Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The evolution of your security stack is similar to the different phases of buying cars. In the beginning, you just need enough to transport a few items, maybe yourself and a few friends. The inexpensive two-door hatchback is perfect. However, as your family grows, whether with small humans or pets, you increasingly need more space and more capacity, leading to purchasing a four-door sedan or, even, a mini-van.

Most teams think of data lakes as cold storage. A long-term archive. A place to keep logs “just in case” while budgets tighten and ingest volumes rise. Functional, sure. But limited. The traditional data lake keeps everything, helps occasionally, and rarely fits the way analysts work. Graylog approaches the data lake differently. In Graylog 7.0, the data lake is not a warehouse. It is a pressure release valve for teams overwhelmed by storage cost, investigation delays, and cloud data sprawl.

AI agents are finally moving past cute demos and into actual production workflows. With AWS AgentCore, teams can build agents that write tickets, call APIs, deploy infrastructure, invoke external tools, and make changes faster than any human operator ever could. That’s powerful, but it also introduces a brand-new operational and security surface. And here’s the uncomfortable truth: most organizations have no idea what their agents are actually doing. Agentic AI isn’t magic.

In today's complex IT environments, comprehensive log collection is crucial for effective auditing and security monitoring. Without this, endpoints, especially those that are VPN-joined, stay out of your reach while auditing. This was the bottleneck faced by our Log360 customer who recently availed OnboardPro, ManageEngine's professional services. They knew Log360 was capable of collecting logs from all their network devices—but what about the endpoints that were connected remotely via VPN?

Not investing in a Security Incident and Event Management (SIEM) solution means you’re missing out on significant business benefits. A SIEM platform provides real-time detection and response to security incidents, helping you reduce the risk of costly compliance violations. Combine that with SIEM use cases such as consolidating and streamlining reporting, and your security team saves time and operational costs.

In the original Star Trek television show, Captain Kirk would slightly recline in a command chair with various buttons that allowed him to deploy different technologies. Regardless of the alien threat, he had the necessary tools at his disposal to protect the Enterprise and his staff. An organization’s security operations center (SOC) acts as the Captain Kirk “command chair” for all security activities.

Hashing takes your data (like a password or file) and converts it into a fixed-length code that can’t be reversed. This makes it nearly impossible for attackers to figure out what the original data was, even if they steal the hash. In this article, I’ll explain hashing in detail, including its working principles, applications, the algorithms behind it, and how to apply it correctly.

Earlier this year, we showcased how the Foundation-Sec-8B model’s chat capabilities can be leveraged within the Splunk App for Data Science and Deep Learning (DSDL) to summarize security events and provide detection suggestions. Building on its robust security expertise, Foundation-Sec-8B also supports zero-shot classification for a wide range of security tasks.