Subscribe: Anton Chuvakin Blog - "Security Warrior"
http://chuvakin.blogspot.com/feeds/posts/default
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
blog round  blog  cases  log review  log  popular  posts  research  review  security  siem cases  siem     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Anton Chuvakin Blog - "Security Warrior"

Dr Anton Chuvakin Blog PERSONAL Blog



This is my PERSONAL blog, as as of August 1, 2011, it focuses on personal matters and various things I find to be fun.LogChat: Andrew Hay and Anton Chuvakin talk about logging, log management and related topics



Last Build Date: Mon, 09 Oct 2017 14:20:21 PDT

Copyright: (C) Anton Chuvakin and Andrew Hay
 



Monthly Blog Round-Up – September 2017

Mon, 02 Oct 2017 08:13:51 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here.“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.  “SIEM Bloggables”  is a very old post , more like a mini-paper on  some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users.In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:  Current research on SIEM:Let’s Define “SIEM”!Is SIEM The Best Threat Detection Technology, Ever?SIEM or Log Management?Action Item: SaaS SIEM Users Sought!Flashback 2014: SIEM Deployment Blueprint VisualSummer of SIEM 2017 Coming…Planned research on SOAR (security orchestration,  automation and response):SOAR Research Coming … Brace for Impact!!Planned research on MSSP:The Curse of A Black MSSPMiscellaneous fun posts:Security Analytics: Platform First or Content First?Security Without Security People: A [Sad] Way Forward?Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”Befuddled By “Hackback”Can I Detect Advanced Threats With Just Flows/IPFIX?  Security: Automate And/Or Die? On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.Previous post in this endless series:Monthly Blog Round-Up – August 2017All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – August 2017

Fri, 01 Sep 2017 08:01:31 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.  SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:  Current research on SIEM:Let’s Define “SIEM”!Is SIEM The Best Threat Detection Technology, Ever?SIEM or Log Management?Action Item: SaaS SIEM Users Sought!Flashback 2014: SIEM Deployment Blueprint VisualSummer of SIEM 2017 Coming…Miscellaneous fun posts:Security Without Security People: A [Sad] Way Forward?Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”Befuddled By “Hackback”Can I Detect Advanced Threats With Just Flows/IPFIX?  Security: Automate And/Or Die? On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.Previous post in this endless series:Monthly Blog Round-Up – July 2017All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – July 2017

Tue, 01 Aug 2017 12:41:40 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:  Current research on SIEM:SIEM or Log Management?Action Item: SaaS SIEM Users Sought!Flashback 2014: SIEM Deployment Blueprint VisualSummer of SIEM 2017 Coming…Recent research on vulnerability management:WannaCry or Useful Reminders of the Realities of Vulnerability ManagementRecent research on cloud security monitoring:More Cloud Security Monitoring ContemplationsCloud Threat Detection ResearchMore Cloud Security Monitoring ContemplationsMiscellaneous fun posts:Security Without Security People: A [Sad] Way Forward?Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”Befuddled By “Hackback”Can I Detect Advanced Threats With Just Flows/IPFIX?  Security: Automate And/Or Die? On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.Previous post in this endless series:Monthly Blog Round-Up – June 2017All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – June 2017

Fri, 07 Jul 2017 11:35:03 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.  “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:  Current research on vulnerability management:WannaCry or Useful Reminders of the Realities of Vulnerability ManagementCurrent research on cloud security monitoring:More Cloud Security Monitoring ContemplationsCloud Threat Detection ResearchMore Cloud Security Monitoring ContemplationsRecent research on security analytics and UBA / UEBA:Why Your Security Data Lake Project Will FAIL!Upcoming Webinar: User and Entity Behavior Analytics ToolsOur Security Analytics and UEBA Papers PublishedOk, So Who Really MUST Get a UEBA?On UEBA / UBA Use CasesUEBA Clearly Defined, Again?What Should Your UEBA Show: Indications or Conclusions?UEBA Shines Where SIEM Whines?The Coming UBA / UEBA – SIEM War!Next Research: Back to Security Analytics and UBA/UEBASad Hilarity of Predictive Analytics in Security?Miscellaneous fun posts:Security Without Security People: A [Sad] Way Forward?Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”Befuddled By “Hackback”Threats Inside vs Insider Threat  Can I Detect Advanced Threats With Just Flows/IPFIX? Security: Automate And/Or Die? On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.Previous post in this endless series:Monthly Blog Round-Up – May 2017All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – May 2017

