Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

splunk

Why Security Teams Choose Splunk Enterprise Security: Three Core Benefits That Transform SecOps

Feb 28, 2025 By Olivia Henderson In Splunk
A SOC of the future is a resilient SOC that fosters a collaborative and proactive cybersecurity approach with a modern technology foundation. At the core of the SOC of the future is a unified threat detection, investigation, and response (TDIR) platform, representing the real-world requirements for how tools contribute to the SOC’s mission and strategy, providing integration and efficient process execution. The foundation for the unified TDIR platform is a modern SIEM.
Read Post
splunk

Infostealer Campaign against ISPs

Feb 28, 2025 By Splunk Threat Research Team In Splunk
The Splunk Threat Research Team has identified a campaign targeting ISP infrastructure providers on the West Coast of the United States and the country of China. This mass exploitation campaign originates from Eastern Europe and uses simple tools that abuse victim’s computer processing power to install cryptomining payloads and binaries with diverse functions such as.
Read Post
splunk

What Is a Watering Hole Attack? Detection and Prevention

Feb 25, 2025 By Muhammad Raza In Splunk
We already know that cybercriminals exploit the weakest link in your IT networks. The best defense against these exploits comes down to safeguarding the most vulnerable entry points. But what if the weakest link in your cybersecurity defense lies beyond your IT network itself?
Read Post

Access your data with Federated Analytics for Amazon Security Lake with Splunk, AWS, and Accenture

Feb 18, 2025 By Splunk In Splunk
Federated Analytics gives organizations the full power of Splunk extended to data stored in Amazon Security Lake. Trusted partners like Accenture are helping bring these new capabilities to life at organizations around the world.
View Video
splunk

Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time

Feb 18, 2025 By Michael Haag In Splunk
Windows permission misconfigurations remain a common attack vector in enterprise environments. Attackers consistently leverage these misconfigurations for privilege escalation, with Security Descriptor Definition Language (SDDL) emerging as a blind spot. From LockBit's manipulation of event log permissions to RomCom's exploitation of Task Scheduler vulnerabilities (CVE-2024-49039), SDDL misconfigurations have become a prime target for sophisticated attacks.
Read Post
splunk

Autonomous Adversaries: Are Blue Teams Ready for Cyberattacks To Go Agentic?

Feb 7, 2025 By Ryan Fetterman In Splunk
2024 was a year of incredible progression for Artificial Intelligence. As large language models (LLMs) have evolved, they have become invaluable tools for enriching the capabilities of defenders – instantly providing the knowledge, procedures, opinions, visualizations, or code any given situation demands. However, these same models provide outputs that enable even low-sophistication attackers to uplift their own skill-levels.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.