Anton Chuvakin – Page 5 – WindowsTechs.com

RSA 2020 Reflection

Posted on March 27, 2020 by Anton Chuvakin

As I mentioned in my past RSA reflection posts, I like the conference a lot — contrary to some of my industry peers — because I consider it to be “an industry in a room” event. This makes it ideal to quic… Continue reading RSA 2020 Reflection→

So, Chronicle, Are You a SIEM?

Posted on March 24, 2020 by Anton Chuvakin

With this post, I am about to answer the question everybody wants to know the answer for …
… is Chronicle a SIEM?
However, if you are impatient and need to get the answer right now, here it is: Chronicle can address many modern se… Continue reading So, Chronicle, Are You a SIEM?→

Road to Detection: YARA-L Examples — Part 4 of 3

Posted on March 9, 2020 by Anton Chuvakin

Road to Detection: YARA-L Examples — Part 4 of 3
Upon reading all of Part 1, Part 2 and Part 3 of my blog series that revealed our (Chronicle) approach to detection, many of you asked for more YARA-L detection language examples.
… Continue reading Road to Detection: YARA-L Examples — Part 4 of 3→

Chronicle Road to Detection: Approach — Part 2 of 3

Posted on February 28, 2020 by Anton Chuvakin

Note: Yes, this is written while wearing my vendor hat. But do keep in mind that I only work on things I believe in! So, don’t knock that hat off my head :-)
Chronicle has two secret weapons to make our detection approach superior to that of… Continue reading Chronicle Road to Detection: Approach — Part 2 of 3→

Chronicle Road to Detection: Context — Part 1 of 3

Posted on February 26, 2020 by Anton Chuvakin

Note: Yes, this is written while wearing my vendor hat. But do keep in mind that I only work on things I believe in! So, don’t knock that hat off my head :-)
Today, security operations and detection/response is largely about visibility and d… Continue reading Chronicle Road to Detection: Context — Part 1 of 3→

Chronicle: One Year Later — Anton’s Reflections

Posted on February 25, 2020 by Anton Chuvakin

Chronicle: One Year Later — Anton’s Reflections

RSA 2020 is a good time to reflect upon trends and evolution of our industry, and the players. This post is about our own evolution.
Chronicle launched its security analytics plat… Continue reading Chronicle: One Year Later — Anton’s Reflections→

Detection Coverage and Detection-in-Depth

Posted on February 20, 2020 by Anton Chuvakin

For some time, I’ve been also fascinated with the concept of detection-in- depth and a somewhat related concept of optimal detection coverage.
This fascination was born out of a particular type of analyst inquiry I used to get: if I have SIEM, do… Continue reading Detection Coverage and Detection-in-Depth→

Checking My 2010 Security Predictions in 2020!

Posted on January 11, 2020 by Anton Chuvakin

A lot of people who do security predictions never bother to check their work afterwards. Well, I always prided myself in being an exception to that custom (example: predictions and check for 2008). You can read my current views on predictions here&#820… Continue reading Checking My 2010 Security Predictions in 2020!→

How to Fail at “Know Your Enemy”?!

Posted on January 8, 2020 by Anton Chuvakin

As a security professional, you’ve heard the slogan “Know Your Enemy” more than a few times in your career. Armchair security strategists love to mindlessly quote Sun Tzu such as by uttering things like “If you know the enemy an… Continue reading How to Fail at “Know Your Enemy”?!→

Security Correlation Then and Now: A Sad Truth About SIEM

Posted on December 19, 2019 by Anton Chuvakin

We all know David Bianco Pyramid of Pain, a classic from 2013. The focus of this famous visual is on indicators that you “latch onto” in your detection activities. This post will reveal a related mystery connected to SIEM detection evolutio… Continue reading Security Correlation Then and Now: A Sad Truth About SIEM→