Thu, 01 Jun 2017 09:40:21 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.  “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:  EPIC WIN post:Why Your Security Data Lake Project Will FAIL!Current research on vulnerability management:WannaCry or Useful Reminders of the Realities of Vulnerability ManagementCurrent research on cloud security monitoring:More Cloud Security Monitoring ContemplationsCloud Threat Detection ResearchMore Cloud Security Monitoring ContemplationsRecent research on security analytics and UBA / UEBA:Our Security Analytics and UEBA Papers PublishedOk, So Who Really MUST Get a UEBA?On UEBA / UBA Use CasesUEBA Clearly Defined, Again?What Should Your UEBA Show: Indications or Conclusions?UEBA Shines Where SIEM Whines?The Coming UBA / UEBA – SIEM War!Next Research: Back to Security Analytics and UBA/UEBASad Hilarity of Predictive Analytics in Security?Miscellaneous fun posts:Threats Inside vs Insider Threat  Can I Detect Advanced Threats With Just Flows/IPFIX? Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.Previous post in this endless series:Monthly Blog Round-Up – April 2017All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – April 2017

Fri, 12 May 2017 17:16:14 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper). In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Current research on cloud security monitoring: Cloud Threat Detection Research More Cloud Security Monitoring Contemplations   Recent research on security analytics and UBA / UEBA: Our Security Analytics and UEBA Papers Published Ok, So Who Really MUST Get a UEBA? On UEBA / UBA Use Cases UEBA Clearly Defined, Again? What Should Your UEBA Show: Indications or Conclusions? UEBA Shines Where SIEM Whines? The Coming UBA / UEBA – SIEM War! Next Research: Back to Security Analytics and UBA/UEBA Sad Hilarity of Predictive Analytics in Security?   EPIC WIN post: Why Your Security Data Lake Project Will FAIL!   Miscellaneous fun posts: SIEM Future: A UEBA Path or An MDR Way? Security in 2025 – Extrapolate or Bust? Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – Februrary 2017 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – February 2017

Fri, 12 May 2017 17:08:22 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010, so I have no idea why it tops the charts now!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:  Recent research on security analytics and UBA / UEBA: Ok, So Who Really MUST Get a UEBA? On UEBA / UBA Use Cases UEBA Clearly Defined, Again? What Should Your UEBA Show: Indications or Conclusions? UEBA Shines Where SIEM Whines? The Coming UBA / UEBA – SIEM War! Next Research: Back to Security Analytics and UBA/UEBA Sad Hilarity of Predictive Analytics in Security?Miscellaneous fun posts:Security in 2025 – Extrapolate or Bust? All My Research Published in 2016 Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? No, Virginia, It Does NOT Mean That! (detection vs prevention) Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.Previous post in this endless series:Monthly Blog Round-Up – January 2017 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Links for 2017-03-03 [del.icio.us]

Sat, 04 Mar 2017 00:00:00 PST

(image)



Links for 2017-02-22 [del.icio.us]

Thu, 23 Feb 2017 00:00:00 PST

(image)



Monthly Blog Round-Up – January 2017

Wed, 01 Feb 2017 05:11:00 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it). In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Current research on security analytics and UBA / UEBA: Ok, So Who Really MUST Get a UEBA? On UEBA / UBA Use Cases UEBA Clearly Defined, Again? What Should Your UEBA Show: Indications or Conclusions? UEBA Shines Where SIEM Whines? The Coming UBA / UEBA – SIEM War! Next Research: Back to Security Analytics and UBA/UEBA Sad Hilarity of Predictive Analytics in Security? Recent research on deception: Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published APT-Ready? Better Threat Detection vs Detecting “Better” Threats? Better Data or Better Algorithms? Tricky: Building a Business Case for A Deception Tool? It Is Happening: We Are Starting Our Deception Research! “Deception as Detection” or Give Deception a Chance? Miscellaneous fun posts: Security in 2025 – Extrapolate or Bust? All My Research Published in 2016 Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? No, Virginia, It Does NOT Mean That! (detection vs prevention) Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – December 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Annual Blog Round-Up – 2016

