Anton’s Security Blog Quarterly Q4 2022

Anton’s Security Blog Quarterly Q4 2022

|
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More
Why Your Security Data Lake Project Will … Well, Actually …

Why Your Security Data Lake Project Will … Well, Actually …

Why Your Security Data Lake Project Will … Well, Actually …Long story why but I decided to revisit my 2018 blog titled “Why Your Security Data Lake Project Will FAIL!” That post was very fun to write and it continued to generate reactions over the years (like this one).Just as I did when ... Read More
What is your Cloud SIEM Migration Approach?

What is your Cloud SIEM Migration Approach?

|
This blog is written jointly with Konrads Klints.TL;DR:Migration from one SIEM to another raises the question of what to do with all the data in the old SIEM. A traditional approach was to let the old SIEM hardware languish until its data was no longer required.When migrating from a cloud-based SIEM ... Read More
Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

|
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blog for #2, my unofficial blog for #3).My favorite quotes from the report follow below:“in Q2 ... Read More
On Trust and Transparency in Detection

On Trust and Transparency in Detection

| | Detection, threat detection
This blog / mini-paper is written jointly with Oliver Rochford.When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us that throughout the entire history of the security industry this has not always been the case. Some of ... Read More
More SRE Lessons for SOC: Release Engineering Ideas

More SRE Lessons for SOC: Release Engineering Ideas

| | security operations, SOC, SRE
As we discussed in our blogs, “Achieving Autonomic Security Operations: Reducing toil” and “Achieving Autonomic Security Operations: Automation as a Force Multiplier,” “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)”, your Security Operations Center (SOC) can learn a lot from what IT operations discovered during the ... Read More
Anton’s Security Blog Quarterly Q3 2022

Anton’s Security Blog Quarterly Q3 2022

|
Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts ... Read More
Where Does Shared Responsibility Model for Security Breaks in the Real World?

Where Does Shared Responsibility Model for Security Breaks in the Real World?

| | Cloud Security
Shared responsibility model for cloud security is the fundamental concept — perhaps the most fundamental concept — in cloud security. However, there are many challenges with how this concept fares in the real world today.This blog is basically an alpha version for a future blog on how we are evolving and improving the shared responsibility ... Read More
The Best Way to Detect Threats In the Cloud?

The Best Way to Detect Threats In the Cloud?

Let’s continue our fun conversation on threat detection in the cloud that we started in “Who Does What In Cloud Threat Detection?” and “How to Think about Threat Detection in the Cloud” and continued somewhat in “Detection as Code? No, Detection as COOKING!” and “Does the World Need Cloud Detection ... Read More
Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blog for #2).My favorite quotes from the report follow below:“Another common tactic that continues to be ... Read More