undermine the service of a connected device. Writing an overly conservative firewall configuration can prevent remote workforce members from accessing an application that’s critical to getting their work done.
Read Post
cato networks

Cato XDR: Finally, A Tool Built by People Who Actually Read the Logs!

Feb 27, 2025 By Shani Kurtzberg In Cato Networks
Ever feel like some tools are designed by people who’ve never had to use them? Like those public restroom hand dryers that leave your hands wetter than before, or CAPTCHAs that make you question if you even know what a bicycle looks like—it’s like a bad joke at our expense. In the 2022 Devo SOC Performance Report, questions were raised about the biggest challenges faced by security operations center (SOC) teams.
Read Post
splunk

What Is a Watering Hole Attack? Detection and Prevention

Feb 25, 2025 By Muhammad Raza In Splunk
We already know that cybercriminals exploit the weakest link in your IT networks. The best defense against these exploits comes down to safeguarding the most vulnerable entry points. But what if the weakest link in your cybersecurity defense lies beyond your IT network itself?
Read Post
graylog

The Ultimate Guide to Sigma Rules

Feb 18, 2025 By Jeff Darrington In Graylog
In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.
Read Post

Access your data with Federated Analytics for Amazon Security Lake with Splunk, AWS, and Accenture

Feb 18, 2025 By Splunk In Splunk
Federated Analytics gives organizations the full power of Splunk extended to data stored in Amazon Security Lake. Trusted partners like Accenture are helping bring these new capabilities to life at organizations around the world.
View Video
splunk

Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time

Feb 18, 2025 By Michael Haag In Splunk
Windows permission misconfigurations remain a common attack vector in enterprise environments. Attackers consistently leverage these misconfigurations for privilege escalation, with Security Descriptor Definition Language (SDDL) emerging as a blind spot. From LockBit's manipulation of event log permissions to RomCom's exploitation of Task Scheduler vulnerabilities (CVE-2024-49039), SDDL misconfigurations have become a prime target for sophisticated attacks.
Read Post
graylog

Using MITRE ATT&CK for Incident Response Playbooks

Feb 14, 2025 By Jeff Darrington In Graylog
A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an attack.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.