Wednesday, January 01, 2014

Annual Blog Round-Up – 2013

Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2013.
  1. Simple Log Review Checklist Released!” was again the most popular this year. The checklist, a list of critical things to look for while reviewing  system, network and security logs when responding to a security incident (companion free log tool list)
  2. Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.
  3. PCI DSS Log Review series of posts takes the #3 spot; they are about planning and executing a complete log review process at an organization.
  4. Top 10 Criteria for a SIEM?” is an EXAMPLE requirement list for choosing a SIEM tool (it can be used for creating your very own SIEM RFP, but this is much better for it, of course).
  5. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports (the paper link is now restored!) – also see this SIEM use case in depth.
  6. On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as about why the right way is so unpopular.
  7. “SIEM Bloggables” has one possible view on higher-level SIEM use cases and basic functionality, and a quick discussion of SIEM user types (circa 2009 – so NO “big data” for you!).
  8. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (much more details on this here).
  9. “My Best PCI DSS Presentation EVER!” is my conference presentation where I make a passionate claim that PCI DSS is actually useful for security (do read the PCI book as well)!
  10. SANS Top 6 Log Reports Reborn! highlights the re-release of top most popular log reports list.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012.

Dr Anton Chuvakin