Expert insights. Personalized for you.
Not the Final Answer on NDR in the Cloud … Back in my analyst years, I rather liked the concept of NDR or Network Detection and Response. And, despite having invented the acronym EDR , I was raised on with NSM and tcpdump way before that. Hence, even though we may still live in an endpoint security era , the need for network data analysis has not vanished. MORE
Those who follow me on social media already knows this, but we have launched THE Cloud Security Podcast. TL;DR: Find this on Google Podcasts , Apple Podcasts , Spotify , Stitcher and wherever else podcasts can be found. You can also download the episodes directly here. Follow @CloudSecPodcast. The whole story from our GCP blog is cross-posted below: Security continues to be top of mind for large enterprises as well as smaller organizations and businesses. MORE
Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today. MORE
I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM?—?What’s What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars , we got a lot of great questions that I feel like re-answering here for posterity. Q: When do you think the industry will understand what XDR entails? MORE
As you recall from “Anton and The Great XDR Debate, Part 1” , there are several conflicting definitions of XDR today. As you also recall, I never really voted for any of the choices in the post. While some of you dismiss XDR as the work of excessively excitable marketing people (hey … some vendor launched “XDR prevention ”, no way, right?), perhaps there is a way to think about it from a different perspective. MORE
SOC Technology Failures?—?Do Do They Matter? img src: [link] Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. MORE
Sometimes I write blog posts with answers. In other cases, I write blog posts with questions. This particular blog post covers a topic where I feel I am in the “discovering questions” phase. In other words, don’t expect answers?—?but but also don’t expect questions… So, in recent weeks, I had a few simultaneous conversations with various people that focused on the quality of threat detection. Here I’m talking about the quality of the entire detection capability of an organization. MORE
Sometimes great old blog posts are hard to find (especially on Medium …), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is my second. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog [and now our Cloud Security Podcast too!] MORE
My post “Why is Threat Detection Hard?” proved to be one of the most popular in recent history of my new blog. In this post, I wanted to explore a seemingly obvious, while surprisingly fascinating aspect of detection: uncertainty. Uncertainty? Are you sure, Anton? :-) Well, maybe ! MORE
TLDR: no, this post still does not contain the Ultimate Answer for XDR, Life and Everything Question. Moreover, I don’t think anything ever will. While we discuss XDR , the market forces change the definitions, vendors pivot away, analysts ponder, customers cry… well, the cyber-usual. MORE
As we discussed in “The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less” , there are situations where the encryption key really does belong off the cloud and so trust is externalized. While we argue that these are rarer than some assume, they absolutely do exist. Moreover, when these situations materialize, the data in question or the problem being solved is typically hugely important for an organization. MORE
Sometimes great old blog posts are hard to find (especially on Medium ), so I decided to do a periodic (who am I kidding, occasional?—?not not periodic ) list blog with my favorite posts of the past quarter or so. Here is my first. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog. MORE
Cloud Security Podcast by Google?—?Popular Popular Episodes by Topic This is simply a post that categorizes our podcast episodes by topic and then by download/listen count. MORE
While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? MORE
For many years, security practitioners imagined a security operations center (SOC) as a big room, full of expensive monitors and chairs. In these minds, rows of analysts sitting in those chairs and watching those monitors for blinking alerts made SOC, well, a SOC. This vision of the security operations center is derived from the original vision of the network operation center (NOC) that predates SOC by perhaps another decade or two. MORE
New Paper: “Future of the SOC: SOC People?—?Skills, Skills, Not Tiers” Back in August , we released our first Google/Chronicle?—?Deloitte MORE
208 
A SOC Tried To Detect Threats in the Cloud … Your Won’t Believe What Happened Next Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). However, there’s also a need to talk about how traditional SOCs are challenged by the need to monitor cloud computing environments for threats. In this post, I wanted to quickly touch on this very topic and refresh some past analysis of this (and perhaps reminisce on how sad things were in 2012 ). MORE
