Anton Chuvakin

Stories by Anton Chuvakin on Medium

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…This is about the Security Operations Center (SOC). And automation. And of course SOC automation.Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today. Or, as my esteemed colleague said, “Stop ... Read More

Those who follow me on social media already knows this, but we have launched THE Cloud Security Podcast.TL;DR:Find this on Google Podcasts, Apple Podcasts, Spotify, Stitcher and wherever else podcasts can be found. You can also download the episodes directly here. Follow @CloudSecPodcast.The whole story from our GCP blog is cross-posted ... Read More

SOC Threat Coverage Analysis — Why/How?As I mentioned in Detection Coverage and Detection-in-Depth, the topic of threat detection coverage has long fascinated me. Back in my analyst days, we looked at it as a part of a security use case lifecycle process. For example, we focused on things like number and quality ... Read More

From Google Cloud Blog: “New whitepaper: Designing and deploying a data security strategy with Google Cloud”Here is another very fun resource we created (jointly with Andrew Lance from Sidechain), a paper on designing and running data security strategy on Google Cloud.Read our launch blog here — a long excerpt is quoted below.Read Sidechain blog here — look ... Read More

I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed later. The debate focused on the role of context in threat detection.Specifically, it is about the role of local context (environment knowledge, organization context, site details, ... Read More

New Paper: “Future of the SOC: SOC People — Skills, Not Tiers”Back in August, we released our first Google/Chronicle — Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces shaping modern security operations” (launch blog, paper PDF) and promised a series of three more papers covering SOC people, process and technology.Here is ... Read More

As I hear of organizations dealing with security when migrating to the cloud, I occasionally observe cases of “extreme lift and shift.” I use this label to describe a case when an organization wants to keep every single security technology that they use on-premise after they move to the public ... Read More

As we discussed in “The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less”, there are situations where the encryption key really does belong off the cloud and so trust is externalized. While we argue that these are rarer than some assume, they ... Read More

Sometimes great old blog posts are hard to find (especially on Medium), so I decided to do a periodic (who am I kidding, occasional — not periodic) list blog with my favorite posts of the past quarter or so.Here is my first. The posts below are ranked by lifetime views and topic. It ... Read More

Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors.In fact, many “CISO priorities lists” are floating out there online and many ... Read More