Safeguard
Tag

detection

Safeguard articles tagged "detection" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Security Guides

OWASP A09: Security Logging and Monitoring Failures — A Deep-Dive Guide

Security Logging and Monitoring Failures rank #9 in the OWASP Top 10 (2021). A deep dive into undetected breaches, dwell time, real incidents, and how to fix it.

Jul 7, 20267 min read
Concepts

False Positives vs False Negatives: What's the Difference?

A false positive flags something safe as dangerous. A false negative misses something dangerous entirely. One wastes your time; the other gets you breached.

Jul 5, 20266 min read
Incident Analysis

Incident Response Playbook for a Compromised Dependency

A concrete, timed playbook for the 72 hours after a critical dependency advisory — inventory, reachability, containment, remediation, and retrospective.

Feb 24, 20267 min read
Cloud Security

GuardDuty Extended Threat Detection: What Defenders Actually Get

GuardDuty's extended threat detection correlates findings across signals into attack sequences. We dig into where it helps, where it misses, and how to wire it into supply chain incident response.

Feb 11, 20267 min read
Container Security

Deploying Falco for Runtime Security in 2026

A pragmatic deployment guide for Falco 0.41 in production Kubernetes: driver selection, rule tuning, alert routing, and the operational debt teams underestimate.

Jan 22, 20265 min read
Industry Analysis

Azure Sentinel for Supply Chain Detection

Sentinel has everything it needs to detect supply chain attacks in Azure — but only if the analytics rules are tuned to what those attacks actually look like.

Dec 15, 20248 min read
Open Source Security

PyPI Typosquatting Detection at Scale

Typosquatting remains a steady drumbeat on PyPI. What detection actually looks like when you're trying to catch it at ecosystem scale, and where the interesting edges are.

Sep 18, 20247 min read
Vulnerability Management

Supply Chain IoC Catalog

A practical catalog of indicators of compromise for software supply chain attacks, with detection queries and false-positive notes.

Sep 14, 20246 min read
Industry Analysis

Datadog Security for Supply Chain Monitoring

Using Datadog's Cloud SIEM, ASM, and logs pipeline to monitor software supply chain threats across CI/CD, registries, and runtime.

Sep 8, 20247 min read
Open Source Security

Go Module Hijacking Detection

Module hijacking in Go is rare compared to npm, but it does happen, and the patterns worth watching are different from what you might expect from other ecosystems.

Jun 18, 20247 min read
Supply Chain Security

How One Engineer's Curiosity Saved Linux: The XZ Utils Backdoor Discovery Story

Andres Freund noticed SSH was 500ms slower than expected. That observation prevented the most dangerous supply chain attack in open source history from reaching stable Linux distributions.

Apr 1, 20247 min read
Software Supply Chain Security

Automating Typosquatting Detection for Package Registries

Typosquatting remains one of the most effective supply chain attacks. Automated detection using string distance algorithms, behavioral analysis, and registry monitoring can catch malicious packages before they reach your builds.

Mar 5, 20235 min read
detection — Safeguard Blog