Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2015. Note that my current Gartner blog is where you go for my recent blogging, all of the content below predates 2011.
- “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge. Current emergence of open source log search tools (ELK FTW!), BTW, does not break the logic of that post. SIEM is still hard, whether OSS or not.
- “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
- My classic PCI DSS Log Review series is always hot! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.1 in 2015 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!)
- “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases as well as this new post. Finally, see our new 2015 research on SIEM use cases here!
- “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM tools, see this document)
- “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).
- “How to Write an OK SIEM RFP?” (from 2010) contains Anton’s least hated SIEM RFP writing tips (I don’t have any favorite tips since I hate the RFP process)
- “SANS Top 6 Log Reports Reborn!” highlights the re-release of top most popular log reports list.
- “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as about why the right way is so unpopular.
- “SIEM Bloggables” is a very old post , more like a mini-paper on some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users.
Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.
Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.