This blog / mini-paper is written jointly with Oliver Rochford.
I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM — What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars, we got a lot of great questions that I feel…
What are you not detecting?
OK, what threats are you NOT detecting?
Still didn’t help?
What I mean here is: are you thinking about these:
I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed later. The debate focused on the role of context in threat detection.
While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me…
A lot of people ask me how Chronicle is doing inside Google Cloud (TLDR: doing well), and I wanted to share some good news. I also wanted to reveal some of our lessons building our threat detection capabilities (that we just released).
One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging…
For some time, I’ve been also fascinated with the concept of detection-in- depth and a somewhat related concept of optimal detection coverage.
This fascination was born out of a particular type of analyst inquiry I used to get: if…
Let me ask you this: do smaller businesses (say, SMBs) get more security vendor lies than large enterprises? My past analyst experience certainly seems to suggest so. When I was an analyst, the most…