Old Content Posted: Presentations, Documents, etc

In preparation for a career change (stand by for an announcement on midnight July 31, 2011), I am posting A LOT of my old presentations and documents online for the community.

See http://www.slideshare.net/anton_chuvakin/presentations for such gems as my HITB 2010 keynote “Security Chasm”,  Brief SIEM Primer, “Making Log Data Useful” as well as the most recent "Five Best and Five Worst SIEM Practices"

See http://www.docstoc.com/profile/anton1chuvakin for a bunch of older documents on security, logging, SIEM, PCI DSS – including such gems as Logging Haiku,  firewall logging primer, etc

Enjoy!

My “Recent” Security Writing and Speaking

Now that I flooded with work (with more on the way), I am eternally procrastinating  on my “Fun Security Reading” blog posts. So, let me at least try to blog about what I was WRITING if I don’t have time to blog about what I was reading (Google Reader shared item feed). The list is loosely sorted by time:

My writing:

1. “HIPAA Logging HOWTO, Part 1”
2. “HIPAA Logging HOWTO, Part 2”
3. “PCI Security: Q&A with Anton Chuvakin, PCI Compliance Expert”
4. “PCI Security: Q&A with Anton Chuvakin, PCI Compliance Expert, PART 2”
5. “ASSESSMENT SUCCESS: PCI DSS STANDARDS AND SECURE DATA STORAGE”
6. "How to Do Application Logging Right" (with Gunnar Petersen)
7. “FISMA Logging HowTo, Part 1”
8. “Logging for FISMA part 2 : Detailed FISMA logging guidance”
9. “Log management software can aid data security, boost IT accountability”
10. “Log review for incident response, Part 1”
11. “A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security”
12. “Log review for incident response, Part 2”
13. “PCI DSS 2.0 Fun Facts”
14. “Logs vs Bots and Malware Today”
15. “PCI DSS Today and Tomorrow: Logging is the Key”
16. “Logs for Insider Abuse Investigations”

Presentations:

1. “Log Standards and Future Trends” (BrightTalk)
2. “What PCI DSS Taught Us About Security” (BrightTalk)
3. “You Got That SIEM. Now What Do You Do?"(BayThreat 2010)
4. “Achieve PCI Compliance and Ensure Security in a Data Deluge” (Focus.com webcast)
5. “Address Network Security & Dramatically Reduce PCI DSS Scope with Gateway Tokenization” (Intel – NRF (!) webcast)
6. “Proactive Compliance for new PCI-DSS 2.0” (SANS webcast)
7. “Using Logs for Breach Investigations and Incident Response” (Brightalk webcast) and presentation
8. “PCI Compliance: Tips, Tricks & Emerging Technologies” (BankInfoSec webcast)
9. You can always see more on my Slideshare page.

Audio/podcasts/etc:

1. Cloudchasers podcast “Cloud security and compliance: its all about the logs – May 20, 2010” (mp3)
2. Cloudchasers podcast “IT Security industry consolidation and the cloud – Sept 16, 2010” (mp3)
3. “Logs, Clouds and Open Source, Oh My!”
4. ETM podcast “Insight into SIEM” (mp3)
5. McAfee podcast about retail security (mp3)
6. …and, obviously, our own log podcast LogChat

Miscelaneous:

1. “Scaling the Security Chasm” is not by me, but it is written based on my HITB keynote last year
2. “How to handle PCI DSS requirements for log management in the cloud” is also not by my, but has significant input from me

BTW, if you’d like to see what I’ve been reading, subscribe up for my Google Reader shared item feed and Like feed/Buzz. Or use the widget below:

And, no, Twitter didn’t kill blogging, but it sure looks like Twitter is intent on killing Twitter

P.S. Posted by a scheduler – please don’t laugh, but I am in Siberia now Responses to comments will happen when I am back.

Possibly related posts:

• “Fun Reading on Security and Compliance #25”
• My recent presentations

Monthly Blog Round-Up – November 2010

Blogs are "stateless" and people often pay attention only to what they see today. Thus a lot of useful security reading material gets lost.  These monthly round-ups is my way of reminding people about interesting blog content. If you are “too busy to read the blogs,” at least read these.

