Tuesday, January 04, 2011

Annual Blog Round-Up – 2010

If monthly, why not annual blog round-up? These are my top popular "Security Warrior" blog posts for the entire 2010. This list covers the posts most popular in 2010, not necessarily only those written in 2010.


So, the list:

  1. Simple Log Review Checklist Released!” made BY FAR the biggest splash last year. The checklist, a list of critical things to look for while reviewing  system, network and security logs when responding to a security incident,  now has a dedicated page (securitywarriorconsulting.com/logchecklist/) and you can grab an updated versions there
  2. Checklist has a companion tool list of a popular free open-source log management and log analysis tools, which is also on the top list for 2010. It was posted to my blog (“On Free Log Management Tools”) as well as to a dedicated page (securitywarriorconsulting.com/logtools/)
  3. On Choosing SIEM” is next in my top post chart. It helps to determine “What is the least wrong way [of choosing a SIEM or log management product] which will actually get used in real-life?”  Sadly, people  seems unwilling to use the right way for a set of reasons…
  4. A carryover from last year, the quest for open source SIEM continues! In fact, a few top posts on my blog in 2010 (as well as 2009) resulted from search queries for “open source SIEM” – and now “open source log management.”  They are: “Why No Open Source SIEM, EVER?” , “On Open Source in SIEM and Log Management”  and “Short Observation on Open Source SIEM
  5. Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2”, “SANS Top 5 Essential Log Reports Update!” and their predecessor  “Top5 SANS Log Reports Update DRAFT” also show up close to the top. Now that I have a bit more time, I will finally finish the write-up and submit it to SANS for distribution… look the final version in January 2011.
  6. The Myth of SIEM as “An Analyst-in-the-box” or How NOT to Pick a SIEM-II?” with 7 reasons why SIEM is NOT “an analyst in the box” – and never can be. “SOC in the box”? Bua-ha-ha-ha, come on, let’s be reasonable here
  7. My Best PCI DSS Presentation EVER!” covers my keynote experience at  PCI DSS Workshop 2010 by Treasury Institute for Higher Education (the other keynote being Bob Russo, naturally) – the presentation is embedded in the post
  8. How Do I Get The Best SIEM?” is another SIEM selection advice post that made the top chart. It sure seems like 2010 was a year when a lot of organizations were looking for SIEM tools…
  9. “I Want to Buy Correlation” or How NOT to Pick a SIEM?” … guess what it is about? Yup, selecting a SIEM tool.
  10. It is amazing that something posted in November made the “year’s best” list. Still, “Complete PCI DSS Log Review Procedures, Part 1” and the whole series (which would be completed in early 2011) is among the most read posts for the entire 2010.

See you in December 2011 when I will post the next annual blog round-up; see my previous annual “Top Posts” -2007, 2008 and the monthly top posts below.

Possibly related posts / past monthly popular blog round-ups:

Dr Anton Chuvakin