Wed, 04 Jan 2017 11:11:01 PST

Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2016. Note that my current Gartner blog is where you go for my recent blogging, all of the content below predates 2011. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always hot! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ in 2017 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!)  “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper). “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM tools, see this document) “How to Write an OK SIEM RFP?” (from 2010) contains Anton’s least hated SIEM RFP writing tips (I don’t have any favorite tips since I hate the RFP process) “An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it). “A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert. Another old checklist, “Log Management Tool Selection Checklist Out!”  holds a top spot  – it can be used to compare log management tools during the tool selection process or even formal RFP process. But let me warn you – this is from 2010. Disclaimer: all this content was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing.  For my current security blogging, go here. Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.About me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – December 2016

Tue, 03 Jan 2017 07:46:04 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it). “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Current research on security analytics and UBA / UEBA: UEBA Clearly Defined, Again? What Should Your UEBA Show: Indications or Conclusions? UEBA Shines Where SIEM Whines? The Coming UBA / UEBA – SIEM War! Next Research: Back to Security Analytics and UBA/UEBA Sad Hilarity of Predictive Analytics in Security? Recent research on deception: Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published APT-Ready? Better Threat Detection vs Detecting “Better” Threats? Better Data or Better Algorithms? Tricky: Building a Business Case for A Deception Tool? It Is Happening: We Are Starting Our Deception Research! “Deception as Detection” or Give Deception a Chance? Miscellaneous fun posts: All My Research Published in 2016 Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? No, Virginia, It Does NOT Mean That! (detection vs prevention) Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – November 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



An Open Letter to Android or “Android, You Are Shit!”

Thu, 29 Dec 2016 12:09:44 PST

Dear Android:I know you are an operating system and probably cannot (yet?) read on your own. However, recent events compelled me to write this letter to you; an idea for it literally came to me in a dream.You see, I have carried an Android phone in my pocket since 2010, for almost six years. First Sony Experia X10 (eventually running a venerable Android 2.3.7), then another phone and then finally a Google Nexus 4 and now Google Nexus 5X (sporting Android 7.1.1). At some point, I traded an iPad for a Google Nexus 9. A [sort of] Android Amazon Fire is my living room Android. I have convinced my wife to start using Android as well and she became a fan too. This represents a multi-year love affair with you, dear Android.In fact, dear Android, I often had to defend you from packs from rabid Apple fanboys, generally with good results - I either won or we had a draw. Over the years, I had to defend my mobile technology choices from many people: “No, it is NOT an iPhone, it is a Nexus”, “Yes, I chose Android because I like it more than iPhone, not because it is cheaper”, “Yes, I think Google Now is way more useful than Siri”, etc, etc. I’ve counter-attacked with arguments about “closed Apple ecosystem”, “one stupid button” and “overpriced devices.”   As a person who follows information technology, I am aware of Android many strengths such as better background processes and multi-tasking, security improvements, flexible user interface, Google Now integration, etc.However, as I am writing this, my beloved Nexus 5X is no longer with me. In fact, recent events have triggered some soul-searching and ultimately this letter. While doing my soul-searching, I realized that my love affair with you, Android, has some strong dysfunctional notes. You see, I think I always suspected that you are shit.Over the years, I’ve been using my Android devices carefully and thoughtfully – I never rooted them, never sideloaded apps [well, not to my main personal phone], and I even tried to minimize my use of non-Google applications, etc.  However, as I recall my experiences with Android over the last six years, I am saddened to report that you, Android, never really worked quite right.In fact, I distilled my reasons to calling you “shit” to one key point: I have never really trusted you, because you have never worked reliably enough to earn such trust.Indeed, my Sony phone will sometimes crash and reboot, or freeze (“battery out” was the only cure). I of course explained it by “growing pains of Android, the new mobile OS”…after all you were just in v.2., practically a baby. My Nexus 4 used to crash and shut down as well; apps will often drain the battery to zero without any warning.  Furthermore, even nowadays, my Google Nexus 9 tablet (running Android 7.1.1) will occasionally just shut down out of the blue – I just had to restart it earlier today.  A few days before my Nexus 5X untimely death - just 1 year and 9 days after purchase, the phone rebooted when I launched a Camera app. Such random reboots and crashes were not common with my Nexus 5X, but they did happen periodically.  And then finally, my Nexus 5X entered an endless reboot loop a few days after the 7.1.1 OTA update and now has to be replaced. No troubleshooting steps helped.OK, Google, you want to blame the hardware, perhaps? My experiences over the last 6 years sap the energy from this argument. I used the hardware from 3 different makers, all running Android, all having stability problems.You see, Android, I don’t care about improved malware protection, faster UI and about the fact that you are “really Linux.” I don’t care about your growing market share.  An OS that cannot stay up is[...]



