Safeguard
Tag

threat-detection

Safeguard articles tagged "threat-detection" — guides, analysis, and best practices for software supply chain and application security.

21 articles

Container Security

Container Runtime Security Monitoring: Catching the Breach in Progress

Scanning tells you what could go wrong before deploy. Runtime monitoring tells you what is going wrong right now. Here is how to detect container attacks as they happen.

Jul 8, 20265 min read
Container Security

eBPF Runtime Security for Kubernetes

eBPF lets you observe and enforce security at the kernel level — every syscall, network connection, and process exec — without kernel modules or instrumenting your apps. Here is how tools like Falco, Tetragon, and Cilium use it to catch what image scanning cannot.

Jul 8, 20266 min read
Concepts

What Is Malware? Types and How It Spreads

Malware is any software built to do harm, from stealing data to locking up your files. Here's a beginner-friendly tour of the main types and how it gets in.

Jul 2, 20266 min read
AI Security

AI in Network Security: Where It Actually Helps Today

AI in network security earns its keep in anomaly detection and alert triage today, not in autonomous response — here's the honest split between what's proven and what's still marketing.

Apr 22, 20265 min read
AI Security

AI cybersecurity hub (AI-driven threat detection)

Prisma Cloud's AI-driven detection watches runtime behavior, but AI in cybersecurity still misses supply chain attacks like XZ Utils. Provenance matters more.

Apr 7, 20267 min read
Vulnerability Analysis

What is Malware

Malware now hides in open source packages and CI pipelines, not just email attachments. Here's what it is, how it spreads, and how to catch it early.

Mar 25, 20267 min read
AI Security

What is Adversarial Machine Learning

Adversarial machine learning exploits model decision boundaries via evasion, poisoning, extraction, and inference attacks -- here's how it works and how to defend against it.

Mar 2, 20266 min read
Industry Analysis

Lateral movement

A precise breakdown of what lateral movement is, the MITRE ATT&CK techniques and pivoting methods attackers use, and how to detect them before they spread.

Feb 26, 20268 min read
Industry Analysis

Living off the land (LOTL) techniques

A precise breakdown of living off the land (LOTL) attacks: how LOLBins, fileless malware, and dual-use tool abuse let intruders hide in plain sight.

Feb 24, 20268 min read
Cloud Security

How to set up AWS GuardDuty for threat detection

A step-by-step guide to enabling AWS GuardDuty across accounts and regions, routing findings to your alerting stack, and triaging results.

Feb 20, 20268 min read
Best Practices

What is EDR (Endpoint Detection and Response)

What EDR actually detects, how it differs from antivirus, XDR, and MDR, and why supply chain attacks like XZ Utils and 3CX slip past it entirely.

Feb 17, 20267 min read
Best Practices

What is SIEM

SIEM explained: how it works, what data feeds it, how it differs from SOAR/XDR, and where reachability-based supply chain security fills its blind spots.

Feb 17, 20267 min read
threat-detection — Safeguard Blog