- “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … [262 pageviews]
- “A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert [103 pageviews]
- “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document [2015 update]) [80 pageviews]
- “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our new 2016 research on security monitoring use cases here! [74 pageviews]
- “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [65 pageviews of total 3971 pageviews to all blog pages]
- Our “How to Plan and Execute Modern Security Incident Response” Publishes
- What Is Different About Security Incident Response Today?
- Incident Response Becomes Threat Response … OR Does It: IR Research Commencing
- Our Paper “Endpoint Detection and Response Tool Architecture and Operations Practices” Publishes
- One More Time On EDR Use Cases
- EDR Tool Wins – Only For The Enlightened?
- EDR Mud Fight: Kernel or Userland?
- Using EDR For Remediation?
- EDR Research Commencing: Call To Action!
- Where Does EDR End and “NG AV” Begin?
- Reality Check on EDR / ETDR
- My Paper on Endpoint Tools Publishes (2013)
- Sad Hilarity of Predictive Analytics in Security?
- Anton’s Favorite Threat Hunting Links
- RSA 2016: Musings and Contemplations
- My Detection Confidence Survey Results
- No, Virginia, It Does NOT Mean That! (detection and prevention)
- “Deception as Detection” or Give Deception a Chance?
- Jumping Security Maturity FAIL!
- Security: Automate And/Or Die?
- Your SOC Nuclear Triad
- On Tanks vs Tractors
- Defeat The Casual Attacker First!!
- On “Defender’s Advantage”
(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.
Previous post in this endless series: