*NIX Command Line Foo
Well, not one of my normal blog posts, but I hope some of you geeks out there will find this useful anyways. I will definitely use this post as a reference frequently. I have been using various flavors of UNIX and their command lines from ksh to bash and zsh ... Read More
Cybersecurity Leaders on Insider Threat Awareness Month
September marks the third annual National Insider Threat Awareness Month, launched by various federal agencies to highlight the growing danger insider threats pose to national security. Though the initiative has successfully increased awareness of the risks associated with insider threats, many organizations remain susceptible to attacks. In fact, 60% of ... Read More
How To Drive Value with Security Data – The Full Talk
Last week I keynoted LogPoint’s customer conference with a talk about how to extract value from security data. Pretty much every company out there has tried to somehow leverage their log data to manage their infrastructure and protect their assets and information. The solution vendors have initially named the space ... Read More
A Logging History Lesson – From syslogd(8) to XDR
The log management and security information management (SIEM) space have gone through a number of stages to arrive where they are today. I started mapping the space in the 1980’s when syslog entered the world. To make sense of the really busy diagram, the top shows the chronological timeline (not ... Read More
How To Drive Value with Security Data
We have been collecting data to drive security insights for over two decades. We call these tools log management solutions, SIMs (security information management), and XDRs (extended detection and response) platforms. Some companies have also built their own solutions on top of big data technologies. It’s been quite the journey ... Read More
Taking Inventory – Where Do We Stand With AI and ML in Cyber Security?
Before diving into cyber security and how the industry is using AI at this point, let’s define the term AI first. Artificial Intelligence (AI), as the term is used today, is the overarching concept covering machine learning (supervised, including Deep Learning, and unsupervised), as well as other algorithmic approaches that ... Read More
A Security Product Reference Model
On a recent consulting engagement with Cynergy Partners, we needed to decipher the security product market to an investment firm that normally doesn’t invest in cyber security. One of the investor’s concerns was that a lot of cyber companies are short-lived businesses due to the threats changing so drastically quick ... Read More
Asset Management – Back To The Roots
Asset management is one of the core components of may successful security programs. I am an advisor to Panaseer, a startup in the continuous compliance management space. I recently co-authored a blog post on my favorite security metric that is related to asset management: How many assets are in the ... Read More
2021 Cyber Security Focus: “Unbound”
It’s already early March and the year is in full swing. Covid is still raging and we have been seeing some crazy weather patterns, especially in the south of the United States. While snowed in here in Texas, I took some time to reflect on what’s driving cyber security spend ... Read More
The Data Lakehouse Post 3 – Catching Up with The Latest Big Data Developments
I recently wrote a post about the concept of the Data Lakehouse, which in some ways, brings components of what I outlined in the first post around my desires for a new database system to life. In this post, I am going to make an attempt to describe a roll-up ... Read More