Anton Chuvakin – Page 16 – WindowsTechs.com

MSSP is/and/or/vs MDR?

Posted on December 14, 2017 by Anton Chuvakin

So, we are wrapping up our research on the effective use of managed services for security and that debate of MSSP vs MDR came up … again! Gartner defined MDRs (here), perhaps a bit vaguely, as providers that “deliver services for buyers loo… Continue reading MSSP is/and/or/vs MDR?→

Our Team Is Still Hiring: One Position Open – Network Security in US/North America

Posted on December 12, 2017 by Anton Chuvakin

For some reason, we have real trouble hiring a network security analyst. We filled other hard-to-fill roles, but the netsec is still open, despite plenty of interviews, and some group interviews (the So: our team at Gartner for Technical Professionals … Continue reading Our Team Is Still Hiring: One Position Open – Network Security in US/North America→

My Top 7 Popular Gartner Blog Posts for November 2017

Posted on December 7, 2017 by Anton Chuvakin

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) On Wild Security Maturity Overestimation (basically a rant, tagged philosophy) De… Continue reading My Top 7 Popular Gartner Blog Posts for November 2017→

On Wild Security Maturity Overestimation

Posted on November 13, 2017 by Anton Chuvakin

Want to know what my absolute #1 insight that I learned working at Gartner for 6+ years is? No jokes, this is serious! Any guesses from the audience? In any case, this would be a huge number of organizations that are way, way, way worse in information security compared to your wildest, most pessimistic view […]

The post On Wild Security Maturity Overestimation appeared first on Security Boulevard.

Continue reading On Wild Security Maturity Overestimation→

SOAR and Ticketing: Friends, Frenemies or the Same thing?

Posted on November 3, 2017 by Anton Chuvakin

We continue our journey through SOAR mysteries with this one: what is the relationship between case management (aka ticketing) and SOAR? So far, we have encountered these views (overdramatized for added hilarity!): “Are you dumb? SOAR and security case management are essentially the same thing; you cannot have a SOAR tool without incident case management, […]

The post SOAR and Ticketing: Friends, Frenemies or the Same thing? appeared first on Security Boulevard.

Continue reading SOAR and Ticketing: Friends, Frenemies or the Same thing?→

My Top 7 Popular Gartner Blog Posts for October 2017

Posted on November 2, 2017 by Anton Chuvakin

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) Why Your Security Data Lake Project Will FAIL! (likely my most popular single Gartner […]

The post My Top 7 Popular Gartner Blog Posts for October 2017 appeared first on Security Boulevard.

Continue reading My Top 7 Popular Gartner Blog Posts for October 2017→

Monthly Blog Round-Up – October 2017

Posted on November 1, 2017 by Anton Chuvakin

Here is my next monthly “Security Warrior” blog round-up of top 5 popular posts based on last

month’s visitor data (excluding other monthly or annual round-ups):

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here – and we are updating it now.
“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this rapildy aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
“SIEM Bloggables” is a very old post, more like a mini-paper on some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users. Still very relevant, if not truly modern.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Current research on SOAR:

Current research on MSSP:

Recent research on SIEM:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

Monthly Blog Round-Up – September 2017
All posts tagged monthly

About me: http://www.chuvakin.org

The post Monthly Blog Round-Up – October 2017 appeared first on Security Boulevard.

Continue reading Monthly Blog Round-Up – October 2017→

SOAR and “Curve-jumping” in Security Operations

Posted on October 20, 2017 by Anton Chuvakin

Lets think about this together — can you really jump to the “next curve” in security, or do you have to travel the entire journey from the old ways to the cutting edge? This is a harder question than it appears and there are temptations on both sides of the argument. Also, there are false […]

The post SOAR and “Curve-jumping” in Security Operations appeared first on Security Boulevard.

Continue reading SOAR and “Curve-jumping” in Security Operations→

Your Security Operations Maturity – and Your MSSP

Posted on October 17, 2017 by Anton Chuvakin

Contrary to what some people think, using MSSP is not just for losers low-maturity organizations and SMBs. For sure, we do see a lot of MSSP usage by clients who “need some monitoring for compliance” or “have no team and no process, and want ‘security outsourced’” (the latter seems like a good indication for MSSP […]

The post Your Security Operations Maturity – and Your MSSP appeared first on Security Boulevard.

Continue reading Your Security Operations Maturity – and Your MSSP→

Monthly Blog Round-Up – August 2017

Posted on September 1, 2017 by Anton Chuvakin

Here is my next monthly “Security Warrior” blog round-up of top 5 popular posts/topics this

month:

“Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” …
“Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)

“New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]:

Current research on SIEM:

Miscellaneous fun posts:

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Previous post in this endless series:

Monthly Blog Round-Up – July 2017
All posts tagged monthly

About me: http://www.chuvakin.org

Continue reading Monthly Blog Round-Up – August 2017→