Quick Blogging Update

As I mentioned, due to my joining Gartner, I am not blogging on security here anymore. However, a quick announcement is in order:

Enjoy!

Comments

Post a Comment

Popular posts from this blog

Monthly Blog Round-Up – August 2018

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last month’s visitor data  (excluding other monthly or annual round-ups): “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010 – much ancient!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and that we updated for 2018 . A lot more SIEM use case discussion is coming, here is a new post for 2018 SIEM use cases. “ Simple Log Review Checklist Released! ” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “ On Free Log Management Tools ” (also aged quite a bit by now) is a companion to the checklist ( updated version ) “ Why No Open Source SIEM, EVER? ” contains some...
Read more

PCI DSS in Cloud Computing Environments–THE Training

It took many long weeks to create and now it is …. OUT!! ! Sign up here now if you are in Bay Area on July 8, 2011 . The training is being offered free by the Cloud Security Alliance ( well, we ask for $20 to offset the pizza costs ) in exchange for your feedback and participation is very limited . I would not be surprised if future production “runs” would cost its attendees 30x-50x of the above “price” since this is a full-day class focused solely on PCI DSS and cloud environments (likely 9AM-4PM with a few breaks). The initial PCI DSS Cloud  Training Class to be held in Silicon Valley on July 8, 2011 , exact location to be determined. The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios wh...
Read more

SANS 7th Log Management Survey 2011 is [Almost] OUT

Image
SANS is almost ready with their 7th Annual Log Management Survey , which would be unveiled at two SANS webcasts on April 25 and April 26 (both at 1PM EST / 10AM PST). The SANS log management survey is a useful measure of what organizations do with logs and how it changes year over year. SANS states that “organizations still want better access to their log data and better integration with third party security software and their SIEM systems and their Windows logs.” I am allowed to share a few (very few!) bits from a report, but expect full analysis from me when it officially comes out. So: Collection has dropped way down among the most challenging tasks related to logs – now categorization, reporting, analysis and other higher level tasks show up as top challenges (good news!) Alerting / detection again trumps search / investigations as far as basic log use cases are concerned (it is definitely very interesting since post-incident search requires much less tuning than alert...
Read more