Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. We also don’t touch on responsible AI and AI ethics because frankly there are many (and I mean … MANY!) experts on this here and they’re not us. However, we do cover the challenges and problems real organizations are starting to face today in their AI projects. Below is my curated list of favorites with quick explanations ..read more

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This blog involved one more anonymous contributor. In this blog (#8 in the series), we will take a fairly shallow look at testing in detection engineering (a deep look probably will require a book). Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (Pa ..read more

Absolutely abysmal image with garbled text by Dall-E :-) The idiots from Medium have removed the overall stats screen from their sad excuse for UX, and claimed this is “temporary.” Very much the same meaning as “temporary emergency measure” in Soviet history, ha! It has been many, many months without stats (since Aug 2023, if you are curious). Anyhow, this has disrupted the cadence of my Security Blog Quarterly blog of popular stories. Now I decided to do it anyway based on their stupid “claps” ranking. So, here is my next one. The posts below are ranked by claps (yuck!). This covers ..read more

One More Time on SIEM Telemetry / Log Sources … (cross posted from Dark Reading, and inspired by a previous version of this blog) Cyberpunk IT telemetry via Dall-E For years, organizations deploying Security Information and Event Management (SIEM) or similar tools have struggled with deciding what data to collect inside their security operation platforms. So the dreaded question — “what data sources to integrate into my SIEM first?” lives on. How to approach answering this? First, using “output-driven SIEM” — the best answer to this question — covers it: SIEM collection dep ..read more

Pondering ?DR This is the blog where I really (briefly) miss my analyst life and my “awesome+” peers like Augusto and Anna. It relies on ideas and comments from my past collaborators … and my current ones. And, yes, this blog was inspired by a hallways conversation at a conference that took place more than a year ago :-( So, the question: When and where do you need “<domain>DR” tool for its own technology domain? Bear with me for a moment as we ponder this mystery. Everybody knows EDR, some know NDR, a few ramble about XDR. We also have ITDR emerging (IMHO, ITDR is a ..read more

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#7 in the series), we will cover more details on the TI to detectin flow, and stop (for Part 8) at testing. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (Part 4) Frameworks for DE-Friendly CTI (Part 5) Cooking Intelligent Detections ..read more

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7 and #8). My favorite quotes from the report follow below: “Credential abuse resulting in cryptomining remains a persistent issue, with threat actors continuing to exploit weak or nonexistent passwords to gain unauthorized access to cloud instances, while some threat actors are shifting to broader threat objectiv ..read more

This is cross-posted from Google Cloud Community site, and written jointly with Dave Herrald. If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). SIEMs are used for collecting and analyzing security data from across your organization to help you identify and respond to threats quickly and effectively. But if you’re still using an outdated SIEM, you’re putting your organization at risk [A.C. — are we a bit harsh here? Frankly no! If your SIEM takes a lo ..read more

New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) After a long, long, long writing effort break, we are ready with our 4th Deloitte / Google Future of the SOC paper “Future of the SOC: Evolution or Optimization — Choose Your Path” (alternative URL) As a reminder (and I promise you do need it; it has been years), the previous 3 papers are: “New Paper: “Future of the SOC: Forces shaping modern security operations” (Paper 1 of 4)” “New Paper: “Future of the SOC: SOC People — Skills, Not Tiers” (Paper 2 of 4)” “New Paper: “Future Of ..read more

So, we (Tim and Anton, the crew behind the podcast) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. But we realized we don’t have enough new profound reflections…. We do have a few fun new things! So, what did we do differently in 2023? We started doing the LIVE VIDEO recording sessions (the latest) We have a fun new community site for discussions We also covered a lot of AI... what a NOT surprise ? Let’s go and reflect on that! So we have ..read more