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month.

1. Just as last month, the top position in November is again held by my repost of my free log management tool list (“On Free Log Management Tools”) from my consulting site. The original version was written as a companion to our “Log Review Checklist” that also sits on the top list this month.
2. Another checklist, “Log Management Tool Selection Checklist Out!”  holds a close second spot – it can be used to compare log management tools during the tool selection process or even formal RFP process.
3. As you know, I started posting my PCI DSS log review procedures that I created for a consulting client (sanitized, of course!). The first post in what will be a REALLY long series (“Complete PCI DSS Log Review Procedures, Part 1”) is next. Look for all posts under “PCI_Log_Review” tag
4. “Random Fun Highlights from PCI DSS 2.0 …” originated from my reading the new version of PCI DSS and taking some notes. Feel free to read it to quickly get “what’s new?” in PCI DSS 2.0
5. “On Choosing SIEM“, a companion to  “How Do I Get The Best SIEM?”, held the next top position – and so it “How to Write an OK SIEM RFP?” If you are thinking of getting a SIEM or a log management tool, check them out and also look at related resources at the end of these posts.  “So, What Should I Want?” or How NOT to Pick a SIEM-III?” , “The Myth of SIEM as “An Analyst-in-the-box” or How NOT to Pick a SIEM-II?” and ““I Want to Buy Correlation” or How NOT to Pick a SIEM?” also stay at the top – it seems like smaller organizations are looking at deploying SIEM and log management and there is a lot of interest in simple guidance
6. Our LogChat podcast release is next on the list – the third issue is coming next week. The podcast is now on iTunes as well – check it out. The next issue (#4) is coming next week!

Also, below I am thanking my top 3 referrers this month (those who are people, not organizations). So, thanks a lot to the following people whose blogs sent the most visitors to my blog:

1. Mike Dahn
2. Walt Conway
3. Raffy Marty
4. Martin McKeay
5. Dancho Danchev

See you in December for the next monthly and also annual top blog posts - also see my past annual “Top Posts” - 2007, 2008,  2009!

Possibly related posts / past monthly popular blog round-ups:

• Monthly Blog Round-Up – October 2010
• Monthly Blog Round-Up – September 2010
• Monthly Blog Round-Up – August 2010
• Monthly Blog Round-Up – July 2010
• Monthly Blog Round-Up – June 2010
• Monthly Blog Round-Up – May 2010
• Monthly Blog Round-Up – April 2010
• Monthly Blog Round-Up – March 2010
• Monthly Blog Round-Up – February 2010
• Monthly Blog Round-Up – January 2010
• Monthly Blog Round-Up – December 2009
• Monthly Blog Round-Up – November 2009
• Monthly Blog Round-Up – October 2009
• Monthly Blog Round-Up – September 2009
• Monthly Blog Round-Up – August 2009
• Monthly Blog Round-Up – July 2009
• Monthly Blog Round-Up – June 2009
• Monthly Blog Round-Up – May 2009
• Monthly Blog Round-Up – April 2009
• Monthly Blog Round-Up – March 2009
• Monthly Blog Round-Up – February 2009
• Monthly Blog Round-Up - January 2009
• Monthly Blog Round-Up - December 2008
• Monthly Blog Round-Up - November 2008
• Monthly Blog Round-Up - October 2008
• Monthly Blog Round-Up - September 2008
• Monthly Blog Round-Up - August 2008
• Monthly Blog Round-Up - July 2008
• Monthly Blog Round-Up - June 2008
• Monthly Blog Round-Up - May 2008
• Monthly Blog Round-Up - April 2008
• Monthly Blog Round-Up - March 2008
• Monthly Blog Round-Up - February 2008
• Monthly Blog Round-Up - January 2008
• Monthly Blog Round-Up - December 2007
• Monthly Blog Round-Up - November 2007
• Monthly Blog Round-Up - October 2007
• Monthly Blog Round-Up - September 2007
• Monthly Blog Round-Up - August 2007

“How to Do Application Logging Right” Paper OUT!

