Industry Analysis
In-depth guides and analysis on industry analysis from the Safeguard engineering team.
294 articles
FIN7: Financial-Sector Supply Chain Tradecraft
FIN7 has spent a decade evolving from POS malware to supply chain operations. A look at the current tradecraft and the implications for financial-sector defenders.
The Software Composition Analysis Market in 2024: Consolidation and Evolution
The SCA market is maturing fast, with acquisitions, AI-powered analysis, and SBOM mandates reshaping the competitive landscape and what buyers should expect.
Grafana Loki for Build Pipeline Logs: Patterns That Scale
Design a Loki-based log pipeline for CI/CD observability and supply chain forensics. Labels, retention, LogQL patterns, and cost discipline from the field.
Foundation-Neutral Governance Evaluation
CNCF, Linux Foundation, Apache, Eclipse — each has a different governance model. A practical evaluation of what that means for projects considering adoption.
Panther SIEM Supply Chain Rules: A Detection Engineering Playbook
Write Panther Python detections that catch package poisoning, CI token abuse, and registry compromise. Real rule examples, tuning patterns, and alert routing.
Kimsuky Developer Targeting Analysis
Kimsuky has pivoted from diplomats to developers. A look at the tradecraft behind its supply-chain-flavored operations and what engineering orgs should do about it.
Volt Typhoon: Living-Off-the-Land and Supply Chain
The PRC-linked pre-positioning group that scared DHS and the NSA into a public warning, and what it means for supply chain defenders.
Open Source Foundation Governance Models
The Linux Foundation, Apache Software Foundation, CNCF, and Eclipse each codify different theories of how open source projects should be governed. The differences matter more than most adopters realize.
Datadog Security for Supply Chain Monitoring
Using Datadog's Cloud SIEM, ASM, and logs pipeline to monitor software supply chain threats across CI/CD, registries, and runtime.
Labyrinth Chollima and Open Source Targeting
Labyrinth Chollima's operations show a specific pattern — poisoned open source packages as initial access. A profile of the tradecraft and the defensive response.
New Relic Security: Building a Supply Chain View
How to extend New Relic's APM and Vulnerability Management features into a working software supply chain dashboard for security and platform teams.
SolarWinds Post-Incident Governance Changes Reviewed
Four years after SUNBURST, SolarWinds has rebuilt its SDLC around signed pipelines, parallel builds, and a new CSO office. How much of it is real?