threat-detection
Safeguard articles tagged "threat-detection" — guides, analysis, and best practices for software supply chain and application security.
21 articles
Container Runtime Security Monitoring: Catching the Breach in Progress
Scanning tells you what could go wrong before deploy. Runtime monitoring tells you what is going wrong right now. Here is how to detect container attacks as they happen.
eBPF Runtime Security for Kubernetes
eBPF lets you observe and enforce security at the kernel level — every syscall, network connection, and process exec — without kernel modules or instrumenting your apps. Here is how tools like Falco, Tetragon, and Cilium use it to catch what image scanning cannot.
What Is Malware? Types and How It Spreads
Malware is any software built to do harm, from stealing data to locking up your files. Here's a beginner-friendly tour of the main types and how it gets in.
AI in Network Security: Where It Actually Helps Today
AI in network security earns its keep in anomaly detection and alert triage today, not in autonomous response — here's the honest split between what's proven and what's still marketing.
AI cybersecurity hub (AI-driven threat detection)
Prisma Cloud's AI-driven detection watches runtime behavior, but AI in cybersecurity still misses supply chain attacks like XZ Utils. Provenance matters more.
What is Malware
Malware now hides in open source packages and CI pipelines, not just email attachments. Here's what it is, how it spreads, and how to catch it early.
What is Adversarial Machine Learning
Adversarial machine learning exploits model decision boundaries via evasion, poisoning, extraction, and inference attacks -- here's how it works and how to defend against it.
Lateral movement
A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.
Living off the land (LOTL) techniques
A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.
How to set up AWS GuardDuty for threat detection
A step-by-step guide to enabling AWS GuardDuty across accounts and regions, routing findings to your alerting stack, and triaging results.
What is EDR (Endpoint Detection and Response)
What EDR actually detects, how it differs from antivirus, XDR, and MDR, and why supply chain attacks like XZ Utils and 3CX slip past it entirely.
What is SIEM
SIEM explained: how it works, what data feeds it, how it differs from SOAR/XDR, and where reachability-based supply chain security fills its blind spots.