Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Freshen up how you build security into the software pipeline. In this article, we’re looking at the seven core principles of DevSecOps: Let’s get started.

If you are a fan of superhero movies like me, the assembling of the Avengers or Justice League at a pivotal moment to take on the villains is one exhilarating experience. That the collective strength, rather than individual brilliance, saves the day is a common them in most films of this genre. And the same can be applied to any organization that comes face to face with a major cybersecurity incident such as an enterprise-wide ransomware attack or a massive DDOS attack: the teams save the day.

A critical part of an organization’s overall cybersecurity strategy, Attack Surface Management (ASM) helps organizations to: This article describes ASM is, including why it is needed and how it works. At the end, I’ll discuss how software solutions can automate attack surface management. (This article was written by Shanika Wickramasinghe. See more of Shanika's contributions to Splunk Learn.)

Ransomware is the type of malware that locks you out of your own computer until you pay a ransom. This digital extortion is one of the most serious security threats facing the Internet today. Ransomware not only impacts unsuspecting Internet users, but business organizations, government institutions and even critical services such as utility, healthcare and emergency facilities. Ransomware has been around for many years.

Triple Data Encryption Standard (Triple DES) is a symmetric block cipher-based cryptography standard that uses fixed length keys with three passes of the DES algorithm. As a symmetric cryptographic scheme, DES implementations rely on the same secret keys shared between the sender and the recipient. As we’ll see later, Triple DES was developed as a way to prevent man in the middle attacks. Let’s take a look at Triple DES — and we’ll start first with DES.

Cryptography is used to secure data at rest, stored in servers, and in motion, transmitted over the network. Cryptography involves mathematical operations that convert the original plaintext into an unintelligible ciphertext (encryption) and the reverse process, converting ciphertext to plaintext (decryption). Cryptographic algorithms apply these algorithms in combination of keys, which serve as a secret knowledge to complete the algorithmic operations correctly.

Threat hunting and detection are two major prevention strategies in modern cybersecurity systems. Both strategies help identify potential threats to the organizations — though they take different approaches to threat identification. This article explains the difference between threat hunting and detection, so you know what to focus on for your organization’s cybersecurity strategy.

The mathematical properties and concepts of elliptic curves are used in asymmetric key exchange cryptography schemes. Common applications include: In this article, we’ll take a deep dive into elliptic curve cryptography. We aim to take a digestible, slightly less academic look that still thoroughly explains this technical topic. For something a little lighter, explore our introduction to cryptography.

A form of social engineering, phishing is an online situation where the adversary tricks the victim into sharing sensitive information or installing a malware payload into their systems. Today, phishing is the most prevalent cybersecurity threat in the digital world, with the victim count totaling well over 323,000 unsuspecting Internet users. That’s a 34% increase year over year — and that’s why we’re taking a look at this concerning trend here.

In the world of cybersecurity, honeypots are a unique mechanism. They exhibit no business value, no production value. In fact, any or all interactions with the honeypot are expectedly anomalous and unauthorized. Honeypots are nothing more than a trap set up to lure cybercriminals into believing that they have accessed legitimate and high value computing resources within your network.