Monthly Blog Round-Up – November 2016

Thu, 01 Dec 2016 09:50:33 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here! “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper). In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Current research on security analytics and UBA / UEBA: UEBA Shines Where SIEM Whines? The Coming UBA / UEBA – SIEM War! Next Research: Back to Security Analytics and UBA/UEBA Sad Hilarity of Predictive Analytics in Security? Recent research on deception: Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published APT-Ready? Better Threat Detection vs Detecting “Better” Threats? Better Data or Better Algorithms? Tricky: Building a Business Case for A Deception Tool? It Is Happening: We Are Starting Our Deception Research! “Deception as Detection” or Give Deception a Chance? Past research on SOC: SOC Webinar Questions Answered Our “How to Plan, Design, Operate and Evolve a SOC” Paper Is Published About The Tri-Team Model of SOC, CIRT, “Threat Something” New Research Starting Soon: Threat Intel, SOC, etc Your SOC Nuclear Triad   Miscellaneous fun posts: Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? No, Virginia, It Does NOT Mean That! (detection vs prevention) Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – October 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Links for 2016-11-22 [del.icio.us]

Wed, 23 Nov 2016 00:00:00 PST

(image)



Monthly Blog Round-Up – October 2016

Tue, 01 Nov 2016 07:57:48 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here! “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper). My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Upcoming research on security analytics: Next Research: Back to Security Analytics and UBA/UEBA Sad Hilarity of Predictive Analytics in Security? Currect research on deception: APT-Ready? Better Threat Detection vs Detecting “Better” Threats? Better Data or Better Algorithms? Tricky: Building a Business Case for A Deception Tool? It Is Happening: We Are Starting Our Deception Research! “Deception as Detection” or Give Deception a Chance? Recent research on SOC: Our “How to Plan, Design, Operate and Evolve a SOC” Paper Is Published About The Tri-Team Model of SOC, CIRT, “Threat Something” New Research Starting Soon: Threat Intel, SOC, etc Your SOC Nuclear Triad   Miscellaneous fun posts: Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? No, Virginia, It Does NOT Mean That! (detection vs prevention) Jumping Security Maturity FAIL! Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – September 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – September 2016

Mon, 03 Oct 2016 07:51:48 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here! “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper). My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Currect research on deception: Tricky: Building a Business Case for A Deception Tool? It Is Happening: We Are Starting Our Deception Research! “Deception as Detection” or Give Deception a Chance? Recent research on SOC: About The Tri-Team Model of SOC, CIRT, “Threat Something” New Research Starting Soon: Threat Intel, SOC, etc Your SOC Nuclear Triad Recent research on threat intelligence: How to Grow to Strategic Threat Intel Consumption? Baby’s First Threat Intel Usage Questions How a Lower Maturity Security Organization Can Use Threat Intel?  Miscellaneous fun posts: Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links No, Virginia, It Does NOT Mean That! (detection and prevention) Jumping Security Maturity FAIL! Security: Automate And/Or Die? Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015. Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – August 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – August 2016

