Industry Analysis
In-depth guides and analysis on industry analysis from the Safeguard engineering team.
294 articles
Scattered Spider: Developer Targeting Patterns
The English-speaking social engineering crew behind MGM and Caesars keeps going after developers and help desks. Here's what I keep seeing.
SentinelOne Supply Chain Detection Logic for Build Systems
How to extend SentinelOne's behavioral detection engine to cover build agents, package registries, and developer endpoints without drowning analysts in false positives.
Clop: Supply Chain Exploitation Tradecraft
Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.
Elastic Security Supply Chain Signals
How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.
Insurance Industry Software Supply Chain
Insurers underwrite cyber risk while running on the same fragile dependency graphs as everyone else. A look at the industry's software supply chain blind spots.
Sumo Logic for Supply Chain Observability: A Practitioner's Guide
Architect Sumo Logic dashboards, queries, and anomaly detection for software supply chain visibility across SCM, CI/CD, registries, and cloud runtime.
APT29 Cozy Bear: Supply Chain Tradecraft
How Russia's SVR-linked APT29 quietly industrialized supply chain compromise from SolarWinds to TeamCity and JetBrains tooling.
Chronicle Security Supply Chain Queries
Writing YARA-L detection rules and UDM queries in Google Chronicle (now Security Operations) to catch software supply chain threats at scale.
Critical Infrastructure Software Supply Chain
How the 16 critical infrastructure sectors are absorbing software supply chain obligations under PPD-21, NSM-22, and CISA's emerging frameworks.
Corporate OSS Contribution Policies
Google, Microsoft, Red Hat, and a long tail of smaller companies have built contribution policies that shape how their engineers participate in open source. The policies vary more than most assume.
Conti Ransomware Supply Chain Patterns
Before Conti splintered in 2022, its affiliates turned MSPs, RMM tools, and identity infrastructure into repeatable supply chain attack paths.
Splunk Supply Chain Detection Content Pack
A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.