Monthly Blog Round-Up – December 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last

month’s visitor data  (excluding other monthly or annual round-ups):

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here – and we are updating it now.
3. Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
4. “Simple Log Review Checklist Released!” is often at the top of this list – this rapildy aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
5. “SIEM Bloggables”  is a very old post, more like a mini-paper on  some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users. Still very relevant, if not truly modern.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

A critical reference post (!):

• Important: How to Impress / Annoy an Analyst During a Vendor Briefing? Best / Worst Tips Here!

Upcoming research on testing security:

• Threat Simulation Call to Action for 2018
• New Research: How to Actually Test Security?

Upcoming research on threat detection “starter kit”

• New Research: Starting Your Detection and Response Capability
  

Current research on SOAR:

• SOAR and Ticketing: Friends, Frenemies or the Same thing?
• SOAR and “Curve-jumping” in Security Operations
• SOAR: Magic or Mundane?
• SOAR Research Coming … Brace for Impact!!
• Security: Automate And/Or Die?

Current research on MSSP:

• MSSP is/and/or/vs MDR?
• Your Security Operations Maturity – and Your MSSP
• How To Test Your MSSP/MDR?
• The Curse of A Black MSSP

Miscellaneous fun posts:

• All My Research Published in 2017
• On Wild Security Maturity Overestimation
• Security Analytics: Platform First or Content First?
• Security Without Security People: A [Sad] Way Forward?
• Befuddled By “Hackback”
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Other posts in this endless series:

• All posts tagged monthly

Monthly Blog Round-Up – September 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009 (oh, wow, ancient history!). Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here.
3. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
4. Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
5. “SIEM Bloggables”  is a very old post , more like a mini-paper on  some key aspects of SIEM, use cases, scenarios, etc as well as 2 types of SIEM users.

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

Current research on SIEM:

• Let’s Define “SIEM”!
• Is SIEM The Best Threat Detection Technology, Ever?
• SIEM or Log Management?
• Action Item: SaaS SIEM Users Sought!
• Flashback 2014: SIEM Deployment Blueprint Visual
• Summer of SIEM 2017 Coming…

Planned research on SOAR (security orchestration,  automation and response):

• SOAR Research Coming … Brace for Impact!!

Planned research on MSSP:

• The Curse of A Black MSSP

Miscellaneous fun posts:

• Security Analytics: Platform First or Content First?
• Security Without Security People: A [Sad] Way Forward?
• Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”
• Befuddled By “Hackback”
• Can I Detect Advanced Threats With Just Flows/IPFIX? 
• Security: Automate And/Or Die?
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – August 2017
• All posts tagged monthly

Monthly Blog Round-Up – August 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
2. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
3. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
4. Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
5. SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

Current research on SIEM:

• Let’s Define “SIEM”!
• Is SIEM The Best Threat Detection Technology, Ever?
• SIEM or Log Management?
• Action Item: SaaS SIEM Users Sought!
• Flashback 2014: SIEM Deployment Blueprint Visual
• Summer of SIEM 2017 Coming…

Miscellaneous fun posts:

• Security Without Security People: A [Sad] Way Forward?
• Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”
• Befuddled By “Hackback”
• Can I Detect Advanced Threats With Just Flows/IPFIX? 
• Security: Automate And/Or Die?
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – July 2017
• All posts tagged monthly

Monthly Blog Round-Up – July 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
3. Again, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
4. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

Current research on SIEM:

• SIEM or Log Management?
• Action Item: SaaS SIEM Users Sought!
• Flashback 2014: SIEM Deployment Blueprint Visual
• Summer of SIEM 2017 Coming…

Recent research on vulnerability management:

• WannaCry or Useful Reminders of the Realities of Vulnerability Management

Recent research on cloud security monitoring:

• More Cloud Security Monitoring Contemplations
• Cloud Threat Detection Research
• More Cloud Security Monitoring Contemplations

Miscellaneous fun posts:

• Security Without Security People: A [Sad] Way Forward?
• Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”
• Befuddled By “Hackback”
• Can I Detect Advanced Threats With Just Flows/IPFIX? 
• Security: Automate And/Or Die?
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – June 2017
• All posts tagged monthly

Monthly Blog Round-Up – June 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
2. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
3. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
4. This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

Current research on vulnerability management:

• WannaCry or Useful Reminders of the Realities of Vulnerability Management

Current research on cloud security monitoring:

• More Cloud Security Monitoring Contemplations
• Cloud Threat Detection Research
• More Cloud Security Monitoring Contemplations

Recent research on security analytics and UBA / UEBA:

• Why Your Security Data Lake Project Will FAIL!
• Upcoming Webinar: User and Entity Behavior Analytics Tools
• Our Security Analytics and UEBA Papers Published
• Ok, So Who Really MUST Get a UEBA?
• On UEBA / UBA Use Cases
• UEBA Clearly Defined, Again?
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?

Miscellaneous fun posts:

• Security Without Security People: A [Sad] Way Forward?
• Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”
• Befuddled By “Hackback”
• Threats Inside vs Insider Threat 
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• Security: Automate And/Or Die?
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – May 2017
• All posts tagged monthly

Monthly Blog Round-Up – May 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this

month:

1. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
2. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
3. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
4. This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials. 
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has more than 5X of the traffic of this blog]: 

EPIC WIN post:

• Why Your Security Data Lake Project Will FAIL!

Current research on vulnerability management:

• WannaCry or Useful Reminders of the Realities of Vulnerability Management

Current research on cloud security monitoring:

• More Cloud Security Monitoring Contemplations
• Cloud Threat Detection Research
• More Cloud Security Monitoring Contemplations

Recent research on security analytics and UBA / UEBA:

• Our Security Analytics and UEBA Papers Published
• Ok, So Who Really MUST Get a UEBA?
• On UEBA / UBA Use Cases
• UEBA Clearly Defined, Again?
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?

Miscellaneous fun posts:

• Threats Inside vs Insider Threat 
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• Security: Automate And/Or Die?
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – April 2017
• All posts tagged monthly

Monthly Blog Round-Up – April 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
2. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
3. This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
4. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]: 

 

Current research on cloud security monitoring:

• Cloud Threat Detection Research
• More Cloud Security Monitoring Contemplations

 

Recent research on security analytics and UBA / UEBA:

• Our Security Analytics and UEBA Papers Published
• Ok, So Who Really MUST Get a UEBA?
• On UEBA / UBA Use Cases
• UEBA Clearly Defined, Again?
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?

 

EPIC WIN post:

• Why Your Security Data Lake Project Will FAIL!

 

Miscellaneous fun posts:

• SIEM Future: A UEBA Path or An MDR Way?
• Security in 2025 – Extrapolate or Bust?
• Threats Inside vs Insider Threat
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• Security: Automate And/Or Die?
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – Februrary 2017
• All posts tagged monthly

Monthly Blog Round-Up – February 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010, so I have no idea why it tops the charts now!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
2. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
3. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
4. This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]: 

Recent research on security analytics and UBA / UEBA:

• Ok, So Who Really MUST Get a UEBA?
• On UEBA / UBA Use Cases
• UEBA Clearly Defined, Again?
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?

Miscellaneous fun posts:

• Security in 2025 – Extrapolate or Bust?
• All My Research Published in 2016
• Threats Inside vs Insider Threat
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• No, Virginia, It Does NOT Mean That! (detection vs prevention)
• Security: Automate And/Or Die?
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.
Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.
Previous post in this endless series:

• Monthly Blog Round-Up – January 2017
• All posts tagged monthly

Monthly Blog Round-Up – January 2017

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. This month, my classic PCI DSS Log Review series is extra popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ even though it predates it), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!) – note that this series is mentioned in some PCI Council materials.
2. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
3. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
4. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
5. “An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it).

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]: 

 

Current research on security analytics and UBA / UEBA:

• Ok, So Who Really MUST Get a UEBA?
• On UEBA / UBA Use Cases
• UEBA Clearly Defined, Again?
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?

