Monday, January 05, 2009

Annual Blog Round-Up – 2008

If monthly, why not annual blog round-up? These are my top popular "Security Warrior" blog posts for 2008. Enjoy!

  1. Just as last year (!!!), the "fallout" from being featured on a high-profile programming site continues to drive humongous loads of traffic which made this set of posts the most popular, even for this year  year, even though it was posted more than a year ago.  The topic that got such a huge boost was anti-virus efficiency. The posts are: Answer to My Antivirus Mystery Question and a "Fun" Story, More on Anti-virus and Anti-malware, Let's Play a Fun Game Here ... A Scary Game, The Original Anti-Virus Test Paper is Here!, Protected but Owned: My Little Investigation as well as a final entry about my own switch away from mainstream major-vendor anti-virus tool: A Bit More on AV  and Closure (Kind of) to the Anti-Virus Efficiency/Effectiveness Saga. The staying power of this series of posts is truly astounding; pretty much a Slashdot effect.
  2. Due to totally bizarre reasons that just blow my mind, people keep obsessively googling for “open source SIEM” and thus I have to add this little post called On Open Source in SIEM and Log Management to a top list as – oh, shock! - #2. Just as a reminder, there is no credible open source SIEM tool (no “snort of SIEM”) – and there probably never will be. OSSEC comes kinda close, but solves a much more narrow problem (really well!)
  3. Next by rank (amazingly, just as last year!) is a set of my Top11 listsTop 11 Reasons to Collect and Preserve Computer Logs and  Top 11 Reasons to Look at Your Logs (BTW, the third list, Top 11 Reasons to Secure and Protect Your Logs, was much more popular this year compared to last year – is log security finally coming?)
  4. A champion of multiple months, “MUST-DO Logging for PCI?  is also on the list; the world does need more specific PCI DSS guidance. PCI DSS guidance is not “too prescriptive,” it is more often not prescriptive enough!
  5. I did a lot of polls in 2008 (mostly on logs, but on other subjects as well)  and many were on the top lists. I will do more polls this year as well; obviously, on more topics than just logs.
  6. In a similar Slashdot-like effect, my comments on Terry Child sagaOn Doomsaying (Terry Childs case)”, “So ... Am I? Maybe I Am!” and “Admins , Good Guys or "I am NOT an Idiot!"” were on the top list. The whole thing REALLY opened my eyes that “information security” and “IT” are not always friends, lovers or even good neighbors … Security people often bitch about management – this saga made me think we need to bitch about IT more :-)
  7. This cute, semi-humorous post  on SIEM (“11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"”) was hot this year; it generate a lot of soul-searching about SIEM (some items are linked here)
  8. Accidentally launching a “security idiot” meme (“You Are "A Security Idiot" If ...”) was also one of the highlights. The “security idiot” meme lives on.  (one day I will have to explain how the original post originated)
  9. Hurray to database logging (finally!) My posts related to database logging top the charts in 2008. Specifically, How to Do Database Logging/Monitoring "Right"? as well as its "prequels" Full Paper on Database Log Management Posted and On Database Logging and Auditing (Teaser + NOW Full Paper).

Also enjoy:

Monthly tops:


Annual tops:


Dr Anton Chuvakin