How to prepare for detection & response in the cloud

Security Incident Response in the Cloud: A Few Ideas

|
This quick blog is essentially a summary of our (joint with Marshall from Mandiant) Google Cloud Next 2022 conference presentation (video) and a pointer to a just-released podcast on the same topic — security incident response (IR) in public cloud.In our Next presentation, we only had 18.5 minutes to present a few fun ... Read More
Taking an autonomic approach to security operations

More SRE Lessons for SOC: Simplicity Helps Security

As we discussed in our blogs, “Achieving Autonomic Security Operations: Reducing toil”, “Achieving Autonomic Security Operations: Automation as a Force Multiplier,” “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)”, and the latest “More SRE Lessons for SOC: Release Engineering Ideas” your Security Operations Center (SOC) can ... Read More
KILL BILL - Pai Mei Expanded Sequence

Use Cloud Securely? What Does This Even Mean?!

| | Cloud Security
An influential Gartner paper stated many years ago that “Clouds Are Secure: Are You Using Them Securely?”So began the legend of cloud security vs secure clouds.When I was an analyst, we sometimes had to discuss with clients whether various providers of public cloud services are “secure.” Over time, these discussions dwindled ... Read More
Anton’s Security Blog Quarterly Q4 2022

Anton’s Security Blog Quarterly Q4 2022

|
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More
Why Your Security Data Lake Project Will … Well, Actually …

Why Your Security Data Lake Project Will … Well, Actually …

Why Your Security Data Lake Project Will … Well, Actually …Long story why but I decided to revisit my 2018 blog titled “Why Your Security Data Lake Project Will FAIL!” That post was very fun to write and it continued to generate reactions over the years (like this one).Just as I did when ... Read More
What is your Cloud SIEM Migration Approach?

What is your Cloud SIEM Migration Approach?

|
This blog is written jointly with Konrads Klints.TL;DR:Migration from one SIEM to another raises the question of what to do with all the data in the old SIEM. A traditional approach was to let the old SIEM hardware languish until its data was no longer required.When migrating from a cloud-based SIEM ... Read More
Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

|
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blog for #2, my unofficial blog for #3).My favorite quotes from the report follow below:“in Q2 ... Read More
On Trust and Transparency in Detection

On Trust and Transparency in Detection

| | Detection, threat detection
This blog / mini-paper is written jointly with Oliver Rochford.When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us that throughout the entire history of the security industry this has not always been the case. Some of ... Read More
More SRE Lessons for SOC: Release Engineering Ideas

More SRE Lessons for SOC: Release Engineering Ideas

| | security operations, SOC, SRE
As we discussed in our blogs, “Achieving Autonomic Security Operations: Reducing toil” and “Achieving Autonomic Security Operations: Automation as a Force Multiplier,” “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)”, your Security Operations Center (SOC) can learn a lot from what IT operations discovered during the ... Read More
Anton’s Security Blog Quarterly Q3 2022

Anton’s Security Blog Quarterly Q3 2022

|
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More