Monthly Blog Round-Up – August 2016

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on security monitoring use cases here!
3. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
4. My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the costs of a SIEM project (well, a program, really) at an organization (much more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]: 

 

Current research on SOC:

• About The Tri-Team Model of SOC, CIRT, “Threat Something”
• New Research Starting Soon: Threat Intel, SOC, etc
• Your SOC Nuclear Triad

Current research on threat intelligence:

• How to Grow to Strategic Threat Intel Consumption?
• Baby’s First Threat Intel Usage Questions
• How a Lower Maturity Security Organization Can Use Threat Intel? 

Miscellaneous fun posts:

• Threats Inside vs Insider Threat
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• Sad Hilarity of Predictive Analytics in Security?
• Anton’s Favorite Threat Hunting Links
• No, Virginia, It Does NOT Mean That! (detection and prevention)
• “Deception as Detection” or Give Deception a Chance?
• Jumping Security Maturity FAIL!
• Security: Automate And/Or Die?
• On Tanks vs Tractors
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – July 2016
• All posts tagged monthly