Just wanted to highlight another useful resource on logging: "How to Do Application Logging Right” by Gunnar Peterson and myself. Following on our previous IEEE paper (here [PDF]), we explored application logging from a developer's perspective. As Gunnar already pointed out, “audit logs are one of the quick, dirty and cheap things that can improve enterprise security.”

Here is a fun except:

“Organizations have finally gotten network device logging and—to
some extent—server logging under control. However, after getting
used to neat Cisco Adaptive Security Appliance or other firewall
logs and Linux “password accepted” messages, security incident
investigators trying to respond to the next wave of attacks
have been thrust into the horrific world of application logging.”

and

“We can start by establishing  criteria for good security audit logs (which we just call “logs” from now on). […]  On the basis of the six Ws, the following list [see paper] provides a starting point for what to include [in each application log message]”

and

“Software architects and developers must “get” logging; there’s
no other way. This is because infrastructure logging from network
devices and operating systems won’t cut it for detecting
and investigating application-level threats. Security teams will need
to guide developers and architects through useful, effective logging.”

Grab the paper here [PDF] and enjoy!

And, Raffy, you owe me another beer for “We thank Raffy Marty of Loggly for his thoughtful review of the draft article.” :-) In fact, I think me using the word “thoughtful” here justifies “beer+2”…

Possibly related posts:

• IEEE

HITB 2010 Amsterdam Awesomeness

I just came back from Amsterdam where I presented my keynote "Security Chasm" at Hack In The Box 2010 conference European debut. Both the keynote and the entire conference were a lot of fun - but then again WTH do expect from an event in Amsterdam? Below are my notes from the event.

It is worthwhile to note that I was the first speaker of the first day, which put some extra responsibility onto my shoulders. The main theme of my speech was that we have essentially two "securities" - one where people do paper risk assessments, "align strategy" and “enable business” and another where people actually deal with consequences of intrusions and other burning technical issues. You can read some notes from the audience here (and here) and live tweeting here.

Next I went to Fyodor Yarochkin presentation on Russian cybercrime called “From Russia with Love 2.0.” While lots of people speak about Russian cybercrime, Fyodor’s take was interesting and new (at least to me). First, did you know that most Russian malicious hackers face no ethical challenges - they think of what they do simply as "making money online?" For example, Fyodor reported that people were asking on one of the forums "Is it legal to Google for card numbers and then use them?" :-)  Along the same line, he does not think many of them are “professionals” - but simply people making some money on the side off “stupid rich foreigners” [A.C. – we are talking about you, dear merchants ignoring PCI DSS… :-)].  Despite all that, he did describe a lot of interesting bits of criminal infrastructure such as eBay-like site for selling stolen Skype accounts with online feedbacks (for assuring stolen account reliability, ya know) and “conversion services” for transferring money, say from WebMoney to PayPal.

The speaker also mentioned that the rumors of Russian political hackers are “greatly exaggerated” - by far the most are in it for the money (and, yes, you can hire some to further your political goals like blowing away Twitter for $80/day, but it doesn’t make them “political hackers”).  Another curious resource he highlighted was a complete tutorial for “making money online” - where to start if you are a complete amateur, barely know computers, but want to make money. Another fun bit was that he described how much DoS costs have fallen…

Now, the other part of his presentation was a description of his research tool for automatic intelligence gathering and analysis, complete with text mining, jargon conversion and language translation.

Another worthwhile speech that I would like to highlight was the second keynote by Mark Curphey - who “left” security a while back. It was so visual and hard to summarize that I probably won't do it justice here - just check his deck. It was about his “10 Crazy Ideas to Improve Security” such as “#2 stop human pattern matching” (ha, I wish we knew how to do that :-)) and “#3 community statistical analysis for security.” Audience comments are here.

