One More Time on SIEM Telemetry / Log Sources …

One More Time on SIEM Telemetry / Log Sources …

| | SIEM, threat detection
One More Time on SIEM Telemetry / Log Sources …(cross posted from Dark Reading, and inspired by a previous version of this blog)Cyberpunk IT telemetry via Dall-EFor years, organizations deploying Security Information and Event Management (SIEM) or similar tools have struggled with deciding what data to collect inside their security operation platforms. So ... Read More
WhatDR or What Detection Domain Needs Its Own Tools?

WhatDR or What Detection Domain Needs Its Own Tools?

| | threat detection
Pondering ?DRThis is the blog where I really (briefly) miss my analyst life and my “awesome+” peers like Augusto and Anna. It relies on ideas and comments from my past collaborators … and my current ones. And, yes, this blog was inspired by a hallways conversation at a conference that took place ... Read More
Blueprint for Threat Intel to Detection Flow (Part 7)

Blueprint for Threat Intel to Detection Flow (Part 7)

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#7 in the series), we will cover more details on the TI to detectin flow, and stop (for Part 8) at testing.Detection Engineering is Painful — and It Shouldn’t Be (Part 1)Detection ... Read More
Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!

Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7 and #8).My favorite quotes from the report ... Read More
Migrate Off That Old SIEM Already!

Migrate Off That Old SIEM Already!

This is cross-posted from Google Cloud Community site, and written jointly with Dave Herrald.If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). SIEMs are used for collecting and analyzing security ... Read More
Meet the Ghost of SecOps Future

New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)

New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)After a long, long, long writing effort break, we are ready with our 4th Deloitte / Google Future of the SOC paper “Future of the SOC: Evolution or Optimization — Choose Your Path” (alternative URL)As a reminder (and I ... Read More
Cloud Security Podcast by Google - Merritt on Cloud Security

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections [MEDIUM BACKUP]

| | Medium Backup
 So, we (Tim and Anton, the crew behind the podcast) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we don’t have enough new profound reflections… ... Read More
Cloud Security Podcast by Google - Merritt on Cloud Security

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

So, we (Tim and Anton, the crew behind the podcast) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we ... Read More
DtSR Episode 578 - A Modern Day SOC Discussion

WTH is Modern SOC, Part 1

| | SOC
In recent weeks, coincidentally, I’ve had several conversations that reminded me about the confusion related to “modern SOC.” Some of them were public (example and example), while others private. One particular person went on a quest through several “leading” companies’ security operations to see how they have implemented a “modern” ... Read More
Cooking Intelligent Detections from Threat Intelligence (Part 6) [Medium Backup]

Cooking Intelligent Detections from Threat Intelligence (Part 6) [Medium Backup]

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#6 in the series), we will covers some DOs and DON’Ts regarding TI/CTI and DE interaction and continue building the TI -> DE process machineryDetection Engineering is Painful — and It ... Read More