
Anton on Security
144 FOLLOWERS
Anton on Security is your go-to source to read informational articles and insights on security, cyber security, and more.
Anton on Security
1w ago
Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of their operations (IF event_type=exploit FOLLOWED BY event_type=config_change ON the same machine THEN alert).
Another choice was to write simple atomic rules on obviously bad single events (IF event_type = logs_deleted THEN alert). Detections involved the patterns we observed (rarely, but we did have honeypots an ..read more
Anton on Security
2w ago
[written together with Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud; originally posted here]
In 2024, we shared our insights on how to approach generative AI securely by exploring the fundamentals of this innovative technology, delving into key security terms, and examining the essential policies needed for AI governance. We also discussed Google Cloud’s approach to AI security and shared helpful resources like the Secure AI Framework (SAIF).
In addition to publishing blogs and papers, our Cloud Security Podcast by Google episodes have featured experts discus ..read more
Anton on Security
3w ago
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10).
My favorite quotes from the report follow below:
“Nearly half (46.4%) of the observed security alerts were due to overprivileged service accounts. ” [A.C. — using new data on cloud detections, we confirmed an old hypothesis: if you overprovision, you suffer. Very cause->effect: overprovisi ..read more
Anton on Security
1M ago
image by Meta.AI lampooning humanless SOC
My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans Out Of Security Operations”). But I wanted to write a funny companion to this called “How to Talk to Idiots Who Believe in ‘Humanless SOC’.” Here it is, but it is definitely a rant and not technical guidance, mind you.
I think most of us will encounter people who believe that a Security Operations Center (SO ..read more
Anton on Security
1M ago
After a long, long, long writing effort … eh … break, we are ready with our 5th Deloitte and Google Cloud Future of the SOC paper “Future of SOC: Transform the ‘How’.”
As a reminder (and I promise you do need it; it has been years…), the previous 4 papers are:
“New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)” [please consider rereading this before reading the new one!]
“New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)”
“New Paper: “Future of the SOC: SOC People — Sk ..read more
Anton on Security
2M ago
Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe).
Meta AI creation, steampunk theme
Top 10 posts with the most lifetime views (excluding paper announcement blogs):
Security Correlation Then and Now: A Sad Truth About SIEM
Can We Have “Detection as Code”?
Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
Revisiting the Visibility Triad for 2020 (update for 2024 is coming soon BTW!)
Beware: Clown-grade ..read more
Anton on Security
2M ago
https://cloud.withgoogle.com/cloudsecurity/podcast/
A few weeks ago, our podcast turned 200! In this case, we are talking about episodes, not years. We (that is, Tim Peacock and myself) definitely feel like we have to say something humorous, pithy, and uniquely insightful about this!
Contrary to our previous commemorative blogs, we decided to focus on our favorite episodes. We’ve always published the top rankings and tops by category, and you can see our most popular episodes below, but we also wanted to cover our informal favorites. Both Tim and I have picked the episodes without looking ..read more
Anton on Security
3M ago
Mention “alert fatigue” to a SOC analyst. They would immediately recognize what you are talking about. Now, take your time machine to 2002. Find a SOC analyst (much fewer of those around, to be sure, but there are some!) and ask him about alert fatigue — he would definitely understand what the concern is.
Now, crank up your time machine all the way to 11 and fly to the 1970s where you can talk to some of the original NOC analysts. Say the words “alert fatigue” and it is very likely you will see nods and agreement about this topic.
So the most interesting part is that this problem has ..read more
Anton on Security
4M ago
Many organizations are looking for trusted advisors, and this applies to our beloved domain of cyber/information security. If you look at LinkedIn, many consultants present themselves as trusted advisors to CISOs or their teams.
Untrusted Advisor by Dall-E via Copilot
This perhaps implies that nobody wants to hire an untrusted advisor. But if you think about it, modern LLM-powered chatbots and other GenAI applications are essentially untrusted advisors (RAG and fine-tuning notwithstanding).
Let’s think about the use cases where using an untrusted security advisor is quite effective a ..read more
Anton on Security
5M ago
So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs. Because tote leadership!
This is not one of those, promise! Why not? Because our new paper helps answer two real — and really hard — questions:
#1 Based on the experience of others, what does a ..read more