Threat-informed Defense Is Hard, So We Are Still Not Doing It!
Guest post by Dr Anton Chuvakin, Senior Staff Security Consultant, Office of the CISO, Google Cloud.If you wake up an average security professional at 3AM and ask them “hey, what is security about?”, a large majority would say “it is about the threats.” Ultimately, security (whether “cyber” or “information”) is unthinkable ... Read More
Threat-informed or Threat-owned? Classic Practices Will Probably Save You!
So, if you are too busy to read our amazing (duh!) new blog “Revisiting Traditional Security Advice for Modern Threats”, here are the key ideas from it.At some point, a “pre-owned” (compromised before you ever saw it) email security appliance, firewall, or a piece of software will show up in your ... Read More
Anton’s Security Blog Quarterly Q3 2023
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More
Google Cybersecurity Action Team Threat Horizons Report #7 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5 and #6).My favorite quotes from the report follow below:Src: Google ... Read More
Log Centralization: The End Is Nigh?
So I woke up the other day [A.C. — well, the other year as this blog has lingered] with the scary thought: what if we will run out of the opportunities to centralize logs for security (and compliance) purposes at some point in the future.Or, as I pithily put it on Twitter:(source)So I wrote ... Read More
Using Cloud Securely — The Config Doom Question
Using Cloud Securely — The Config Doom QuestionFirst, “Use Cloud Securely? What Does This Even Mean?!” and “How to Solve the Mystery of Cloud Defense in Depth?” (and “Where Does Shared Responsibility Model for Security Breaks in the Real World?” too) would make for good “recommended reading” here.Use Cloud Securely? What Does This Even ... Read More
No Deep AI Security Secrets In This Post!
I am not an AI security expert (I hear there are very few of those around). I am essentially a motivated amateur learner in AI security … and I would even trust Bard advice on Artificial Intelligence security (well, that’s a joke — still, you can see what it says anyhow)(Bard, 5/2023)However I was ... Read More
Anton’s Security Blog Quarterly Q2 2023
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More
RSA 2023: Not Under the GenAI Influence Yet!
Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly) that “there is lots of money in cyberland.” As somebody cynically pointed out to ... Read More
SIEM Content, False Positives and Engineering (Or Not) Security
As we learned, SIEM still matters in 2023.Debating SIEM in 2023, Part 1Debating SIEM in 2023, Part 2But since one winter day in 2002, when I wrote my first correlation rule for a now-defunct “SIM” product (probably “if 10 auth_failures, followed by 1 auth_success on the same destination, alert” or perhaps ... Read More