Recent research on deception:

• Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published
• APT-Ready? Better Threat Detection vs Detecting “Better” Threats?
• Better Data or Better Algorithms?
• Tricky: Building a Business Case for A Deception Tool?
• It Is Happening: We Are Starting Our Deception Research!
• “Deception as Detection” or Give Deception a Chance?

Miscellaneous fun posts:

• Security in 2025 – Extrapolate or Bust?
• All My Research Published in 2016
• Threats Inside vs Insider Threat
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• No, Virginia, It Does NOT Mean That! (detection vs prevention)
• Security: Automate And/Or Die?
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – December 2016
• All posts tagged monthly

Annual Blog Round-Up – 2016

Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2016. Note that my current Gartner blog is where you go for my recent blogging, all of the content below predates 2011.

1. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not.
2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
3. “Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
4. My classic PCI DSS Log Review series is always hot! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ in 2017 as well), useful for building log review processes and procedures , whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (out in its 4th edition!) 
5. “SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me?” is a quick framework for assessing the SIEM project (well, a program, really) costs at an organization (a lot more details on this here in this paper).
6. “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm in 2009-2011 (for my recent work on evaluating SIEM tools, see this document)
7. “How to Write an OK SIEM RFP?” (from 2010) contains Anton’s least hated SIEM RFP writing tips (I don’t have any favorite tips since I hate the RFP process)
8. “An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it).
9. “A Myth of An Expert Generalist” is a fun rant on what I think it means to be “a security expert” today; it argues that you must specialize within security to really be called an expert.
10. Another old checklist, “Log Management Tool Selection Checklist Out!”  holds a top spot  – it can be used to compare log management tools during the tool selection process or even formal RFP process. But let me warn you – this is from 2010.

Disclaimer: all this content was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing.  For my current security blogging, go here.

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Monthly Blog Round-Up – December 2016

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “An Open Letter to Android or “Android, You Are Shit!”” is an epic rant about my six year long (so far) relationship with Android mobile devices (no spoilers here – go and read it).
2. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our 2016 research on developing security monitoring use cases here!
3. “Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? You be the judge.  Succeeding with SIEM requires a lot of work, whether you paid for the software, or not. BTW, this post has an amazing “staying power” that is hard to explain – I suspect it has to do with people wanting “free stuff” and googling for “open source SIEM” … 
4. “Simple Log Review Checklist Released!” is often at the top of this list – this aging checklist is still a very useful tool for many people. “On Free Log Management Tools” (also aged a bit by now) is a companion to the checklist (updated version)
5. My classic PCI DSS Log Review series is always popular! The series of 18 posts cover a comprehensive log review approach (OK for PCI DSS 3+ as well), useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book and mentioned in our PCI book (now in its 4th edition!)

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog [which, BTW, now has about 5X of the traffic of this blog]: 

 

Current research on security analytics and UBA / UEBA:

• UEBA Clearly Defined, Again?
• What Should Your UEBA Show: Indications or Conclusions?
• UEBA Shines Where SIEM Whines?
• The Coming UBA / UEBA – SIEM War!
• Next Research: Back to Security Analytics and UBA/UEBA
• Sad Hilarity of Predictive Analytics in Security?

Recent research on deception:

• Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published
• APT-Ready? Better Threat Detection vs Detecting “Better” Threats?
• Better Data or Better Algorithms?
• Tricky: Building a Business Case for A Deception Tool?
• It Is Happening: We Are Starting Our Deception Research!
• “Deception as Detection” or Give Deception a Chance?

Miscellaneous fun posts:

• All My Research Published in 2016
• Threats Inside vs Insider Threat
• Can I Detect Advanced Threats With Just Flows/IPFIX?
• No, Virginia, It Does NOT Mean That! (detection vs prevention)
• Security: Automate And/Or Die?
• Defeat The Casual Attacker First!!
• On “Defender’s Advantage”

(see all my published Gartner research here)
Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on August 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

• Monthly Blog Round-Up – November 2016
• All posts tagged monthly