As I hear of organizations dealing with security when migrating to the cloud, I occasionally observe cases of “ extreme lift and shift.” I use this label to describe a case when an organization wants to keep every single security technology that they use on-premise after they move to the public cloud. The list can be very long and tedious; it may include such staples as firewalls, anti-malware, SIEM, EDR , NIDS, and even network forensics and NDR. Let’s ponder this situation without judgement. MORE
This is my completely informal, uncertified, unreviewed and otherwise unofficial blog inspired by my reading of our second Threat Horizons Report ( full version , short version ) that we just released ( the official blog for #1 is here ). Google Cybersecurity Action Team My favorite quotes follow below: “Threat actors have been known to use tools native to the Cloud environment rather than downloading custom malware or scripts to avoid detection. MORE
From Google Cloud Blog: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” Here is another very fun resource we created (jointly with Andrew Lance from Sidechain ), a paper on designing and running data security strategy on Google Cloud. Read our launch blog here ?—?a a long excerpt is quoted below. Read Sidechain blog here ?—?look look for a useful data security migration checklist. MORE
I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed later. The debate focused on the role of context in threat detection. Specifically, it is about the role of local context (environment knowledge, organization context, site details, etc) in threat detection. Can threat detection work well without such local context? Now, some of you will say “yes, of course!” MORE
New Paper: “Autonomic Security Operations?—?10X 10X Transformation of the Security Operations Center” It is with much excitement that we announce a new paper about transforming your security operations ; it is published under the Office of the CISO at Google Cloud. This work is focused on our vision as well as our lessons in building effective security operations for the future. We spent a lot of time thinking about what to call the new model. MORE
One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time. And let me tell you … that “n” is pretty damn large since my first involvement with SIEM in January 2002 (!)?—? MORE
20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course. MORE
What are you not detecting? OK, what threats are you NOT detecting? Still didn’t help? What I mean here is: are you thinking about these: Threats that you don’t need to detect due to your risk profile, your threat assessment, etc. Threats that you do need to detect, but don’t know how. Threats that you do need to detect and know how, but cannot operationally (e.g. your SIEM will crash if you inject all the cloud logs). Threats that you do need to detect and know how, but do not (yet?) MORE
As you are reading our recent paper “Autonomic Security Operations?—?10X 10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ). MORE
This is a quick “let’s think about it together” post focused on the future of cloud security. Our logical starting point is: “Through 2025, 99% of cloud security failures will be the customer’s fault.” ( source: Gartner ) My experience in my analyst days and perhaps today mostly confirms it. I’d say that “it feels right.” So, let’s agree that it describes today’s reality correctly. MORE
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ) and “Stealing More SRE Ideas for Your SOC” , your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?—?Service Service Level Objectives (SLOs). In brief, this is about metrics. MORE
New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF]. MORE
I know you may hate me for this, but I‘ve been finally tempted into the Great XDR Debate. Here, if you want TL;DR, my position on XDR today is “wait and see” (boring, huh?). Unlike some of my esteemed former colleagues , I don’t really have a horse in the race. First, a very brief bit of history. The origin of the term XDR (Extended Detection and Response) is disputed. Wikipedia ( entry, reviewed 8/6/2021 ) has us believe that Palo Alto invented the term “in 2018.” MORE
A few days ago we did a very well-attended webinar focused on the modern Security Operations Center (SOC) approach (see “Trend for the Modern SOC” for a replay link). We got a lot of great questions, and just like in the good old times , I am writing a blog where I cover some of the answers. Q: You mentioned that SOC is first a team: which skills are expected to distinguish the “basic” SOC from the modern SOC? MORE
Great old blog posts are sometimes hard to find (especially on Medium) , so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 5 most popular posts of all times: “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?” “New MORE
SOC Threat Coverage Analysis?—?Why/How? Why/How? As I mentioned in Detection Coverage and Detection-in-Depth , the topic of threat detection coverage has long fascinated me. Back in my analyst days, we looked at it as a part of a security use case lifecycle process. For example, we focused on things like number and quality of alerts per SIEM use case, false/useless alert (“false positive”) numbers and ratios (to useful alerts), escalations to incident response, tuning, etc. MORE
