Back in my analyst years, I rather liked the concept of NDR or Network Detection and Response. And, despite having invented the acronym EDR, I was raised on with NSM and tcpdump way before that. Hence, even though we may still live in an endpoint security era, the need for network data analysis has not vanished.
As we discussed during this recent webinar, this is not about competing with endpoint or endlessly arguing about what security telemetry is “better.” This is about reminding the security leaders and technologists that network telemetry matters today! …
What are you not detecting?
OK, what threats are you NOT detecting?
Still didn’t help?
What I mean here is: are you thinking about these:
One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate.
(source, date: 2012)
Before we go, we need to separate the SIEM tool operation difficulties from the SIEM mission difficulties. To remind, the mission that the SIEM is aimed at is very difficult in today’s environments. The mission also evolved a lot…
Sometimes great old blog posts are hard to find (especially on Medium…), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.
Top 3 most popular posts of all times (same posts as last time, all happen to be on security operations):
For a reason that shall remain nameless, I’ve run this quick poll focused on the use cases for threat intelligence in 2021. The question and the results are below.
While running this poll my fear was that the detection use case will win. Namely, people naively dropping lots of threat intel feeds into a SIEM (or EDR or NDR or … a firewall?) and then hoping for the best. I am happy to report this did not win. …
This is a quick “let’s think about it together” post focused on the future of cloud security.
Our logical starting point is: “Through 2025, 99% of cloud security failures will be the customer’s fault.” (source: Gartner) My experience in my analyst days and perhaps today mostly confirms it. I’d say that “it feels right.” So, let’s agree that it describes today’s reality correctly.
Next point: now that we agree that this model describes reality in a useful manner, may I suggest that it indicates a problem. In other words, this means something needs to be changed or fixed. Why? …
This is about the Security Operations Center (SOC). And automation. And of course SOC automation.
Let’s start from a dead-obvious point: you cannot and should not automate away all people from your SOC today. Or, as my esteemed colleague said, “Stop Trying To Take Humans Out Of Security Operations.”
Despite this point being dead-obvious today, I want to present a few arguments to further support it — it will be clear why in the end…
We need humans because the attackers are humans with their own creativity, irrationality, weirdness, etc. As one vendor once said, “you have an adversary problem…
Those who follow me on social media already knows this, but we have launched THE Cloud Security Podcast.
The whole story from our GCP blog is cross-posted below:
Security continues to be top of mind for large enterprises as well as smaller organizations and businesses. Furthermore, cloud security continues to puzzle many security leaders and technologists. That is why we are excited to announce the launch of the Cloud Security Podcast by Google.
As I mentioned in Detection Coverage and Detection-in-Depth, the topic of threat detection coverage has long fascinated me. Back in my analyst days, we looked at it as a part of a security use case lifecycle process. For example, we focused on things like number and quality of alerts per SIEM use case, false/useless alert (“false positive”) numbers and ratios (to useful alerts), escalations to incident response, tuning, etc.
But what about a more comprehensive look at detection coverage inside each tool? Is there a way to assess the net threat coverage represented by the aggregate detection coverage inside each…
William Gibson said it best: “The future is already here — it’s just not evenly distributed.”
The cloud has arrived. Data security in the cloud is too often a novel problem for our customers. Well-worn paths to security are lacking. We often see…