Monthly Blog Round-Up – June 2015

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.  Current popularity of open source log search tools, BTW, does not break the logic of that post. Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. That – and developing a SIEM is much harder than most people think  [278 pageviews]
2. “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM, see this document) [198 pageviews]
3. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version) [114 pageviews]
4. My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3.0 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (just out in its 4th edition!) [100+ pageviews to the main tag]
5. “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular. [60 pageviews out of a total of 4941 pageviews to all blog pages]

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:

Current research on cloud security monitoring:

• Trouble In The Cloud?!
• Cloud Security Monitoring … Revisited (aka It Is Not 2012 Anymore!)

Past research on security analytics:

• My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
• On Unknown Operational Effectiveness of Security Analytics Tooling
• Now That We Have All That Data What Do We Do, Revisited
• Who Validates Alerts Validated by Your Alert Validator Software?
• Killed by AI Much? A Rise of Non-deterministic Security!
• SIEM / DLP Add-on Brain
• Those Pesky Users: How To Catch Bad Usage of Good Accounts
• Security Analytics Lessons Learned — and Ignored!
• Security Analytics: Projects vs Boxes (Build vs Buy)?
• Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
• Security Analytics – Finally Emerging For Real?
• Why No Security Analytics Market?

Miscellaneous fun posts:

• Enable the Business? Sometimes Security Must Say “NO”…
• Once More on Insta-Fail Security Policies – Rant Alert!
• The Future Is Here … And It Is … Network? Endpoint?
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”
• Bye-bye, Compliance Thinking. Welcome, Military Thinking!
• All My Research Published in 2014

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – May 2015
• All posts tagged monthly