Dr Anton Chuvakin Blog PERSONAL Blog

This Blog Is Here For Historical Interest Only!

anton@chuvakin.org (Anton Chuvakin) — Mon, 8 Jul 2019 10:53:00 -0700

This is a reminder/disclaimer: this blog is here for historical interest only. Its history really ended on August 1, 2011 with this post.

This blog was my main blogging venue 2005-2011.
My security blogging in 2011-2019 was at https://blogs.gartner.com/anton-chuvakin/
My 2019+ blogging is centered at https://medium.com/anton-on-security/

Naturally, you already know all this if you follow me on Twitter ...

There you have it!

Monthly Blog Round-Up – August 2018

anton@chuvakin.org (Anton Chuvakin) — Fri, 31 Aug 2018 08:16:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010 – much ancient!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and that we updated for 2018. A lot more SIEM use case discussion is coming, here is a new post for 2018 SIEM use cases.
“Simple Log Review Checklist Released!” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “On Free Log Management Tools” (also aged quite a bit by now) is a companion to the checklist (updated version)
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013, I think these are still very useful in response to “what reports will give me the best insight from my logs?”
Again, my classic PCI DSS Log Review series is still very popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book – note that this series is even mentioned in some PCI Council materials.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 7X of the traffic of this blog]:

Critical reference posts:

Current research on SIEM:

Current research on SOC:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Other posts in this endless series:

Monthly Blog Round-Up – July 2018
All posts tagged monthly

Monthly Blog Round-Up – July 2018

anton@chuvakin.org (Anton Chuvakin) — Wed, 1 Aug 2018 09:45:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010 – much ancient!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and that we updated for 2018. A lot more SIEM use case discussion is coming, here is a new post for 2018 SIEM use cases.
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “On Free Log Management Tools” (also aged quite a bit by now) is a companion to the checklist (updated version)
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013, I think these are still very useful in response to “what reports will give me the best insight from my logs?”
Again, my classic PCI DSS Log Review series is still very popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book – note that this series is even mentioned in some PCI Council materials.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 7X of the traffic of this blog]:

Critical reference posts:

Current research on SIEM:

Current research on SOC:

Can You Do a SIEM-less SOC?

Recent research on testing security:

Recent research on threat detection “starter kit”

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017.

Other posts in this endless series:

Monthly Blog Round-Up – May 2018
All posts tagged monthly

Monthly Blog Round-Up – May 2018

anton@chuvakin.org (Anton Chuvakin) — Fri, 1 Jun 2018 09:04:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010 – much ancient!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and that we UPDATED FOR 2018.
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “On Free Log Management Tools” (also aged quite a bit by now) is a companion to the checklist (updated version)
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013, I think these are still very useful in response to “what reports will give me the best insight from my logs?”
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book – note that this series is even mentioned in some PCI Council materials.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 7X of the traffic of this blog]:

Critical reference posts:

Current research on SIEM, SOC, etc

Next Research: SOC, SIEM, and Again Overall Detection and Response

Just finished research on testing security:

Just finished research on threat detection “starter kit”

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017.

Other posts in this endless series:

Monthly Blog Round-Up – April 2018
All posts tagged monthly

Monthly Blog Round-Up – April 2018

anton@chuvakin.org (Anton Chuvakin) — Tue, 1 May 2018 11:11:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and we just UPDATED IT FOR 2018.
“Simple Log Review Checklist Released!” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “On Free Log Management Tools” (also aged quite a bit by now) is a companion to the checklist (updated version)
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013, I think these are still very useful in response to “what reports will give me the best insight from my logs?”
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book – note that this series is even mentioned in some PCI Council materials.
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 7X of the traffic of this blog]:

Critical reference posts:

Current research on testing security:

Current research on threat detection “starter kit”

Just finished research on SOAR:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017.

Other posts in this endless series:

Monthly Blog Round-Up – Feburary 2018
All posts tagged monthly

Monthly Blog Round-Up – February 2018

anton@chuvakin.org (Anton Chuvakin) — Thu, 1 Mar 2018 09:19:00 -0800

It is mildly shocking that I’ve been blogging for 13+ years (my first blog post on this blog was in December 2005, my old blog at O’Reilly predates this by about a year), so let’s spend a moment contemplating this fact.