This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection. Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Mildly embarrassing, that. MORE
Sometimes great old blog posts are hard to find (especially on Medium …), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is my third. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and now our Cloud Security Podcast too! Top 3 most popular posts of all times : “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?” “New MORE
For a reason that shall remain nameless, I’ve run this quick poll focused on the use cases for threat intelligence in 2021. The question and the results are below. Antons Threat Intel Poll 2021 Here are some thoughts and learnings based on the poll and the discussion , as well as other things. MORE
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. MORE
This post is perhaps a little basic for true SIEM literati, but it covers an interesting idea about SIEM’s role in today’s security. I suspect that this topic will become even more fascinating in light of the appearance of XDR ?—?but MORE
My admittedly epic (but dated) post “Security Correlation Then and Now: A Sad Truth About SIEM” mentioned the issue of TRUST as it applies to SIEM. Specifically, as a bit of a throwaway comment, I said “people write stupid string-matching and regex-based content because they trust it. They do not?—?en en masse?—?trust trust the event taxonomies if their lives and breach detections depend on it.” This post is an exploration of that theme. MORE
I keep coming to the same topic over and over? —?why why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write. MORE
Anton on Security
JANUARY 10, 2022
New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].
Anton on Security
DECEMBER 21, 2021
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ), your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
JANUARY 12, 2022
This post is perhaps a little basic for true SIEM literati, but it covers an interesting idea about SIEM’s role in today’s security. I suspect that this topic will become even more fascinating in light of the appearance of XDR ?—?but
Anton on Security
APRIL 28, 2022
I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM?—?What’s What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars , we got a lot of great questions that I feel like re-answering here for posterity. Q: When do you think the industry will understand what XDR entails?
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.
Anton on Security
FEBRUARY 22, 2022
TLDR: no, this post still does not contain the Ultimate Answer for XDR, Life and Everything Question. Moreover, I don’t think anything ever will. While we discuss XDR , the market forces change the definitions, vendors pivot away, analysts ponder, customers cry… well, the cyber-usual.
Anton on Security
JANUARY 20, 2022
20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.
Anton on Security
APRIL 14, 2022
For many years, security practitioners imagined a security operations center (SOC) as a big room, full of expensive monitors and chairs. In these minds, rows of analysts sitting in those chairs and watching those monitors for blinking alerts made SOC, well, a SOC. This vision of the security operations center is derived from the original vision of the network operation center (NOC) that predates SOC by perhaps another decade or two.
Anton on Security
APRIL 7, 2022
Cloud Security Podcast by Google?—?Popular Popular Episodes by Topic This is simply a post that categorizes our podcast episodes by topic and then by download/listen count.
Anton on Security
AUGUST 30, 2021
As you are reading our recent paper “Autonomic Security Operations?—?10X 10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ).
Anton on Security
MARCH 24, 2022
Sometimes I write blog posts with answers. In other cases, I write blog posts with questions. This particular blog post covers a topic where I feel I am in the “discovering questions” phase. In other words, don’t expect answers?—?but but also don’t expect questions… So, in recent weeks, I had a few simultaneous conversations with various people that focused on the quality of threat detection. Here I’m talking about the quality of the entire detection capability of an organization.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.
Anton on Security
OCTOBER 21, 2021
My admittedly epic (but dated) post “Security Correlation Then and Now: A Sad Truth About SIEM” mentioned the issue of TRUST as it applies to SIEM. Specifically, as a bit of a throwaway comment, I said “people write stupid string-matching and regex-based content because they trust it. They do not?—?en en masse?—?trust trust the event taxonomies if their lives and breach detections depend on it.” This post is an exploration of that theme.
Anton on Security
MARCH 16, 2022
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ) and “Stealing More SRE Ideas for Your SOC” , your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?—?Service Service Level Objectives (SLOs). In brief, this is about metrics.
Anton on Security
DECEMBER 10, 2021
SOC Technology Failures?—?Do Do They Matter? img src: [link] Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure.
