Wednesday, February 03, 2010

Monthly Blog Round-Up – January 2010

As we all know, blogs are a bit "stateless" and a lot of useful security reading material gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is my attempt to remind people of useful content from the past month! If you are “too busy to read the blogs,” at least read these.
So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics.
  1. As predicted, my security predictions ( “Security Predictions 2010” and “Security Predictions 2020 (!)” - yes, 2020!) took the #1 spot this month. They are fun – but I will also check how well they panned out early next year. Then we will know who is laughing :-)
  2. How to Stay Compliant? or Ongoing Tasks in PCI DSS,”  a repost of my paper published at EthicalHacker.net was next. Indeed, “getting compliant” is only half the fun (actually, getting validated is only 1/3 of it :-))
  3. SIEM is on a lot of people’s minds. That is why ““I Want to Buy Correlation” or How NOT to Pick a SIEM?” is on the hot list. BTW, I am planning more of “how not to buy a SIEM?” posts…
  4. Top Log FAIL!” is still hot! The post summarizes the most egregious, reckless, painful, negligent, sad, idiotic examples of “Log FAIL.”
  5. MUST-DO Logging for PCI?” took the next spot. BTW, there is a newer post on the subject of PCI DSS logging requirements: “More on PCI DSS and Logging.” This, BTW, has been the main goal of some of my recent consulting projects. Should I maybe talk about “PCI logging in the cloud” next? :-)
  6. Open source SIEM theme continues to drive a lot of traffic – it looks like folks are still desperately googling for it. “Why No Open Source SIEM, EVER?” post takes the spot in Top5 this month again. The older inspiration for this post is “On Open Source in SIEM and Log Management.”  While you are reading up on SIEM , check out the post called “SIEM Bloggables” with key SIEM use cases. BTW, the funny (and new!) part is that I see more queries for “open source log management” as well.
This month I am continuing a new tradition: I am going to thank my top 5 referrers this month (those that are actual humans, that is). So, thanks a lot to the following people whose blogs sent the most visitors to my blog:
  1. Dancho Danchev
  2. Walt Conway
  3. Alexey Babenko (in Russian)
  4. Richard Bejtlich
  5. Gunnar Peterson
Thank you for all the link-love!
See you in February; also see my annual “Top Posts” - 2007, 20082009!
Possibly related posts / past monthly popular blog round-ups:
Obligatory “added everywhere” posts :-)
  • I might be available for fun consulting projects related to logging, log management, SIEM, PCI DSS etc. Please see the services list at my consulting site.

Dr Anton Chuvakin