Modern Cyber Defense Books

Modern Cyber Defense Books

A few days ago I posted the following on Twitter:(link to full thread that has perhaps grown since this time)Below are the suggestions I got, with TWO clear winners (votes and likes data is very relative, manually counted, etc, etc — but the trend is there)“Building Secure and Reliable Systems: Best Practices ... Read More
Fake Cloud: Now There Are Two Hands in Your Pocket

Fake Cloud: Now There Are Two Hands in Your Pocket

| | Cloud, security, SIEM
More than a decade ago, I was working for a SaaS security company that shall remain nameless in this post, but can be easily figured out from my LinkedIn profile. Its CEO had a pithy saying that stayed with me ever since: to paraphrase, “no successful software company ever transitioned ... Read More
Data Security and Threat Models

Data Security and Threat Models

This post is my admittedly imperfect attempt to “reconnect” data security controls to threats. It is also my intent to continue pulling on the thread I touched in this post — so expect more posts about that.Let’s first get this out of the way: there are absolutely security controls that are NOT ... Read More
Google BeyondCorp Remote Access Is Released

Google BeyondCorp Remote Access Is Released

So, this post is more like a public service announcement for the broader GCP security products team. But I will add color to it, so it will be more fun. Also, this technology we are releasing is genuinely very useful for many organizations nowadays.As the story goes, Google has used ... Read More
Musings on Modern Data Security

Musings on Modern Data Security

As I am expanding my responsibilities to cover some exciting data security topics (like, say, our cloud data discovery DLP), I wanted to briefly discuss a few broader issues I have noticed related to modern data security.To start, would you agree that much of the recent security excitement passed the ... Read More
RSA 2020 Reflection

RSA 2020 Reflection

As I mentioned in my past RSA reflection posts, I like the conference a lot — contrary to some of my industry peers — because I consider it to be “an industry in a room” event. This makes it ideal to quickly soak up what is going on. So, yes, it may be an ... Read More
So, Chronicle, Are You a SIEM?

So, Chronicle, Are You a SIEM?

With this post, I am about to answer the question everybody wants to know the answer for …… is Chronicle a SIEM?However, if you are impatient and need to get the answer right now, here it is: Chronicle can address many modern security use cases that you would typically use ... Read More
Road to Detection: YARA-L Examples — Part 4 of 3

Road to Detection: YARA-L Examples — Part 4 of 3

Road to Detection: YARA-L Examples — Part 4 of 3Upon reading all of Part 1, Part 2 and Part 3 of my blog series that revealed our (Chronicle) approach to detection, many of you asked for more YARA-L detection language examples.Some of you also asked for a detailed language specification — it will take ... Read More
Chronicle Road to Detection: YARA-L Language — Part 3 of 3

Chronicle Road to Detection: YARA-L Language — Part 3 of 3

|
Note: Yes, this is written while wearing my vendor hat. But do keep in mind that I only work on things I believe in! So, don’t knock that hat off my head :-)We call our approach YARA-L because it is inspired by YARA — invented by Google VirusTotal for malware analysis and ... Read More
Chronicle Road to Detection: Approach — Part 2 of 3

Chronicle Road to Detection: Approach — Part 2 of 3

|
Note: Yes, this is written while wearing my vendor hat. But do keep in mind that I only work on things I believe in! So, don’t knock that hat off my head :-)Chronicle has two secret weapons to make our detection approach superior to that of others:1. We have the ... Read More