RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?)
Anton on Security
by Anton Chuvakin
6d ago
RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?) Where do we have “41,000 attendees, 650 speakers, 600 exhibitors and 400 members of the media” who all care about cyber security? Ha, an easy question: RSA Conference 2024, of course! I started my post-RSA blog tradition in 2006 — most of the blogs of course didn’t age well (“NAC is cool?!? What Year is This!?!” — “Eh… that’s 2007, Anton!”) RSA 2024 Booth Photo Here is my latest (and here is our RSA 2024 recap podcast …). First, remember my bias: SecOps, cloud security a ..read more
Visit website
Reading the Mandiant M-Trends 2024
Anton on Security
by Anton Chuvakin
2w ago
This is my informal, unofficial, unapproved etc blog based on my reading of the just-released Mandiant M-Trends 2024 report (Happy 15th Birthday, M-Trends! May you live for many googley years…) Vaguely relevant AI visual with … cybernetic threats :-) “Shorter dwell times are likely driven by a larger proportion of ransomware incidents globally in 2023 (23%) versus 2022 (18%). The median dwell time for these ransomware cases dropped to 5 days compared to 9 days in the previous report.“ [A.C. — so your “detection” improved because .. the attacker helped a bit more] Att ..read more
Visit website
Baby ASO: A Minimal Viable Transformation for Your SOC
Anton on Security
by Anton Chuvakin
1M ago
Vaguely relevant but very cyber image from Dall-E One pattern I spotted after looking at the evolution of IT and security organizations over the years, including my time at Gartner is: change is hard, but transformation is harder. Perhaps it is an IT Axiom of some sort, with a Theorem I that follows: many who say they want to transform, really don’t. And Theorem II: many wish for purported results of a transformed operation, but cannot bear many (any?) of the costs. So when I hear that a certain security team or a security operations center (SOC) wants to transform to a new ..read more
Visit website
Our Security of AI Papers and Blogs Explained
Anton on Security
by Anton Chuvakin
1M ago
Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. We also don’t touch on responsible AI and AI ethics because frankly there are many (and I mean … MANY!) experts on this here and they’re not us. However, we do cover the challenges and problems real organizations are starting to face today in their AI projects. Below is my curated list of favorites with quick explanations ..read more
Visit website
Testing in Detection Engineering (Part 8)
Anton on Security
by Anton Chuvakin
1M ago
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This blog involved one more anonymous contributor. In this blog (#8 in the series), we will take a fairly shallow look at testing in detection engineering (a deep look probably will require a book). Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (Pa ..read more
Visit website
Anton’s Security Blog Quarterly Q1 2024 Lite
Anton on Security
by Anton Chuvakin
1M ago
Absolutely abysmal image with garbled text by Dall-E :-) The idiots from Medium have removed the overall stats screen from their sad excuse for UX, and claimed this is “temporary.” Very much the same meaning as “temporary emergency measure” in Soviet history, ha! It has been many, many months without stats (since Aug 2023, if you are curious). Anyhow, this has disrupted the cadence of my Security Blog Quarterly blog of popular stories. Now I decided to do it anyway based on their stupid “claps” ranking. So, here is my next one. The posts below are ranked by claps (yuck!). This covers ..read more
Visit website
One More Time on SIEM Telemetry / Log Sources …
Anton on Security
by Anton Chuvakin
1M ago
One More Time on SIEM Telemetry / Log Sources … (cross posted from Dark Reading, and inspired by a previous version of this blog) Cyberpunk IT telemetry via Dall-E For years, organizations deploying Security Information and Event Management (SIEM) or similar tools have struggled with deciding what data to collect inside their security operation platforms. So the dreaded question — “what data sources to integrate into my SIEM first?” lives on. How to approach answering this? First, using “output-driven SIEM” — the best answer to this question — covers it: SIEM collection dep ..read more
Visit website
WhatDR or What Detection Domain Needs Its Own Tools?
Anton on Security
by Anton Chuvakin
2M ago
Pondering ?DR This is the blog where I really (briefly) miss my analyst life and my “awesome+” peers like Augusto and Anna. It relies on ideas and comments from my past collaborators … and my current ones. And, yes, this blog was inspired by a hallways conversation at a conference that took place more than a year ago :-( So, the question: When and where do you need “<domain>DR” tool for its own technology domain? Bear with me for a moment as we ponder this mystery. Everybody knows EDR, some know NDR, a few ramble about XDR. We also have ITDR emerging (IMHO, ITDR is a ..read more
Visit website
Blueprint for Threat Intel to Detection Flow (Part 7)
Anton on Security
by Anton Chuvakin
3M ago
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#7 in the series), we will cover more details on the TI to detectin flow, and stop (for Part 8) at testing. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (Part 4) Frameworks for DE-Friendly CTI (Part 5) Cooking Intelligent Detections ..read more
Visit website
Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!
Anton on Security
by Anton Chuvakin
3M ago
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7 and #8). My favorite quotes from the report follow below: “Credential abuse resulting in cryptomining remains a persistent issue, with threat actors continuing to exploit weak or nonexistent passwords to gain unauthorized access to cloud instances, while some threat actors are shifting to broader threat objectiv ..read more
Visit website

Follow Anton on Security on FeedSpot

Continue with Google
Continue with Apple
OR