Anton on Security
MARCH 3, 2022
Great old blog posts are sometimes hard to find (especially on Medium) , so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 5 most popular posts of all times: “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?” “New
Anton on Security
FEBRUARY 15, 2022
This is my completely informal, uncertified, unreviewed and otherwise unofficial blog inspired by my reading of our second Threat Horizons Report ( full version , short version ) that we just released ( the official blog for #1 is here ). Google Cybersecurity Action Team My favorite quotes follow below: “Threat actors have been known to use tools native to the Cloud environment rather than downloading custom malware or scripts to avoid detection.
Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association
In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance
Anton on Security
MARCH 1, 2021
Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today.
Anton on Security
MARCH 19, 2021
For a reason that shall remain nameless, I’ve run this quick poll focused on the use cases for threat intelligence in 2021. The question and the results are below. Antons Threat Intel Poll 2021 Here are some thoughts and learnings based on the poll and the discussion , as well as other things.
Anton on Security
DECEMBER 22, 2020
New Paper: “Future of the SOC: SOC People?—?Skills, Skills, Not Tiers” Back in August , we released our first Google/Chronicle?—?Deloitte
Anton on Security
SEPTEMBER 3, 2021
As you recall from “Anton and The Great XDR Debate, Part 1” , there are several conflicting definitions of XDR today. As you also recall, I never really voted for any of the choices in the post. While some of you dismiss XDR as the work of excessively excitable marketing people (hey … some vendor launched “XDR prevention ”, no way, right?), perhaps there is a way to think about it from a different perspective.
Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies
Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.
Anton on Security
MAY 27, 2021
A SOC Tried To Detect Threats in the Cloud … Your Won’t Believe What Happened Next Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). However, there’s also a need to talk about how traditional SOCs are challenged by the need to monitor cloud computing environments for threats. In this post, I wanted to quickly touch on this very topic and refresh some past analysis of this (and perhaps reminisce on how sad things were in 2012 ).
Anton on Security
JULY 30, 2021
I keep coming to the same topic over and over? —?why why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write.
Anton on Security
APRIL 9, 2021
One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time. And let me tell you … that “n” is pretty damn large since my first involvement with SIEM in January 2002 (!)?—?
Anton on Security
MAY 5, 2021
Not the Final Answer on NDR in the Cloud … Back in my analyst years, I rather liked the concept of NDR or Network Detection and Response. And, despite having invented the acronym EDR , I was raised on with NSM and tcpdump way before that. Hence, even though we may still live in an endpoint security era , the need for network data analysis has not vanished.
Anton on Security
APRIL 28, 2021
What are you not detecting? OK, what threats are you NOT detecting? Still didn’t help? What I mean here is: are you thinking about these: Threats that you don’t need to detect due to your risk profile, your threat assessment, etc. Threats that you do need to detect, but don’t know how. Threats that you do need to detect and know how, but cannot operationally (e.g. your SIEM will crash if you inject all the cloud logs). Threats that you do need to detect and know how, but do not (yet?)
Anton on Security
NOVEMBER 3, 2020
My post “Why is Threat Detection Hard?” proved to be one of the most popular in recent history of my new blog. In this post, I wanted to explore a seemingly obvious, while surprisingly fascinating aspect of detection: uncertainty. Uncertainty? Are you sure, Anton? :-) Well, maybe !
Anton on Security
OCTOBER 7, 2020
While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today?
Anton on Security
AUGUST 6, 2021
I know you may hate me for this, but I‘ve been finally tempted into the Great XDR Debate. Here, if you want TL;DR, my position on XDR today is “wait and see” (boring, huh?). Unlike some of my esteemed former colleagues , I don’t really have a horse in the race. First, a very brief bit of history. The origin of the term XDR (Extended Detection and Response) is disputed. Wikipedia ( entry, reviewed 8/6/2021 ) has us believe that Palo Alto invented the term “in 2018.”