Also, I went to the presentation by the author of Maltego analysis tool.  I have long been curious about the capabilities of this tool, and it seems like v3 will come with even more magic such as “named entity recognition ” (NER) which allows the tool to extract names of people and countries out of the analysis. And it might tell you who wins the 2010 FIFA World Cup … and be wrong about it :-)

As far as fun hallway conversation is concerned, I had a couple of very fun chats: one with Rop Gonggrijp about climate change and geopolitics and one with Mark Curphey on using agile for security (and security in agile software development)

Finally, presentation materials can be found here.  Videos are promised to be posted soon! Enjoy!

BTW, if you’d like to invite me to speak at your conference, please do so, but keep in kind that flying around and speaking does not pay the bills :-)

Fun Logging Webcasts: 4/1/2010 and 5/12/2010

In the next few days, I will be doing two fun logging webcasts with The Open Group. Here is the info, quoted from their site:

Title: Enterprise Logging and Log Management: Hot Topics
Date & Time: Thursday, April 1, 2010, 11:00am Eastern Time

Capturing log information is critical to IT organizations for many reasons, including for security incident detection and response, and for compliance with numerous regulations and standards. Join one of the foremost experts on log management, Dr. Anton Chuvakin, as we discuss enterprise logging challenges and issues.

Moderator: Jim Hietala, VP Security, The Open Group
Panelist: Dr. Anton Chuvakin, Security Warrior Consulting

To register and attend: https://opengroupevents.webex.com/opengroupevents/onstage/g.php?t=a&d=664303043

Title: Logging Use Cases and Standards Update
Date & Time: Wednesday, May 12, 2010 11:00 am Eastern Time

Following on from our April 1 Log Management Challenges webcast, this second webcast will explore some log management use cases, including around accountability for data access. In addition, an update on progress in standards work from The Open Group (XDAS) and MITRE (CEE) will be presented.

Moderator: Jim Hietala, VP, Security, The Open Group
Panelists:

• Ian Dobson, Director, Security & Jericho Forums, The Open Group
• Dr. Anton Chuvakin, Security Warrior Consulting
• Joel Winteregg, Netguardians
  

To register and attend:
https://opengroupevents.webex.com/mw0306l/mywebex/default.do?siteurl=opengroupevents&rnd=0.20892260101881588

 

Possibly related posts:

• All posts tagged presentation

How to Stay Compliant? or Ongoing Tasks in PCI DSS

This post and, of course, the paper included below, are inspired by some work I’ve been doing on so-called “ongoing compliance,”  in particular as it applies to PCI DSS. The table in the paper below is the result of my going through the text of the Data Security Standard and extracting all the requirements which are NOT “one point in time”, but periodic in nature. I did it just to prove to some buffoon that PCI actually mandates security things to be done periodically and NOT just before the assessment were to start or SAQ was due. No deep thinking here, but a useful reminder about the fact that …

• Validation is “point-in-time”
• Compliance is “over time.”

BTW, a good QSA can check for signs that an organization is actually “equipped” for ongoing compliance and not simply “cooking evidence” to impress him…
===================================
“What do I really need to do to STAY compliant?” paper was originally published here. BTW, check out this fun PCI DSS poll that accompanies the paper (results, vote).
Lately, a lot of security industry discussions have been focused on PCI DSS- Payment Card Industry Data Security Standard. The conversation ranges from practical advice on “how to get compliant” all the way to branding PCI as a devilish invention (Google for “PCI is the devil”) Fiery debates aside, PCI DSS guidance helped countless organizations to see the light of security where there was none before. It goes without saying that it didn’t magically make them “become secure” – no external document can.
One of the frequent criticisms of PCI DSS focuses on the misguided view that “PCI is all about passing an ‘audit’.” Many people would be surprised to find out that PCI DSS lists specific tasks that you have to be doing all the time – NOT just before the assessment. This paper focuses on the exact steps organizations must take to actually stay compliant and not just pass validation via scanning, on-site assessment by QSA or self-assessment questionnaire ( SAQ)
Indeed, very few experts will actually tell you how to STAY compliant and not just how to GET compliant. Recent cases of massive card data breaches at companies that were at one point validated as PCI DSS compliant show that staying compliant is much harder than getting compliant. Security benefits of PCI DSS are not realized just because an assessor in a fancy suit tells you that are “validated as compliant.” Such benefits are there if you are “doing PCI” and “doing security” every day (yes, PCI does included daily tasks for you to do!) By the way, if you are trying to use PCI DSS to launch your security program, this resource would be a useful guide.
Despite the above focus on “getting compliant,” some security vendors preach the theme of “ongoing compliance.” In fact, they’ve been doing literally for years. Of course, the “ongoing compliance” theme is awesome. Sadly, a majority of the same vendor customers don’t do it like this (to their own loss – this why it is sad). They still have assessment-time rush, “pleasing the QSA” approach and “checklist-oh-we-are-DONE” mentality. We can conclude that before one wants to “sell” continuous compliance concept, one need to educate the audience first.
To top it off, achieving 100% PCI compliance for validation gets much more resources at corporations, compared to maintain 100% PCI compliance.
In light of the above discussion, a lot of people are surprised that PCI DSS document itself  contains a list of tasks to perform to maintain compliance between assessment. The table below shows these periodic tasks:

	PCI DSS Requirements Version 1.2.1	Period
3	3.6.4 Periodic cryptographic key changes §          As deemed necessary and recommended by the associated application (for example, re-keying); preferably automatically §          At least annually	1/year
6	6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods: §       Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes §       Installing a web-application firewall in front of public-facing web applications	1/year
9	9.5 Store media back-ups in a secure location, preferably an off-site facility, such as an alternate or backup site, or a commercial storage facility. Review the location’s security at least annually.	1/year
9	9.9.1 Properly maintain inventory logs of all media and conduct media inventories at least annually.	1/year
12	12.1.2 Includes an annual process that identifies threats, and vulnerabilities, and results in a formal risk assessment	1/year
12	12.1.3 Includes a [security policy] review at least once a year and updates when the environment changes	1/year
12	12.6.1 Educate employees upon hire at least annually	1/year
12	12.6.2 Require employees to acknowledge at least annually that they have read and understood the company’s security policy and procedures.	1/year
X	On-site QSA assessment (Visa L1, Amex L1, MC L1-2, etc) or self-assessment (Visa L2-L4, Amex L2-3, MC L3-4, etc)	1/year
1	1.1.6 Requirement to review firewall and router rule sets at least every six months	1/6 months
11	11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use	1/quarter
11	11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).	1/quarter
11	11.5 Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files or content files; and configure the software to perform critical file comparisons at least weekly.	1/week
10	10.6 Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).	1/day
12	12.2 Develop daily operational security procedures that are consistent with requirements in this specification (for example, user account maintenance procedures, and log review procedures).	1/day
	A lot of other processes require to “maintain”, “ensure”, etc - as well as procedures mentioned in item 12.2	As needed

(Source: PCI Data Security Standard, v. 1.2.1)
What do we learn from the above on how to stay compliant? Based on the above, we can come up with the following lists of periodic tasks, which are directly mentioned in the DSS (many more, of course, are implied…):
Every year
o Review security of web application
o Review security policy
o Perform security awareness training
o etc
Every six months
o Review firewall and router configurations
Every quarter
o Perform external and internal vulnerability scanning
Every week
o Run integrity checking on critical files
Every day
o Review logs from the systems in scope for PCI
o Perform other daily operational procedures defined in security policy

To conclude, while getting compliant gets more attention, staying compliant is where a lot of mistakes and faults (leading to data breaches) are made. As you are working on PCI DSS compliance related initiatives, make sure that staying compliant” is taken just as seriously as getting to that first validation…
Finally, there are still 2 days left to get THE “PCI Compliance” book at 30% off launch discount.
Possibly related posts:

• All PCI DSS blogging on my blog.