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here – and we just UPDATED IT FOR 2018.
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013, I think these are still very useful in response to “what reports will give me the best insight from my logs?”
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book – note that this series is even mentioned in some PCI Council materials.
“Simple Log Review Checklist Released!” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “On Free Log Management Tools” (also aged quite a bit by now) is a companion to the checklist (updated version)

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Critical reference posts:

Current research on testing security:

Current research on threat detection “starter kit”

Just finished research on SOAR:

Just finished research on MSSP:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017.

Other posts in this endless series:

Monthly Blog Round-Up – January 2018
All posts tagged monthly

Monthly Blog Round-Up – January 2018

anton@chuvakin.org (Anton Chuvakin) — Thu, 1 Feb 2018 13:05:00 -0800

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here – and we just UPDATED IT FOR 2018.
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book – note that this series is even mentioned in some PCI Council materials.
“Simple Log Review Checklist Released!” is often at the top of this list – this rapildy aging checklist is still a useful tool for many people. “On Free Log Management Tools” (also aged quite a bit by now) is a companion to the checklist (updated version) s
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013, I think these are still very useful in response to “what reports will give me the best insight from my logs?”

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

A critical reference post:

Important: How to Impress / Annoy an Analyst During a Vendor Briefing? Best / Worst Tips Here!

Current research on testing security:

Current research on threat detection “starter kit”

New Research: Starting Your Detection and Response Capability

Current research on SOAR:

Just finished research on MSSP:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017.

Other posts in this endless series:

Monthly Blog Round-Up – December 2017
All posts tagged monthly

Annual Blog Round-Up – 2017

anton@chuvakin.org (Anton Chuvakin) — Wed, 3 Jan 2018 11:11:00 -0800

Here is my annual "Security Warrior" blog round-up of top 10 popular posts in 2017. Note that my current Gartner blog is where you go for my recent blogging (example), all of the content below predates 2011!

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not.
“Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
My classic PCI DSS Log Review series is always hot! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ in 2017 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).
“SIEM Bloggables” is a very old post, more like a mini-paper on some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users. Still very relevant, if not truly modern.
“Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM tools, see this document)
Another old checklist, “Log Management Tool Selection Checklist Out!” holds a top spot – it can be used to compare log management tools during the tool selection process or even formal RFP process. But let me warn you – this is from 2010.
“Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2” is about top log reports project of 2008-2013.
“A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert.

Total pageviews: 33,231 in 2017.

Disclaimer: all this content was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Monthly Blog Round-Up – December 2017

anton@chuvakin.org (Anton Chuvakin) — Wed, 1 Nov 2017 10:44:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here – and we are updating it now.
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“Simple Log Review Checklist Released!” is often at the top of this list – this rapildy aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
“SIEM Bloggables” is a very old post, more like a mini-paper on some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users. Still very relevant, if not truly modern.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

A critical reference post (!):

Important: How to Impress / Annoy an Analyst During a Vendor Briefing? Best / Worst Tips Here!

Upcoming research on testing security:

Upcoming research on threat detection “starter kit”

New Research: Starting Your Detection and Response Capability

Current research on SOAR:

Current research on MSSP:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Other posts in this endless series:

All posts tagged monthly

Monthly Blog Round-Up – September 2017

anton@chuvakin.org (Anton Chuvakin) — Mon, 2 Oct 2017 08:13:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here.
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)

Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“SIEM Bloggables” is a very old post , more like a mini-paper on some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Current research on SIEM:

Planned research on SOAR (security orchestration, automation and response):

SOAR Research Coming … Brace for Impact!!

Planned research on MSSP:

The Curse of A Black MSSP

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – August 2017
All posts tagged monthly

Monthly Blog Round-Up – August 2017

anton@chuvakin.org (Anton Chuvakin) — Fri, 1 Sep 2017 08:01:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Current research on SIEM:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – July 2017
All posts tagged monthly

Monthly Blog Round-Up – July 2017

anton@chuvakin.org (Anton Chuvakin) — Tue, 1 Aug 2017 12:41:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Current research on SIEM:

Recent research on vulnerability management:

WannaCry or Useful Reminders of the Realities of Vulnerability Management

Recent research on cloud security monitoring:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – June 2017
All posts tagged monthly

Monthly Blog Round-Up – June 2017

anton@chuvakin.org (Anton Chuvakin) — Fri, 7 Jul 2017 11:35:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Current research on vulnerability management:

WannaCry or Useful Reminders of the Realities of Vulnerability Management

Current research on cloud security monitoring:

Recent research on security analytics and UBA / UEBA:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – May 2017
All posts tagged monthly

Monthly Blog Round-Up – May 2017

anton@chuvakin.org (Anton Chuvakin) — Thu, 1 Jun 2017 09:40:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

EPIC WIN post:

Why Your Security Data Lake Project Will FAIL!