Thu, 01 Sep 2016 05:55:14 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here! “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper). In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Current research on SOC: About The Tri-Team Model of SOC, CIRT, “Threat Something” New Research Starting Soon: Threat Intel, SOC, etc Your SOC Nuclear Triad Current research on threat intelligence: How to Grow to Strategic Threat Intel Consumption? Baby’s First Threat Intel Usage Questions How a Lower Maturity Security Organization Can Use Threat Intel?  Miscellaneous fun posts: Threats Inside vs Insider Threat Can I Detect Advanced Threats With Just Flows/IPFIX? Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – July 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Links for 2016-08-23 [del.icio.us]

Wed, 24 Aug 2016 00:00:00 PDT

(image)



Links for 2016-08-08 [del.icio.us]

Tue, 09 Aug 2016 00:00:00 PDT

(image)



Monthly Blog Round-Up – July 2016

Mon, 01 Aug 2016 09:31:02 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [235 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here! [156 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [56 pageviews] My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!)[40+ pageviews to the main tag] “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [70 pageviews of total 2891 pageviews to all blog page] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:    Current research on SOC and threat intelligence [2 projects]: About The Tri-Team Model of SOC, CIRT, “Threat Something” Baby’s First Threat Intel Usage Questions How a Lower Maturity Security Organization Can Use Threat Intel? New Research Starting Soon: Threat Intel, SOC, etc Your SOC Nuclear Triad   Miscellaneous fun posts: Can I Detect Advanced Threats With Just Flows/IPFIX? Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links My Detection Confidence Survey Results No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – June 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Links for 2016-07-31 [del.icio.us]

Mon, 01 Aug 2016 00:00:00 PDT

(image)



Links for 2016-07-03 [del.icio.us]

Mon, 04 Jul 2016 00:00:00 PDT

(image)



Monthly Blog Round-Up – June 2016

Fri, 01 Jul 2016 10:59:39 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [239 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here! [96 pageviews] My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!)[90+ pageviews to the main tag] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [89 pageviews] “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [70 pageviews of total 3475 pageviews to all blog page] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 4X of the traffic of this blog]:    Current research on SOC and threat intelligence [2 projects]: Baby’s First Threat Intel Usage Questions How a Lower Maturity Security Organization Can Use Threat Intel? New Research Starting Soon: Threat Intel, SOC, etc Your SOC Nuclear Triad   Past research on IR: Our “How to Plan and Execute Modern Security Incident Response” Publishes What Is Different About Security Incident Response Today? Incident Response Becomes Threat Response … OR Does It: IR Research Commencing Past research on EDR: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes Our Paper “Endpoint Detection and Response Tool Architecture and Operations Practices” Publishes One More Time On EDR Use Cases EDR Tool Wins – Only For The Enlightened? EDR Mud Fight: Kernel or Userland? Using EDR For Remediation? EDR Research Commencing: Call To Action! Where Does EDR End and “NG AV” Begin? Reality Check on EDR / ETDR My Paper on Endpoint Tools Publishes (2013) Miscellaneous fun posts: Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links RSA 2016: Musings and Contemplations My Detection Confidence Survey Results No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advanta[...]



Monthly Blog Round-Up – May 2016

Tue, 07 Jun 2016 11:08:22 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [262 pageviews] “A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert [103 pageviews] “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document [2015 update]) [80 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our new 2016 research on security monitoring use cases here! [74 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [65 pageviews of total 3971 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 3X of the traffic of this blog]:    Current research on SOC and threat intelligence [2 projects]: New Research Starting Soon: Threat Intel, SOC, etc How a Lower Maturity Security Organization Can Use Threat Intel? Past research on IR: Our “How to Plan and Execute Modern Security Incident Response” Publishes What Is Different About Security Incident Response Today? Incident Response Becomes Threat Response … OR Does It: IR Research Commencing Past research on EDR: Our Paper “Endpoint Detection and Response Tool Architecture and Operations Practices” Publishes One More Time On EDR Use Cases EDR Tool Wins – Only For The Enlightened? EDR Mud Fight: Kernel or Userland? Using EDR For Remediation? EDR Research Commencing: Call To Action! Where Does EDR End and “NG AV” Begin? Reality Check on EDR / ETDR My Paper on Endpoint Tools Publishes (2013) Miscellaneous fun posts: Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links RSA 2016: Musings and Contemplations My Detection Confidence Survey Results No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? Your SOC Nuclear Triad On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writi[...]