Three More Fun Presentations Set Free

As it is traditional, I am setting free three more of my recent security presentations:

• “Implementing and Running SIEM: Approaches and Lessons” (HOT!), given in St Andrews in Scotland in November 2009. All SIEM/SEM/SIM/log management people, check it out. You can get most of it here with voice… but there is a catch :-)
• “PCI 2010: Trends and Technologies”, given at “PCI 2010: Trends and Technologies” by BankInfoSecurity. You can get it here with voice and some fun subsequent discussion. It is about PCI DSS and contains the nor-infamous floor-and-ceiling picture…
• “PCI DSS Myths 2009: Fiction and Reality” (a slightly updated version of my PCI DSS myths), given at a recent ISC(2) webinar called “PCI 360: Multiple Perspectives”. You can get it here with voice.

Happy holidays! What better way to celebrate the season is there then to read up on security? :-)

Possibly related posts:

• All posts with presentations
• My slideshare stash
• My docstoc stash
• Fun security papers and presentation released!
• “SIEM Bloggables”
• “On SIEM Complexity”

“PCI Compliance” Book 30% Discount code

I have not yet received my copy of “PCI Compliance” book, but I was told it is OUT in the flesh.

During the entire “launch month” – December 2009 – you can get the book at 30% off using discount code: SYNGRESS30 

Here is some more info:

• Book website (check out a couple of free PCI DSS sample policies there!)
• Official page of “PCI Compliance” at Amazon
• Book page at Syngress website (has full book Table of Contents); for the above discount code, you have to buy it from here.
• My co-author’s Branden Williams website and blog.

BTW, we worked really hard on the book (and then the editors worked on us :-)) - despite this, some typos are unavoidable. Please report them and we will add them errata pages.

Enjoy!

Releasing Many Of My Security Papers!

As you can guess, I have written a lot of fun security stuff over the years. I’ve been “liberating” my content for the community to read, starting from presentations (via Slideshare)

Now, I am releasing most of my old paper content as well:

• My DocStoc collection
• My Scribd collection
• My Slideshare collection

Feel free to check these periodically as I will be adding old papers from my collections for a long time (they also get auto-dumped to Twitter). BTW, I am doing it despite the fact that some of my writing from 2002 is quite embarrassingly naive :-) But I never, ever misspelled HIPAA! Never!

Notable papers released:

• Automated Incident Handling Using SIM (now known as SIEM :-))
• Log Data Mining  /awesomeness alert! :-)/  - and related presentation on log data mining.
• Where Logs Hide: Logs in Virtualized Environments
• Discovery of Compromised Machines
• Trends in database log management 
• Buy vs. Build vs. Outsource: What’s Your Best Log Management Strategy? – and related presentation on the same subject.
• [very old, but still fun piece] On covert channels
• PCI DSS Myths – and related presentation on PCI myths
• “Security First” or “Compliance First”
• All presentations – there are pretty much all fun!

Go dig thru it, but keep in mind, old security stuff gets stale fast. So, while reading it, keep this in mind.

Possibly related posts:

• Everything tagged security reading.

Misc Fun Blog Follow-ups

Follow-ups to “A Myth of An Expert Generalist”:

• Is a CISO an expert generalist?  has good insight on whether a CISO is such expert generalist (no, he is not: he is an expert in “security leadership” [well, should be])
• “Thoughts on Security Careers” from Richard explains why  in some cases “broader skills” –> “recipe for disaster.”

Follow-ups to “Is Risk Just Too Risky?”

• “Risk-less security” from SecurityBalance has gems like “discussions about decision making (risk based vs. others) is the only thing interesting for me today on the security field” and “if PCI DSS is working, it’s certainly not because of those approaching it with a checklist based mind. It is because it is a quite good prescriptive standard.” Overall, this post exudes awesomeness.
• “Mandating Protection, Society and Seatbelts” uses my favorite analogy - seatbelts (namely, people don’t do it due to unknown risk of death, but do it due to $50 fine). In other words, this is a must-read too.