Current research on vulnerability management:

WannaCry or Useful Reminders of the Realities of Vulnerability Management

Current research on cloud security monitoring:

Recent research on security analytics and UBA / UEBA:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – April 2017
All posts tagged monthly

Monthly Blog Round-Up – April 2017

anton@chuvakin.org (Anton Chuvakin) — Fri, 12 May 2017 17:16:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Current research on cloud security monitoring:

Recent research on security analytics and UBA / UEBA:

EPIC WIN post:

Why Your Security Data Lake Project Will FAIL!

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – Februrary 2017
All posts tagged monthly

Monthly Blog Round-Up – February 2017

anton@chuvakin.org (Anton Chuvakin) — Wed, 1 Mar 2017 08:15:00 -0800

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010, so I have no idea why it tops the charts now!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Recent research on security analytics and UBA / UEBA:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.
Previous post in this endless series:

Monthly Blog Round-Up – January 2017
All posts tagged monthly

Monthly Blog Round-Up – January 2017

anton@chuvakin.org (Anton Chuvakin) — Wed, 1 Feb 2017 05:11:00 -0800

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Current research on security analytics and UBA / UEBA:

Recent research on deception:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – December 2016
All posts tagged monthly

Annual Blog Round-Up – 2016

anton@chuvakin.org (Anton Chuvakin) — Wed, 4 Jan 2017 11:11:00 -0800

Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2016. Note that my current Gartner blog is where you go for my recent blogging, all of the content below predates 2011.

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not.
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
My classic PCI DSS Log Review series is always hot! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ in 2017 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).
“Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM tools, see this document)
“How to Write an OK SIEM RFP?” (from 2010) contains Anton’s least hated SIEM RFP writing tips (I don’t have any favorite tips since I hate the RFP process)
“An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it).
“A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert.
Another old checklist, “Log Management Tool Selection Checklist Out!” holds a top spot – it can be used to compare log management tools during the tool selection process or even formal RFP process. But let me warn you – this is from 2010.

Disclaimer: all this content was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Monthly Blog Round-Up – December 2016

anton@chuvakin.org (Anton Chuvakin) — Tue, 3 Jan 2017 07:46:00 -0800

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it).
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Current research on security analytics and UBA / UEBA:

Recent research on deception:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Previous post in this endless series:

Monthly Blog Round-Up – November 2016
All posts tagged monthly

An Open Letter to Android or “Android, You Are Shit!”

anton@chuvakin.org (Anton Chuvakin) — Thu, 29 Dec 2016 12:09:00 -0800

Dear Android:

I know you are an operating system and probably cannot (yet?) read on your own. However, recent events compelled me to write this letter to you; an idea for it literally came to me in a dream.

You see, I have carried an Android phone in my pocket since 2010, for almost six years. First Sony Experia X10 (eventually running a venerable Android 2.3.7), then another phone and then finally a Google Nexus 4 and now Google Nexus 5X (sporting Android 7.1.1). At some point, I traded an iPad for a Google Nexus 9. A [sort of] Android Amazon Fire is my living room Android. I have convinced my wife to start using Android as well and she became a fan too. This represents a multi-year love affair with you, dear Android.

In fact, dear Android, I often had to defend you from packs from rabid Apple fanboys, generally with good results - I either won or we had a draw. Over the years, I had to defend my mobile technology choices from many people: “No, it is NOT an iPhone, it is a Nexus”, “Yes, I chose Android because I like it more than iPhone, not because it is cheaper”, “Yes, I think Google Now is way more useful than Siri”, etc, etc. I’ve counter-attacked with arguments about “closed Apple ecosystem”, “one stupid button” and “overpriced devices.” As a person who follows information technology, I am aware of Android many strengths such as better background processes and multi-tasking, security improvements, flexible user interface, Google Now integration, etc.

However, as I am writing this, my beloved Nexus 5X is no longer with me. In fact, recent events have triggered some soul-searching and ultimately this letter. While doing my soul-searching, I realized that my love affair with you, Android, has some strong dysfunctional notes. You see, I think I always suspected that you are shit.

Over the years, I’ve been using my Android devices carefully and thoughtfully – I never rooted them, never sideloaded apps [well, not to my main personal phone], and I even tried to minimize my use of non-Google applications, etc. However, as I recall my experiences with Android over the last six years, I am saddened to report that you, Android, never really worked quite right.

