Chuvakin's blog

• HP Communities - Logging: Opening Pandora's Box - Part 4 (Awareness... - Enterprise Business Community

• Announcement - McAfee Has Acquired Insightix | McAfee

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
2. “Why No Open Source SIEM, EVER?” (and this) is next – for some weird reason. I suspect a lot of people still crave a free open source SIEM tool.
3. “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.
4. “Log Management at $0 and 1hr/week?” is where a lot of companies still are, thus this post became popular again.
5. “Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm.

In addition, I’d like to draw your attention to a few posts from my Gartner blog:

Denial of Service research:

• Availability, Security and Why is DoS Fun?

Cloud security monitoring research:

• My Cloud Security Monitoring Paper Publishes!
• Cloud Security Monitoring: The “Who” Question
• Cloud Security Monitoring for IaaS, PaaS, SaaS
• More On Security Monitoring of Public Cloud Assets
• Is Cloud Secure? WTFC!
• Cloud Security Monitoring!
• Cloud Security Monitoring: IaaS Conundrum
• Cloud IS Different: So Monitoring Must Be Different?

Future SIEM analytics research:

• “Big Analytics” for Security: A Harbinger or An Outlier?
• Many Faces of Application Security Monitoring
• More on Application Security Monitoring

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

• Monthly Blog Round-Up – March 2012

About me: http://www.chuvakin.org

• Processor Warns of Hacking Trend - BankInfoSecurity

This is a Call for Papers (CFP) for Metricon 7.

Key stats first:

• Conference date: August 7, 2012
• CFP deadline: May 31, 2012
• Conference location: Bellevue, WA
• Cost to attend: free (but you’d need to add value to discussions).

CFP follows below and can be found at SecurityMetrics site.

Metricon 7 - Security Metrics: Useful or Bust!!

How to define, generate, and communicate security metrics you can use TODAY!

This year, Metricon 7.0 is excited to issue a call for participation to the information security community. The event will occur August 7th 2012 collocated with USENIX in Bellevue, WA.

Given that this is the 7th event, we think it is time to finally say it: security metrics MUST be useful NOW! Thus, the focus this year is on useful and usable metrics – not conceptual and theoretical stuff that sounds great, but cannot and will not be used in today’s organizations. Also, presentations and panels that talk about “How?” and “What?” will be strongly prioritized over “Why?”(and “whine”). Enterprises and tool vendors are both welcome to present! Academic researchers tacking the real-world problems are welcome as well.

We want to see:
• How you achieved “quick wins” with security metrics?
• How you define useful metrics, whether risk or operational?
• What metrics you track are the most useful?
• How did you solve a particular challenge in security metrics area?
• How your tool helps (not “can help”!) with collecting and analyzing security metric data?
• Who gets the metrics you create? How do they use them?
• What metrics you use to determine that security controls are effective?
• How organization generate actionable advice from security metrics?
• How to track that your security is improving using metrics?

We do not want:
• Uncollectable and unusable metrics
• Metrics philosophy
• Uncooked metrics that sound vaguely “interesting”

Send submissions and your ideas for panels and presentations to metricon7@securitymetrics.org

Deadline for presentation and talk submissions is May 31st, 2012. Submissions should be sent to Metricon7@securitymetrics.org.

About me: http://www.chuvakin.org

• Absurd "academic publishing racket" is past its sell-by date

• TIBCO acquires LogLogic | Cloud Pro

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people
2. “Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2”, “SANS Top 5 Essential Log Reports Update!” and their predecessor  “Top5 SANS Log Reports Update DRAFT” also show up close to the top. IF YOU WANT TO VOLUNTEER TO FINISH THIS DOCUMENT- PLEASE EMAIL ME!
3. My classic PCI DSS log review series is still on my Top 5: “Complete PCI DSS Log Review Procedures”; they are also useful for other compliance or security log review and log monitoring.
4. “On Free Log Management Tools” is a companion to the checklist below (updated version)
5. “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.

