Anton on Security
MARCH 6, 2023
Cloud D&R Report (2023) One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists.
Anton on Security
DECEMBER 15, 2022
In recent weeks, I did two fun webinars related to Security Operations, and there was a lot of fun Q&A. The questions below are sometimes slighting edited for clarity, typos, etc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Anton on Security
MARCH 1, 2023
Hey, it is 2023, let’s debate SIEM again! Debate SIEM? In 2023? This is so 1997! Or perhaps 2017. Anyhow, Security Information and Event Management (SIEM) is a growing $4+B market that is proving remarkably resilient, and, actually, interesting again.
Anton on Security
JANUARY 10, 2022
New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) Sorry, it took us a year (long story), but paper #3 in Deloitte/Google collaboration on SOC is finally out. Enjoy “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” [PDF].
Speaker: William Hord, Senior VP of Risk & Professional Services
This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the foundational elements you need to start or validate your ERM program. He will also dive into topic definitions, governance structures, and framework components for success.
Anton on Security
JUNE 3, 2022
One of the well-advertised reasons for being in the office is about those “magical hallway conversations” (Google it). One happened to me a few days ago and led to a somewhat heated debate on the nature of modern threat detection.
Anton on Security
MAY 19, 2022
This is written jointly with Tim Peacock and will eventually appear on the GCP blog. For now, treat this as “posted for feedback” :-) Ideally, read this post first. In this post, we will share our views on a foundational framework for thinking about threat detection in public cloud computing.
Anton on Security
OCTOBER 12, 2022
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).
Anton on Security
SEPTEMBER 14, 2022
This blog / mini-paper is written jointly with Oliver Rochford. When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us that throughout the entire history of the security industry this has not always been the case.
Anton on Security
NOVEMBER 7, 2022
Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ).
Anton on Security
JULY 7, 2022
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ).
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Join this exclusive webinar with Dr. Karen Hardy, where she will explore the power of storytelling in risk communication as a core component of a resilient organization's management framework!
Anton on Security
JANUARY 3, 2023
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 and #4 ).
Anton on Security
JUNE 23, 2022
Let’s play a game and define a hypothetical market called Cloud Detection and Response (CDR). Note that it is no longer my job to define markets , so I am doing it for fun here (yes, people find the weirdest things to be fun! )
Anton on Security
JUNE 17, 2022
Originally written for a new Chronicle blog. As security orchestration, automation and response (SOAR) adoption continues at a rapid pace , security operations teams have a greater need for a structured planning approach.
Anton on Security
OCTOBER 20, 2022
Why Your Security Data Lake Project Will … Well, Actually … Long story why but I decided to revisit my 2018 blog titled “Why Your Security Data Lake Project Will FAIL!” That post was very fun to write and it continued to generate reactions over the years (like this one ).
Anton on Security
FEBRUARY 22, 2022
TLDR: no, this post still does not contain the Ultimate Answer for XDR, Life and Everything Question. Moreover, I don’t think anything ever will. While we discuss XDR , the market forces change the definitions, vendors pivot away, analysts ponder, customers cry… well, the cyber-usual.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.
Anton on Security
AUGUST 30, 2021
As you are reading our recent paper “Autonomic Security Operations?—?10X 10X Transformation of the Security Operations Center” , some of you may think “Hey, marketing inserted that 10X thing in there.” Well, 10X thinking is, in fact, an ancient tradition here at Google. We think that it is definitely possible to apply “10X thinking” to many areas of security (at the same link , they say that sometimes it is “easier to make something 10 times better than it is to make it 10 percent better” ).
Anton on Security
JANUARY 12, 2022
This post is perhaps a little basic for true SIEM literati, but it covers an interesting idea about SIEM’s role in today’s security. I suspect that this topic will become even more fascinating in light of the appearance of XDR ?—?but
Anton on Security
MARCH 28, 2023
So, we went through “Debating SIEM in 2023, Part 1” , now let’s debate a bit more. At this point, everybody who didn’t “rage stop” reading it should be convinced that yes, SIEM does matter in 2023. Debating SIEM in 2023, Part 1 But why? I bet the views on why SIEM matters differ a lot. So let’s dive into this! Let’s start with this: why should anyone buy an SIEM tool in 2023? And please don’t say “because you are still SIEM-less” or “because you didn’t buy it in 2003, 2013, 2020, etc.”
Anton on Security
OCTOBER 21, 2021
My admittedly epic (but dated) post “Security Correlation Then and Now: A Sad Truth About SIEM” mentioned the issue of TRUST as it applies to SIEM. Specifically, as a bit of a throwaway comment, I said “people write stupid string-matching and regex-based content because they trust it. They do not?—?en en masse?—?trust trust the event taxonomies if their lives and breach detections depend on it.” This post is an exploration of that theme.
Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM
The largest banks have increased reserves for protection against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions? In this webinar, Alex Jiménez will walk us through that question and examine the prudent course of action.
