Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Domain Name System (DNS) is a critical Internet service. DNS simplifies the process of finding Internet resources by resolving user-friendly domain names, such as splunk.com, into machine-readable IP addresses like 192.168.1.1. Many sophisticated cyberattacks rely on DNS activities. Let’s review the risks DNS services face and what organizations can do to guard against DNS attacks. We’ll cover the following critical DNS security topics.

Extortionware involves stealing sensitive data from an organization and threatening to leak it. It’s become a core tactic in the modern ransomware playbook, and if your business holds valuable or confidential information, it’s a threat you can’t afford to ignore. Today, we’re taking a closer look at what extortionware is, how it works, and why it’s become one of the most difficult cyber threats to defend against.

Cisco Foundation AI’s Foundation-sec-8b model brings a new wave of innovations and efficiency to security operations. As a purpose-built, open-weight Large Language Model (LLM) designed specifically for cybersecurity, Foundation-sec-8b enables security teams to act faster, reduce fatigue, and scale operations without compromising accuracy.

With the recent increase in use and popularity of Large Language Models (LLMs), many organizations are still trying to approach the use of this technology. In this blog, we approach the different log sources that can be potentially used to monitor a local LLM.

By integrating Cisco’s Firepower Threat Defense (FTD) with Splunk’s analytics platform, your security team immediately gains comprehensive, organization-wide visibility into network threats far beyond what any single firewall can detect alone. Yet, despite the critical need to bridge network and security data, many organizations still deploy perimeter defenses like Cisco's FTD but struggle to convert its rich telemetry into actionable insights useful to a SOC.

SOC leaders that aren’t thinking about the future are already behind — and what’s beyond 2025 is rapid evolution. The breakneck pace of AI innovation, a widening skills gap, and increasingly sophisticated threat tactics will encourage (one could even say force) SOC teams to embrace forward-leaning strategies to stay resilient.

When I started learning about cybersecurity, I thought it was only about firewalls and antivirus software. I didn’t know how fast things change and threats evolve. Whenever I felt like I had a handle on things, something new came in headlines: ransomware, phishing kits, zero-day attacks. It’s a lot. If you work in tech, you’ve probably felt that too. Even if cybersecurity isn’t your full-time job, it still touches everything. And keeping up with everything is not easy.

Software composition analysis is a type of security testing that identifies the open-source and third-party components used in modern software. Historically, most applications were built entirely in-house. Today, however, with the widespread use of package managers, cloud-native development, and reusable code, developers rely heavily on external libraries and modules. In fact, open-source code makes up as much as 70–90% of the codebase for a single app.

Bring application and security teams together with end-to-end application threat detection and response—right inside Splunk.

Recently we released the Splunk App for Data Science and Deep Learning (DSDL) v5.2.0. This update introduced new features for integrating large language models (LLMs) and retrieval-augmented generation (RAG). With DSDL v5.2.0, users can easily perform LLM prompts, vector searches, RAG, and function calling directly from the app's dashboards.