One More Time on SIEM Telemetry / Log Sources …
One More Time on SIEM Telemetry / Log Sources …(cross posted from Dark Reading, and inspired by a previous version of this blog)Cyberpunk IT telemetry via Dall-EFor years, organizations deploying Security Information and Event Management ...
WhatDR or What Detection Domain Needs Its Own Tools?
Pondering ?DRThis is the blog where I really (briefly) miss my analyst life and my “awesome+” peers like Augusto and Anna. It relies on ideas and comments from my past collaborators … and my ...
Blueprint for Threat Intel to Detection Flow (Part 7)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#7 in the series), we will cover more details on the ...
Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report (full version) that we just released (the official blog for ...
Migrate Off That Old SIEM Already!
This is cross-posted from Google Cloud Community site, and written jointly with Dave Herrald.If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems ...
New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)
New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)After a long, long, long writing effort break, we are ready with our 4th Deloitte / Google Future of ...
We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections
So, we (Tim and Anton, the crew behind the podcast) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years ...
WTH is Modern SOC, Part 1
In recent weeks, coincidentally, I’ve had several conversations that reminded me about the confusion related to “modern SOC.” Some of them were public (example and example), while others private. One particular person ...
Cooking Intelligent Detections from Threat Intelligence (Part 6)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#6 in the series), we will covers some DOs and DON’Ts ...
Decoupled SIEM: Brilliant or Stupid?
Frankly, not sure why I am writing this, I get a sense that this esoteric topic is of interest to a very small number of people. But hey … LinkedIn made me do ...
