SIEM Content, False Positives and Engineering (Or Not) Security
As we learned, SIEM still matters in 2023.Debating SIEM in 2023, Part 1Debating SIEM in 2023, Part 2But since one winter day in 2002, when I wrote my first correlation rule for a now-defunct “SIM” product (probably “if 10 auth_failures, followed by 1 auth_success on the same destination, alert” or perhaps ... Read More
Reading Mandiant M-Trends 2023
The famous Mandiant 2023 M-Trends (NOT G-Trends, mind you…) report is out, and here are some of the things that I found to be surprising and NOT surprising :-)Mandiant M-Trends 2023 Detection by SourceSURPRISING“Mandiant experts note a decrease in the percentage of global intrusions involving ransomware between 2021 and 2022. In 2022, ... Read More
Google Cybersecurity Action Team Threat Horizons Report #6 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our sixth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4 and #5).My favorite quotes from the report follow below:“Our research has ... Read More
Debating SIEM in 2023, Part 2
So, we went through “Debating SIEM in 2023, Part 1”, now let’s debate a bit more. At this point, everybody who didn’t “rage stop” reading it should be convinced that yes, SIEM does matter in 2023.Debating SIEM in 2023, Part 1But why? I bet the views on why SIEM matters differ ... Read More
New Report “State of Cloud Threat Detection and Response”
Cloud D&R Report (2023)One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists.“Our State of Cloud Threat Detection and Response report summarizes the survey responses ... Read More
Debating SIEM in 2023, Part 1
Hey, it is 2023, let’s debate SIEM again!Debate SIEM? In 2023?This is so 1997! Or perhaps 2017. Anyhow, Security Information and Event Management (SIEM) is a growing $4+B market that is proving remarkably resilient, and, actually, interesting again.Let’s start with an obligatory AI response:(source: Bard)Let’s proceed with a just-as-obligatory Gartner quote: “The ... Read More
How to Solve the Mystery of Cloud Defense in Depth?
This post continues the discussion started in “Use Cloud Securely? What Does This Even Mean?!” and focuses on an area that should be easy for every purported security professional — defense in depth.So, before reading further, ask yourself two questions:Do you understand the concept of “defense in depth” (DiD) in security?Do you understand ... Read More
Anton’s Security Blog Quarterly Q1 2023
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More
Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3 and #4).My favorite quotes from the report follow below:“Identity and trust relationships ... Read More
Cloud Security Podcast — Two Years Later or Our Year-End Reflections for 2022!
Cloud Security Podcast — Two Years Later or Our Year-End Reflections for 2022!We have been running our Cloud Security Podcast by Google for almost 2 years (TWO YEARS!) and since we are on a break now, I wanted to reflect a bit, while Tim is relaxing on a beach somewhere warm and “hammy” 🙂So, ... Read More