Anton on Security
JULY 21, 2021
New Paper: “Autonomic Security Operations?—?10X 10X Transformation of the Security Operations Center” It is with much excitement that we announce a new paper about transforming your security operations ; it is published under the Office of the CISO at Google Cloud. This work is focused on our vision as well as our lessons in building effective security operations for the future. We spent a lot of time thinking about what to call the new model.
Anton on Security
JUNE 21, 2021
Sometimes great old blog posts are hard to find (especially on Medium …), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is my third. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and now our Cloud Security Podcast too! Top 3 most popular posts of all times : “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?” “New
Anton on Security
MARCH 2, 2021
This is a quick “let’s think about it together” post focused on the future of cloud security. Our logical starting point is: “Through 2025, 99% of cloud security failures will be the customer’s fault.” ( source: Gartner ) My experience in my analyst days and perhaps today mostly confirms it. I’d say that “it feels right.” So, let’s agree that it describes today’s reality correctly.
Anton on Security
FEBRUARY 10, 2021
SOC Threat Coverage Analysis?—?Why/How? Why/How? As I mentioned in Detection Coverage and Detection-in-Depth , the topic of threat detection coverage has long fascinated me. Back in my analyst days, we looked at it as a part of a security use case lifecycle process. For example, we focused on things like number and quality of alerts per SIEM use case, false/useless alert (“false positive”) numbers and ratios (to useful alerts), escalations to incident response, tuning, etc.
Anton on Security
MAY 13, 2021
A few days ago we did a very well-attended webinar focused on the modern Security Operations Center (SOC) approach (see “Trend for the Modern SOC” for a replay link). We got a lot of great questions, and just like in the good old times , I am writing a blog where I cover some of the answers. Q: You mentioned that SOC is first a team: which skills are expected to distinguish the “basic” SOC from the modern SOC?
Anton on Security
JANUARY 22, 2021
From Google Cloud Blog: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” Here is another very fun resource we created (jointly with Andrew Lance from Sidechain ), a paper on designing and running data security strategy on Google Cloud. Read our launch blog here ?—?a a long excerpt is quoted below. Read Sidechain blog here ?—?look look for a useful data security migration checklist.
Anton on Security
MARCH 29, 2021
Sometimes great old blog posts are hard to find (especially on Medium …), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is my second. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog [and now our Cloud Security Podcast too!]
Anton on Security
FEBRUARY 26, 2021
Those who follow me on social media already knows this, but we have launched THE Cloud Security Podcast. TL;DR: Find this on Google Podcasts , Apple Podcasts , Spotify , Stitcher and wherever else podcasts can be found. You can also download the episodes directly here. Follow @CloudSecPodcast. The whole story from our GCP blog is cross-posted below: Security continues to be top of mind for large enterprises as well as smaller organizations and businesses.
Anton on Security
DECEMBER 28, 2020
I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed later. The debate focused on the role of context in threat detection. Specifically, it is about the role of local context (environment knowledge, organization context, site details, etc) in threat detection. Can threat detection work well without such local context? Now, some of you will say “yes, of course!”
Anton on Security
DECEMBER 11, 2020
As I hear of organizations dealing with security when migrating to the cloud, I occasionally observe cases of “ extreme lift and shift.” I use this label to describe a case when an organization wants to keep every single security technology that they use on-premise after they move to the public cloud. The list can be very long and tedious; it may include such staples as firewalls, anti-malware, SIEM, EDR , NIDS, and even network forensics and NDR. Let’s ponder this situation without judgement.
Anton on Security
DECEMBER 8, 2020
As we discussed in “The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less” , there are situations where the encryption key really does belong off the cloud and so trust is externalized. While we argue that these are rarer than some assume, they absolutely do exist. Moreover, when these situations materialize, the data in question or the problem being solved is typically hugely important for an organization.
Anton on Security
NOVEMBER 20, 2020
Sometimes great old blog posts are hard to find (especially on Medium ), so I decided to do a periodic (who am I kidding, occasional?—?not not periodic ) list blog with my favorite posts of the past quarter or so. Here is my first. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog.
Let's personalize your content