Monthly Blog Round-Up – April 2016

Tue, 03 May 2016 13:00:32 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [223 pageviews] “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document [2015 update]) [116 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our new 2016 research on security monitoring use cases here! [84 pageviews] “A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert [80 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [78 pageviews of total 3857 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 3X the traffic of this blog]:    Current research on IR: Our “How to Plan and Execute Modern Security Incident Response” Publishes What Is Different About Security Incident Response Today? Incident Response Becomes Threat Response … OR Does It: IR Research Commencing Current research on EDR: One More Time On EDR Use Cases EDR Tool Wins – Only For The Enlightened? EDR Mud Fight: Kernel or Userland? Using EDR For Remediation? EDR Research Commencing: Call To Action! Where Does EDR End and “NG AV” Begin? Reality Check on EDR / ETDR My Paper on Endpoint Tools Publishes (2013) Miscellaneous fun posts: Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links RSA 2016: Musings and Contemplations My Detection Confidence Survey Results No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? Your SOC Nuclear Triad On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – March 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – March 2016

Fri, 01 Apr 2016 09:02:27 PDT

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [230 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [112 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our new 2016 research on security monitoring use cases here! [92 pageviews] My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!) [84+ pageviews to the main tag] “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document [2015 update]) [78 pageviews of total 4113 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 3X the traffic of this blog]:    Current research on IR: What Is Different About Security Incident Response Today? Incident Response Becomes Threat Response … OR Does It: IR Research Commencing Current research on EDR: EDR Mud Fight: Kernel or Userland? Using EDR For Remediation? EDR Research Commencing: Call To Action! Where Does EDR End and “NG AV” Begin? Reality Check on EDR / ETDR My Paper on Endpoint Tools Publishes (2013) Miscellaneous fun posts: Sad Hilarity of Predictive Analytics in Security? Anton’s Favorite Threat Hunting Links RSA 2016: Musings and Contemplations My Detection Confidence Survey Results No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? Your SOC Nuclear Triad On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – Feburary 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – Feburary 2016

Mon, 07 Mar 2016 08:16:39 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [267 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our new 2016 research on security monitoring use cases here! [106 pageviews] “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running mySIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document [2015 update]) [104 pageviews] “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [70 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [65 pageviews of total 3861 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:    Current research on IR: What Is Different About Security Incident Response Today? Incident Response Becomes Threat Response … OR Does It: IR Research Commencing Current research on EDR: EDR Research Commencing: Call To Action! Where Does EDR End and “NG AV” Begin? Reality Check on EDR / ETDR My Paper on Endpoint Tools Publishes (2013) Past research on SIEM: Our New Paper on Security Monitoring Use Cases Publishes Our 2016 SIEM Papers Are Out! Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL? SIEM Use Case Implementation and Tuning Process Fun Challenges with SIEM Use Cases SIEM Use Case Discovery SIEM Use Cases – And Other Security Monitoring Use Cases Too! Miscellaneous fun posts: My Detection Confidence Survey Results No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Security: Automate And/Or Die? Your SOC Nuclear Triad On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – January 2016 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – January 2016

