Monthly Blog Round-Up – August 2013

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.
2. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
3. “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011.
4. “On Choosing SIEM” is another old classic (from 2010) that often shows up on my top list; it covers some tips on choosing SIEM tools.
5. Finally, my classic PCI DSS Log Review series is popular as well. They outlined log review approach, useful for building log review processes and procedures, whether regulatory or not.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:

 

Current research on incident response:

• On Three IR Gaps
• Fusion of Incident Response and Security Monitoring?
• Survey: How Many Security Incidents Have You Had Over the Last 12 Months?
• Security Incidents vs “IT Problems”
• Top-shelf Incident Response vs Barely There Incident Response
• On SANS Forensics Survey
• Incident Plan vs Incident Planning?
• On Importance of Incident Response
• Is That An Incident In Your Pocket – Or Are You Just Happy to See Me?
• Time-tested Incident Response Wisdom?
• Incident Response: The Death of a Straight Line
• My Next Research Area: Incident Response

Current research on endpoint detection and investigation tools (ETDR):

• Endpoint Threat Detection & Response Deployment Architecture
• Essential Processes Around Endpoint Threat Detection & Response Tools
• Named: Endpoint Threat Detection & Response
• Endpoint Threat Indication & Response?
• Endpoint Visibility Tool Use Cases
• On Endpoint Sensing
• RSA 2013 and Endpoint Agent Re-Emergence
• A Quiet Assumption

Miscellaneous fun posts:

• 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
• Bye-bye, Compliance Thinking. Welcome, Military Thinking!
• DLP Webinar Questions – Answered!

(see my published Gartner research here)

Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012.

Disclaimer: all content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – July 2013
• All posts tagged monthly.