Anton on Security
AUGUST 31, 2022
As we discussed in our blogs, “ Achieving Autonomic Security Operations: Reducing toil ” and “ Achieving Autonomic Security Operations: Automation as a Force Multiplier ,” “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)” , your Security Operations Center (SOC) can learn a lot from what IT operations discovered during the Site Reliability Engineering (SRE) revolution. Let’s dive into another fascinating area of SRE wisdom?—?
Anton on Security
DECEMBER 10, 2021
SOC Technology Failures?—?Do Do They Matter? img src: [link] Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure.
Anton on Security
JUNE 10, 2022
One of the things I do every year at the RSA conference is to wander the expo halls trying to deduce themes and trends for the industry. Before I go into my specific observations, I wanted to share what impressed me the most this time. My first reaction was the normalcy of it all?—?it it came as a shock as this was my first big event after, well, RSA 2020. It definitely felt like the industry was back, with all its goods and some of its bads.
Anton on Security
JANUARY 20, 2022
20 years of SIEM? On Jan 20, 2002 , exactly 20 years ago, I joined a “SIM” vendor that shall remain nameless, but is easy to figure out. That windy winter day in northern New Jersey definitely set my security career on a new course.
Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC
In this session, Elizabeth “Paige” Baumann will cover the Anti-Money Laundering Act of 2020, which also includes the Corporate Transparency Act. She'll take a deep dive into the catalysts that brought on the act, the current implications of the act, and what impacts the act has on the future of banking and finance.
Anton on Security
APRIL 28, 2022
I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM?—?What’s What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars , we got a lot of great questions that I feel like re-answering here for posterity. Q: When do you think the industry will understand what XDR entails?
Anton on Security
APRIL 14, 2022
For many years, security practitioners imagined a security operations center (SOC) as a big room, full of expensive monitors and chairs. In these minds, rows of analysts sitting in those chairs and watching those monitors for blinking alerts made SOC, well, a SOC. This vision of the security operations center is derived from the original vision of the network operation center (NOC) that predates SOC by perhaps another decade or two.
Anton on Security
APRIL 7, 2022
Cloud Security Podcast by Google?—?Popular Popular Episodes by Topic This is simply a post that categorizes our podcast episodes by topic and then by download/listen count.
Anton on Security
MARCH 1, 2021
Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait… This is about the Security Operations Center (SOC). And automation. And of course SOC automation. Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today.
Speaker: William Hord, Vice President of ERM Services
Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.
Anton on Security
MARCH 24, 2022
Sometimes I write blog posts with answers. In other cases, I write blog posts with questions. This particular blog post covers a topic where I feel I am in the “discovering questions” phase. In other words, don’t expect answers?—?but but also don’t expect questions… So, in recent weeks, I had a few simultaneous conversations with various people that focused on the quality of threat detection. Here I’m talking about the quality of the entire detection capability of an organization.
Anton on Security
MARCH 16, 2022
As we discussed in “Achieving Autonomic Security Operations: Reducing toil” (or it’s early version “Kill SOC Toil, Do SOC Eng” ) and “Stealing More SRE Ideas for Your SOC” , your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle?—?Service Service Level Objectives (SLOs). In brief, this is about metrics.
Anton on Security
MARCH 3, 2022
Great old blog posts are sometimes hard to find (especially on Medium) , so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 5 most popular posts of all times: “Security Correlation Then and Now: A Sad Truth About SIEM” “Can We Have “Detection as Code”?” “New
Anton on Security
MARCH 19, 2021
For a reason that shall remain nameless, I’ve run this quick poll focused on the use cases for threat intelligence in 2021. The question and the results are below. Antons Threat Intel Poll 2021 Here are some thoughts and learnings based on the poll and the discussion , as well as other things.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.
Anton on Security
SEPTEMBER 3, 2021
As you recall from “Anton and The Great XDR Debate, Part 1” , there are several conflicting definitions of XDR today. As you also recall, I never really voted for any of the choices in the post. While some of you dismiss XDR as the work of excessively excitable marketing people (hey … some vendor launched “XDR prevention ”, no way, right?), perhaps there is a way to think about it from a different perspective.
Anton on Security
FEBRUARY 15, 2022
This is my completely informal, uncertified, unreviewed and otherwise unofficial blog inspired by my reading of our second Threat Horizons Report ( full version , short version ) that we just released ( the official blog for #1 is here ). Google Cybersecurity Action Team My favorite quotes follow below: “Threat actors have been known to use tools native to the Cloud environment rather than downloading custom malware or scripts to avoid detection.
Anton on Security
DECEMBER 22, 2020
New Paper: “Future of the SOC: SOC People?—?Skills, Skills, Not Tiers” Back in August , we released our first Google/Chronicle?—?Deloitte
Anton on Security
FEBRUARY 8, 2022
This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection. Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Mildly embarrassing, that.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.
Expert insights. Personalized for you.
246 
Let's personalize your content