Mon, 01 Feb 2016 09:47:49 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [262 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases as well as this new post. Finally, see our new 2015 research on SIEM use cases here! [106 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [83 pageviews] My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.1 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!) [68+ pageviews to the main tag] “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [55 pageviews of total 3420 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:    Current research on EDR: EDR Research Commencing: Call To Action! Where Does EDR End and “NG AV” Begin? Reality Check on EDR / ETDR My Paper on Endpoint Tools Publishes (2013) Past research on SIEM: Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL? SIEM Use Case Implementation and Tuning Process Fun Challenges with SIEM Use Cases SIEM Use Case Discovery SIEM Use Cases – And Other Security Monitoring Use Cases Too! Miscellaneous fun posts: No, Virginia, It Does NOT Mean That! (detection and prevention) “Deception as Detection” or Give Deception a Chance? Jumping Security Maturity FAIL! Five Basic Forgotten Security Alert Truths Security: Automate And/Or Die? Your SOC Nuclear Triad Threat Intelligence and Operational Agility On Tanks vs Tractors Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. Previous post in this endless series: Monthly Blog Round-Up – December 2015 All posts tagged monthlyAbout me: http://www.chuvakin.org [...]



Annual Blog Round-Up – 2015

Mon, 04 Jan 2016 11:36:03 PST

Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2015. Note that my current Gartner blog is where you go for my recent blogging, all of the content below predates 2011. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current emergence of open source log search tools (ELK FTW!), BTW, does not break the logic of that post.  SIEM is still hard, whether OSS or not. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) My classic PCI DSS Log Review series is always hot! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.1 in 2015 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!)  “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases as well as this new post. Finally, see our new 2015 research on SIEM use cases here! “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM tools, see this document) “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper). “How to Write an OK SIEM RFP?” (from 2010) contains Anton’s least hated SIEM RFP writing tips (I don’t have any favorite tips since I hate the RFP process) “SANS Top 6 Log Reports Reborn!” highlights the re-release of top most popular log reports list. “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as about why the right way is so unpopular. “SIEM Bloggables”  is a very old post , more like a mini-paper on  some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing.  For my current security blogging, go here. Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.About me: http://www.chuvakin.org [...]



Monthly Blog Round-Up – December 2015

Fri, 01 Jan 2016 11:11:02 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. Also, developing a SIEM is much harder than most people think – some parts demand an open ended commitment from its developer. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …  [206 pageviews] “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [105 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases as well as this new post. Finally, see our new 2015 research on SIEM use cases here! [90 pageviews] My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.1 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!) [128+ pageviews to the main tag] “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [46 pageviews of total 3420 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:   Current research on SIEM:Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL?SIEM Use Case Implementation and Tuning ProcessFun Challenges with SIEM Use Cases SIEM Use Case Discovery SIEM Use Cases – And Other Security Monitoring Use Cases Too!Miscellaneous fun posts:Where Does EDR End and “NG AV” Begin? On Stupidity of Some Privacy Themes Five Basic Forgotten Security Alert Truths Security: Automate And/Or Die? On Space Between Detection and Response Your SOC Nuclear Triad Threat Intelligence and Operational Agility On Tanks vs Tractors Enable the Business? Sometimes Security Must Say “NO”… Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current secur[...]



Monthly Blog Round-Up – November 2015

Thu, 31 Dec 2015 14:16:57 PST

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. Also, developing a SIEM is much harder than most people think. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” …  [236 pageviews] “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases as well as this new post. Finally, see our new 2015 research on SIEM use cases here! [191 pageviews] My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.1 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!) [128+ pageviews to the main tag] “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [113 pageviews ] “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [78 pageviews of total 4447 pageviews to all blog pages] In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:  Current research on SIEM: SIEM Use Case Implementation and Tuning ProcessFun Challenges with SIEM Use CasesSIEM Use Case Discovery SIEM Use Cases – And Other Security Monitoring Use Cases Too!Past research on VA tools and VM practices: Our Vulnerability Assessment Vulnerability Management Research Publishes Vulnerability Management #1 Problem – After All These Years!Past maverick research on AI/smart machines risks: 2030: Have They Social Engineered Your AI?! On Evil AIs and Evil PeopleMiscellaneous fun posts:On Stupidity of Some Privacy Themes Five Basic Forgotten Security Alert Truths Security: Automate And/Or Die? On Space Between Detection and Response Your SOC Nuclear Triad Threat Intelligence and Operational Agility On Tanks vs Tractors Enable the Business? Sometimes Security Must Say “NO”… Defeat The Casual Attacker First!! On “Defender’s Advantage” (see all my published Gartner research here)Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time[...]