In fact, I distilled my reasons to calling you “shit” to one key point: I have never really trusted you, because you have never worked reliably enough to earn such trust.

Indeed, my Sony phone will sometimes crash and reboot, or freeze (“battery out” was the only cure). I of course explained it by “growing pains of Android, the new mobile OS”…after all you were just in v.2., practically a baby. My Nexus 4 used to crash and shut down as well; apps will often drain the battery to zero without any warning. Furthermore, even nowadays, my Google Nexus 9 tablet (running Android 7.1.1) will occasionally just shut down out of the blue – I just had to restart it earlier today. A few days before my Nexus 5X untimely death - just 1 year and 9 days after purchase, the phone rebooted when I launched a Camera app. Such random reboots and crashes were not common with my Nexus 5X, but they did happen periodically. And then finally, my Nexus 5X entered an endless reboot loop a few days after the 7.1.1 OTA update and now has to be replaced. No troubleshooting steps helped.

OK, Google, you want to blame the hardware, perhaps? My experiences over the last 6 years sap the energy from this argument. I used the hardware from 3 different makers, all running Android, all having stability problems.

You see, Android, I don’t care about improved malware protection, faster UI and about the fact that you are “really Linux.” I don’t care about your growing market share. An OS that cannot stay up is shit OS. And, you, my dear OS friend, is shit.

In fact, as my employer gave me an iPhone (first 4S and now 5S), a peculiar pattern of behavior developed in my life: if I absolutely, positively had to call an Uber on a dark and stormy night, I will stash my work iPhone in my back pocket, just in case. If I have to show a boarding pass to a permanently angry TSA agent, I will print it or use an iPhone. In fact, I was not even aware of this “if it has to happen – use iPhone” pattern until my wife asked me about why I was printing another boarding pass and I said “Ok, I guess I can use an iPhone for that” – and so I realized that I just won’t trust my Android device with this.

Dear Android, you may be a full-featured OS now, but you are just not mission critical. In fact, you are the opposite of that – you are iffy. And the only reason for why a version SEVEN (not version TWO with growing pains, mind you) will not achieve this reliability is obvious to me – you are shit.

Android, I’ve never really trusted you and I don’t trust you now. I’ve lived with you since your version 2.1 to a current 7.1.1. The only way you can still have "growing pains" after so many years is that you are a shit OS.

Despite all that, dear Android, I will take one more chance with you. When my Google Nexus 5X is repaired and then hopefully continues working for a while, I will stick to using you. But, sorry, no promises beyond that point!

Respectfully ... but distrustfully,

Dr. Anton Chuvakin

(as a consumer, NOT as a technology analyst!)

Monthly Blog Round-Up – November 2016

anton@chuvakin.org (Anton Chuvakin) — Thu, 1 Dec 2016 09:50:00 -0800

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Current research on security analytics and UBA / UEBA:

Recent research on deception:

Past research on SOC:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

Monthly Blog Round-Up – October 2016
All posts tagged monthly

Monthly Blog Round-Up – October 2016

anton@chuvakin.org (Anton Chuvakin) — Tue, 1 Nov 2016 07:57:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here!
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper).
My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Upcoming research on security analytics:

Currect research on deception:

Recent research on SOC:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Previous post in this endless series:

Monthly Blog Round-Up – September 2016
All posts tagged monthly

Monthly Blog Round-Up – September 2016

anton@chuvakin.org (Anton Chuvakin) — Mon, 3 Oct 2016 07:51:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here!
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper).
My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Currect research on deception:

Recent research on SOC:

Recent research on threat intelligence:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Previous post in this endless series:

Monthly Blog Round-Up – August 2016
All posts tagged monthly

Monthly Blog Round-Up – August 2016

anton@chuvakin.org (Anton Chuvakin) — Thu, 1 Sep 2016 05:55:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here!
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Current research on SOC:

Current research on threat intelligence:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

Monthly Blog Round-Up – July 2016
All posts tagged monthly

Monthly Blog Round-Up – July 2016

anton@chuvakin.org (Anton Chuvakin) — Mon, 1 Aug 2016 09:31:00 -0700

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … [235 pageviews]
“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here! [156 pageviews]
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [56 pageviews]
My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!)[40+ pageviews to the main tag]
“SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here in this paper). [70 pageviews of total 2891 pageviews to all blog page]

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]:

Current research on SOC and threat intelligence [2 projects]:

Miscellaneous fun posts:

Previous post in this endless series:

Monthly Blog Round-Up – June 2016
All posts tagged monthly