detection
Safeguard articles tagged "detection" — guides, analysis, and best practices for software supply chain and application security.
13 articles
OWASP A09: Security Logging and Monitoring Failures — A Deep-Dive Guide
Security Logging and Monitoring Failures rank #9 in the OWASP Top 10 (2021). A deep dive into undetected breaches, dwell time, real incidents, and how to fix it.
False Positives vs False Negatives: What's the Difference?
A false positive flags something safe as dangerous. A false negative misses something dangerous entirely. One wastes your time; the other gets you breached.
Incident Response Playbook for a Compromised Dependency
A concrete, timed playbook for the 72 hours after a critical dependency advisory — inventory, reachability, containment, remediation, and retrospective.
GuardDuty Extended Threat Detection: What Defenders Actually Get
GuardDuty's extended threat detection correlates findings across signals into attack sequences. We dig into where it helps, where it misses, and how to wire it into supply chain incident response.
Deploying Falco for Runtime Security in 2026
A pragmatic deployment guide for Falco 0.41 in production Kubernetes: driver selection, rule tuning, alert routing, and the operational debt teams underestimate.
Azure Sentinel for Supply Chain Detection
Sentinel has everything it needs to detect supply chain attacks in Azure — but only if the analytics rules are tuned to what those attacks actually look like.
PyPI Typosquatting Detection at Scale
Typosquatting remains a steady drumbeat on PyPI. What detection actually looks like when you're trying to catch it at ecosystem scale, and where the interesting edges are.
Supply Chain IoC Catalog
A practical catalog of indicators of compromise for software supply chain attacks, with detection queries and false-positive notes.
Datadog Security for Supply Chain Monitoring
Using Datadog's Cloud SIEM, ASM, and logs pipeline to monitor software supply chain threats across CI/CD, registries, and runtime.
Go Module Hijacking Detection
Module hijacking in Go is rare compared to npm, but it does happen, and the patterns worth watching are different from what you might expect from other ecosystems.
How One Engineer's Curiosity Saved Linux: The XZ Utils Backdoor Discovery Story
Andres Freund noticed SSH was 500ms slower than expected. That observation prevented the most dangerous supply chain attack in open source history from reaching stable Linux distributions.
Automating Typosquatting Detection for Package Registries
Typosquatting remains one of the most effective supply chain attacks. Automated detection using string distance algorithms, behavioral analysis, and registry monitoring can catch malicious packages before they reach your builds.