Gemini for Docs improvisesSo this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I realized our Cloud Security Podcast by Google just aired our 250th episode (“EP250 The End of “Collect Everything”? Moving from ... Read More

Gemini made blog illustrationIn early 1900s, factory owners bolted the new electric dynamo onto their old, central-shaft-and-pulley systems. They thought they were modernizing, but they were just doing a “retrofit.” The massive productivity boom didn’t arrive until they completely re-architected the factory around the new unit-drive motor (metaphor source).Today’s AI ... Read More

Vaguely magical and quadranty thing (Gemini)It’s not every day you get to reflect on a journey that started as an odd “googley” startup and culminates in a shiny Leaders placement on a Gartner Magic Quadrant for SIEM 2025 (MQ).When I joined Chronicle in the summer of 2019 — a name now rolled into the ... Read More

This is an ILLUSTRATION by Gemini, NOT a technical diagram :-)In the world of security operations, there is a growing fascination with the concept of a “decoupled SIEM,” where detection, reporting, workflows, data storage, parsing (sometimes) and collection are separated into distinct components, some sold by different vendors.Closely related to this ... Read More

Amazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify).Gemini for docs based on this blogTop 10 posts ... Read More

Let’s tackle the age old question: can new technology fix broken or missing processes?And then let’s add: does AI and AI agents change the answer you would give?Gemini illustration based on this blogThis is the question which I recently debated with some friends, with a few AIs and with myself. The context ... Read More

SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025I will be really, really honest with you — I have been totally “writer-blocked” (more “analyst blocked”, really) and I decided to release it anyway today … given the date. But I am taking a leap of faith here…A bit of history first. So, my “SOC ... Read More

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #12 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10 and #11).My favorite ... Read More

“Maverick” — Scorched Earth SIEM Migration FTW!In my days there, Gartner had Maverick research (here is mine, from 2015 about social engineering AIs…. yes, really!) that “deliberately exposed unconventional thinking and may not agree with Gartner’s official positions.”Here is a “maverick-ish” blog for you. DO NOT try this at home! DO learn ... Read More

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe).Top 10 posts with the most lifetime views (excluding paper announcement blogs):Anton’s Alert Fatigue: The Study ... Read More