Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are finally moving past cute demos and into actual production workflows. With AWS AgentCore, teams can build agents that write tickets, call APIs, deploy infrastructure, invoke external tools, and make changes faster than any human operator ever could. That’s powerful, but it also introduces a brand-new operational and security surface. And here’s the uncomfortable truth: most organizations have no idea what their agents are actually doing. Agentic AI isn’t magic.

In today's complex IT environments, comprehensive log collection is crucial for effective auditing and security monitoring. Without this, endpoints, especially those that are VPN-joined, stay out of your reach while auditing. This was the bottleneck faced by our Log360 customer who recently availed OnboardPro, ManageEngine's professional services. They knew Log360 was capable of collecting logs from all their network devices—but what about the endpoints that were connected remotely via VPN?

Not investing in a Security Incident and Event Management (SIEM) solution means you’re missing out on significant business benefits. A SIEM platform provides real-time detection and response to security incidents, helping you reduce the risk of costly compliance violations. Combine that with SIEM use cases such as consolidating and streamlining reporting, and your security team saves time and operational costs.

In the original Star Trek television show, Captain Kirk would slightly recline in a command chair with various buttons that allowed him to deploy different technologies. Regardless of the alien threat, he had the necessary tools at his disposal to protect the Enterprise and his staff. An organization’s security operations center (SOC) acts as the Captain Kirk “command chair” for all security activities.

Hashing takes your data (like a password or file) and converts it into a fixed-length code that can’t be reversed. This makes it nearly impossible for attackers to figure out what the original data was, even if they steal the hash. In this article, I’ll explain hashing in detail, including its working principles, applications, the algorithms behind it, and how to apply it correctly.

Earlier this year, we showcased how the Foundation-Sec-8B model’s chat capabilities can be leveraged within the Splunk App for Data Science and Deep Learning (DSDL) to summarize security events and provide detection suggestions. Building on its robust security expertise, Foundation-Sec-8B also supports zero-shot classification for a wide range of security tasks.

Every time you leave your home, you take various risks, like being in a car accident or being struck down by a meteor. In some cases, like the meteor, the likelihood of the event is so low as to be nearly nonexistent. In others, like the car accident, the likelihood might be higher. Similarly, every technology that you connect to your networks creates a cybersecurity security risk. Any device or application that connects to the public internet can be an entry point for attackers.

In the first part of our series, we examined the challenges facing state and local governments as they work to secure and maintain the availability of increasingly complex digital systems. Today, we turn our focus to how collaboration—powered by shared data platforms like Splunk—can enhance incident response and overall digital resilience.