Anton Chuvakin

Stories by Anton Chuvakin on Medium

Sometimes great old blog posts are hard to find (especially on Medium), so I decided to do a periodic (who am I kidding, occasional — not periodic) list blog with my favorite posts of the past quarter or so.Here is my first. The posts below are ranked by lifetime views and topic. It ... Read More

Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors.In fact, many “CISO priorities lists” are floating out there online and many ... Read More

My post “Why is Threat Detection Hard?” proved to be one of the most popular in recent history of my new blog. In this post, I wanted to explore a seemingly obvious, while surprisingly fascinating aspect of detection: uncertainty.Uncertainty? Are you sure, Anton? :-)Well, maybe!Let’s start our journey with exploring the ... Read More

From Google Cloud Blog: “Improving security, compliance, and governance with cloud-based DLP data discovery”So, I’ve been doing some blogging at Google Cloud blog with most posts connected to products, launches, etc. However, I am also doing a fun blog series on DLP in the cloud. Blog 1 is here, and ... Read More

While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? We can trace the “cyber” threat detection to 1986 (“Cuckoo’s Egg”) and 1987 (first IDS) and perhaps even earlier events ... Read More

My old $employer blog has vanished and a lot of content of value to the community went down with it. Naturally, I do not own the IP and I cannot go to archive.org and bring it back to life.However, I will make an exception for this post. Because it (and this ... Read More

A lot of people ask me how Chronicle is doing inside Google Cloud (TLDR: doing well), and I wanted to share some good news. I also wanted to reveal some of our lessons building our threat detection capabilities (that we just released).If you recall, we announced our YARA-L detection language ... Read More

One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging me and why should anybody else care?First, is “detection as code” just a glamorous term for what you did when you loaded your Snort rules in cvs in, say, 1999? ... Read More

Back in 2015, while working on a Gartner SOC paper, I coined the concept of “SOC nuclear triad” which later morphed into “SOC visibility triad” or even “security visibility triad.” The thing then became very popular with some security vendors, especially with the NDR variety (example, example).The model was originally ... Read More

Trust is confusing.Many of the cloud security and, in fact, cloud computing discussions ultimately distill to trust. Note that the concept of trust is much broader than cyber security, and even broader than a triad of security / privacy / compliance.For example, trust may involve geopolitical matters focused on data ... Read More