In addition, I’d like to draw your attention to a few posts from my Gartner blog:

1. “Big Analytics” for Security: A Harbinger or An Outlier?
2. Many Faces of Application Security Monitoring
3. More on Application Security Monitoring
4. Cloud Security Monitoring for IaaS, PaaS, SaaS
5. More On Security Monitoring of Public Cloud Assets
6. Is Cloud Secure? WTFC!
7. Cloud Security Monitoring!
8. Cloud Security Monitoring: IaaS Conundrum
9. Cloud IS Different: So Monitoring Must Be Different?

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

• Monthly Blog Round-Up – February 2012

About me: http://www.chuvakin.org

• Distributed Denial of Service (DDoS) Attacks/tools

• Dell buys network security company SonicWALL, adds nearly 1,000 employees

• http://m.wired.com/cloudline/2012/03/personal-cloud-2014/

As most of you know, I’ve been working on a book about logs, logging and log management for some number of years. At this point, the book is almost done, but the author team is having some minor time commitment issues (aka “less time to write than originally estimated”) ).

So, do any of my esteemed blog readers (those adept in the dark arts of log analysis) care to help and write a few chapters here and there, in exchange for (lots of) immortal fame and (admittedly small amount of) cash?

Table of contents is here – if you see any chapters you’d like to help with, please let us know. I will post a list of chapters that really need help soon.

At this point, we have PLENTY of reviewing help, but we sure can use some writing help!

About me: http://www.chuvakin.org

• Trustwave to Acquire M86 Security

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people
2. “On Free Log Management Tools” is a companion to the checklist below (updated version)
3. My classic PCI DSS log review series is last on my Top 5: “Complete PCI DSS Log Review Procedures”; they are also useful for other compliance or security log review and log monitoring.
4. “Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2”, “SANS Top 5 Essential Log Reports Update!” and their predecessor  “Top5 SANS Log Reports Update DRAFT” also show up close to the top. IF YOU WANT TO VOLUNTEER TO FINISH THIS DOCUMENT- PLEASE EMAIL ME!
5. “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.

In addition, I’d like to draw your attention to a few posts from my Gartner blog:

1. Many Faces of Application Security Monitoring
2. Cloud Security Monitoring for IaaS, PaaS, SaaS
3. More On Security Monitoring of Public Cloud Assets
4. Cloud Security Monitoring!
5. Cloud Security Monitoring: IaaS Conundrum
6. Cloud IS Different: So Monitoring Must Be Different?

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

• Monthly Blog Round-Up – January 2012

About me: http://www.chuvakin.org

Just a quick note to my readers: see you at RSA 2012 next week. I am around Monday-Thursday and even though most of my time is booked, you can probably find me near the press room at odd hours.


About me: http://www.chuvakin.org

• Juniper Networks Acquires Security Startup Mykonos Software for $80 Million in Cash
• We are losing - Liquidmatrix Security Digest | Liquidmatrix Security Digest
• The Last Friday Before the 2012 RSA Conference

• Prediction Provides Questions; Not Answers

• The Valley of Death Between IT and Security

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:

1. “On Free Log Management Tools” is a companion to the checklist below (updated version)
2. “Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people
3. “Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2”, “SANS Top 5 Essential Log Reports Update!” and their predecessor  “Top5 SANS Log Reports Update DRAFT” also show up close to the top. IF YOU WANT TO VOLUNTEER TO FINISH THIS DOCUMENT- PLEASE EMAIL ME!
4. “On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.
5. My classic PCI DSS log review series is last on my Top 5: “Complete PCI DSS Log Review Procedures.”

In addition, I’d like to draw your attention to a few posts from my Gartner blog:

1. “Cloud Security Monitoring for IaaS, PaaS, SaaS”
2. More On Security Monitoring of Public Cloud Assets
3. Cloud Security Monitoring!

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.


Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

• Monthly Blog Round-Up – December 2011

About me: http://www.chuvakin.org