Anton Chuvakin

Stories by Anton Chuvakin on Medium

I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM — What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars, we got a lot of great questions that I feel like re-answering here for posterity.Q: ... Read More

For many years, security practitioners imagined a security operations center (SOC) as a big room, full of expensive monitors and chairs. In these minds, rows of analysts sitting in those chairs and watching those monitors for blinking alerts made SOC, well, a SOC.This vision of the security operations center is derived ... Read More

Cloud Security Podcast by Google — Popular Episodes by TopicThis is simply a post that categorizes our podcast episodes by topic and then by download/listen count.Top 5 overall“Confidentially Speaking““Data Security in the Cloud““Zero Trust: Fast Forward from 2010 to 2021““The Mysteries of Detection Engineering: Revealed! ““Modern Threat Detection at Google“Security Operations Center (SOC)“SOC in a Large, Complex and ... Read More

Sometimes I write blog posts with answers. In other cases, I write blog posts with questions. This particular blog post covers a topic where I feel I am in the “discovering questions” phase. In other words, don’t expect answers — but also don’t expect questions…So, in recent weeks, I had a few ... Read More

As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng”) and “Stealing More SRE Ideas for Your SOC”, your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of ... Read More

Great old blog posts are sometimes hard to find (especially on Medium) , so I decided to do a periodic list blog with my favorite posts of the past quarter or so.Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my ... Read More

TLDR: no, this post still does not contain the Ultimate Answer for XDR, Life and Everything Question. Moreover, I don’t think anything ever will. While we discuss XDR, the market forces change the definitions, vendors pivot away, analysts ponder, customers cry… well, the cyber-usual.To start, I’ve had many conversations about ... Read More

This is my completely informal, uncertified, unreviewed and otherwise unofficial blog inspired by my reading of our second Threat Horizons Report (full version, short version) that we just released (the official blog for #1 is here).Google Cybersecurity Action TeamMy favorite quotes follow below:“Threat actors have been known to use tools native to the ... Read More

This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection.Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Mildly embarrassing, that.Anyhow, let’s start here: a naïve view of shared responsibility model and detection is simply ... Read More

20 years of SIEM?On Jan 20, 2002, exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.With this post, I wanted to briefly reflect on this ... Read More