Misc fun interview with me (it has some fun bits e.g. the one on the [embarrassing :-)] first job I had…):

• Anton Chuvakin – Stuck In the Lift With The Cynic

Possibly related posts:

• Risk vs Risk

Obligatory “added everywhere” posts :-)

• I am not at Qualys anymore and looking for the next big security idea to work on! Meanwhile, I am available for fun consulting projects related to PCI DSS, log management or other fun security things.

OWASP Podcast Interview on PCI.

Here is a fun podcast interview that I did with OWASP; the subject is mostly PCI DSS (but watch for some fun Q&A in the end too)

Direct MP3 link is here[mp3]

Brian's Interview With Me on PCI, Vulnerability, Application Security, etc

Brian did this fun interview with me a few days ago. The topics are PCI DSS (of course!), vulnerability management, application security and other fun stuff. The actual interview is here and a direct link to MP3 here.

My Last Logging Interview?

While at GOVCERT.NL 2008, I gave this fun interview.... check it out.

As you can guess, I talk about logs. BTW, while you are at that link, check out other fun interviews; at least, check out David Rice's.

Qualys

As I am sitting here in my new office getting set up, it is time for me to share the full news with the world.

So, starting today I am a Director of PCI Compliance Solutions at Qualys.

There you have it :-)

More on this later; I am way too busy now.

Change!!!

No, this is not about a certain populist US politician :-) It is about a much graver subject indeed.

As of today, the only Chief Logging Evangelist in the world is no more. I have resigned from my position at LogLogic, effective October 9, 2008, which is today. Please don't contact me at the company email; use my personal email instead. My LinkedIn profile has been updated accordingly.

If you are curious, I still love logs. I really do. Logs are cute :-) You should love them too. And, it goes without saying, I will always remember that title, Chief Logging Evangelist, that I have created for myself. People did say that "Anton wakes up and thinks 'what else he can do today to make the world love logs?'" - it was pretty much like this. In fact, I think world does love logs a tiny bit more now and thus my mission of a logging evangelist has not been in vain.

I will be offline for the entire next week ("OMG, no blogging?" - "Nope, no blogging!") and you, my dear reader, will have to wait until October 20th to hear the news about ...

... where Anton is NOW!!!???

Yes, where is he? :-)

Talk to ya October 20th! The end always brings the new beginning ...

P.S. Please don't tell me that I have a penchant for dramatic. I know :-)

Technorati Tags: chuvakin

On Logs and Breach Disclosure Laws

Check out my fun paper called "Where the truth is: Logs and breach-disclosure laws" at ComputerWorld. I personally find the premise that logs help with breach notification mandates to be a perfect no-brainer, but it looks like some people consider it to be deep insight.

And, let's leave it at that: deep insight it is :-)

Key point for the impatient bunch: "... logs are essential for compliance with breach-notification laws because you know who exactly to notify. Proper log-keeping will save massive amounts of money while complying with both the letter and the spirit of this law."

On "Network, Database, and System Log Data Management: The What, Why, and How"

I wrote this fairly basic paper on logs, check it out: "Network, Database, and System Log Data Management: The What, Why, and How"

"This article discusses the importance of implementing a uniform and scalable log management platform for network and storage systems across your organization to address security, compliance and operational issues."

New Paper "Five basic mistakes of security policy"

Here is a new paper I wrote for ComputerWorld called 'Five basic mistakes of security policy." The actual mistakes are:

1. Not having a policy

2. Not updating the security policy

3. Not tracking compliance with the security policy

4. Having a "tech only" policy

5. Having a policy that is large and unwieldy

Indeed, the stuff is pretty basic, but that is exactly the intention.

SANS Security Laboratory Thought Leadership Interview

Here is a fun interview with me at SANS site. I share a bunch of thoughts on logging and log management. For example, what is my #1 logging pet peeve, what's the #1 logging mistake, will we ever see log standards, why are we looking at an increase in the number of log types we need to look at, etc.

It starts like this: "Dr. Anton Chuvakin from LogLogic has agreed to be interviewed by the Security Laboratory and we certainly thank him for his time! He is probably the number one authority on system logging in the world, and his employer is probably the leading vendor for logging, so we appreciate this opportunity to share in his insights."