Dr. Anton Chuvakin @anton_chuvakin Twitter profile

Pinned Tweet

Dr. Anton Chuvakin

3 years

Cloud Security Podcast by Google #CloudSecPodcast #GoogleCloud #CloudSecurity Website: Google Podcasts: Apple Podcasts / iTunes: Spotify: Twitter:

17

16

83

Last Seen Profiles

@Kronsteen1963

@AusLakersFan

@DrWilliamWeir

@gt7_online_jp

@yegwave

@DynamicScav

@TeamViralX

@CoteBrest

@Gpraksh07

@gravitystrikcs

@samyterio

@glosserafim

@unapolygetic

@onlyfanspromos9

@gizeminharemi

@himemoriluna

@HUMAX_YOKOSUKA

@menecio9

@isagen7

@Kaydops

@ImMizBiz

@j5solidasf

@iamcamronrich

@Iyceum

@tareknazem

@miko_orams

@gushamilton

@yingexing

@Molchanov_OV

@MyraFoxy

@cornhill5

@TSwanyIRL

@PeterZeihan

@OGSlowzz

@TigerBlitzXD

@takoko_942

Dr. Anton Chuvakin

@anton_chuvakin

5 years

I am happy to announce that today I join @chroniclesec , the most exciting security start-up that I've ever seen, and the one with (in my opinion) the highest chance of actually changing the world of security. Let the journey begin, again...

67

43

502

Dr. Anton Chuvakin

@anton_chuvakin

2 months

Somebody cynically pointed out to me that some orgs have literally millions to pay ransom but cannot find any money for security. (1/3)

31

57

422

Dr. Anton Chuvakin

@anton_chuvakin

4 years

Name your favorite security advice that is correct in theory but practically not done or not even doable? "Encrypt everything", "patch fast", "classify all your data", "know your environment well", etc. #fun

210

91

385

Dr. Anton Chuvakin

@anton_chuvakin

3 years

#SIEM is too hard. #SOAR is too hard. #EDR is too hard. Now, if you combine them all into #XDR , now that ... that would be simple?! Duh. Obviously. Why didn't anybody think about it before? #ironic

39

70

377

Dr. Anton Chuvakin

@anton_chuvakin

3 years

During a podcast today, the concept of "blueteam 'zero day'" came up, a detection method so dramatically novel that it needs to be kept secret from the attackers. How common do you think this is? #question

74

47

357

Dr. Anton Chuvakin

@anton_chuvakin

2 years

So, anybody care to share their favorite resources on #SOC metrics? I am doing a post related to this and wanted to drop a list of everybody's fave links on measuring SOC performance (yes, including mine too) #request

48

52

311

Dr. Anton Chuvakin

@anton_chuvakin

2 years

First-ever @Google Cybersecurity Action Team threat report Threat Horizons is out!!!

Coin mining, ransomware, APTs target cloud: GCAT report | Google Cloud Blog

The first threat report from the Google Cybersecurity Action Team finds cloud users are often targeted by illicit coin mining, ransomware, and APTs.

cloud.google.com

4

77

283

Dr. Anton Chuvakin

@anton_chuvakin

2 years

So, today I joined @GooglelCloud Office of the CISO, a part of the organization led by @philvenables - and I am really really really really excited about it! Fun fact: this is the first time in my security career I actually report up to a #CISO :-)

46

4

284

Dr. Anton Chuvakin

@anton_chuvakin

2 years

@MITREattack just released Top ATT&CK Techniques, a new resource for prioritizing what to defend against first:

Where to begin? Prioritizing ATT&CK Techniques

Written by Mike Cunningham, Alexia Crumpton, Jon Baker, and Ingrid Skoog.

medium.com

1

106

276

Dr. Anton Chuvakin

@anton_chuvakin

1 year

I love detection engineering, I think it is awesome and hugely needed, and its the future and all that. But I have no idea how to talk about it to a team of 1 (ONE) running a SIEM ...

32

15

256

Dr. Anton Chuvakin

@anton_chuvakin

3 years

"New Paper: “Future of the SOC: SOC People — Skills, Not Tiers" <- a new #SOC paper that we long promised; focus on the people side of SOC

New Paper: “Future of the SOC: SOC People — Skills, Not Tiers”

Back in August, we released our first Google/Chronicle — Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces…

medium.com

3

56

243

Dr. Anton Chuvakin

@anton_chuvakin

3 years

Seriously, if you are asking for "MITRE ATT&CK *compliance*", you are ****REALLY**** not approaching threat detection right. Like seriously WTF? :-) #random

28

22

242

Dr. Anton Chuvakin

@anton_chuvakin

4 years

"Security Correlation Then and Now: A Sad Truth About #SIEM " <- a result of a few months of my soul searching and data gathering :-)

Security Correlation Then and Now: A Sad Truth About SIEM

We all know David Bianco Pyramid of Pain, a classic from 2013. The focus of this famous visual is on indicators that you “latch onto” in…

medium.com

19

76

194

Dr. Anton Chuvakin

@anton_chuvakin

3 years

Do you agree that everybody who pushes his detection logic to have ZERO "false positives" at all costs will eventually reinvent 1990s signature anti-virus? #question

39

12

173

Dr. Anton Chuvakin

@anton_chuvakin

3 years

I used to really hate when people confused threats and vulnerabilities, and frankly, I still do :-) However, I think I found a new, more intense subject: it's when people confuse privacy and security and use them synonymously...

17

28

165

Dr. Anton Chuvakin

@anton_chuvakin

19 days

OK, so a weird one. Imagine you inherited a production public cloud environment built and deployed by somebody with total lack of security clue. Like they can't even spell "IAM" or smth. Now it is your job to secure it. What is the #1 thing you do? #fun #random #CloudSecurity

149

22

163

Dr. Anton Chuvakin

@anton_chuvakin

8 months

"Detection Engineering and SOC Scalability Challenges (Part 2)" <- our detection engineering series continue

3

39

158

Dr. Anton Chuvakin

@anton_chuvakin

4 months

I promised some of you a video of my latest (new!) talk about #SOC and the choices to modernize (or not), here it is: (originally aired at )

Security Talks December 2023

Google Cloud Security Talks is designed to explore how you can transform your cybersecurity with frontline intelligence, expertise and AI-powered cloud innovation.

cloudonair.withgoogle.com

4

31

153

Dr. Anton Chuvakin

@anton_chuvakin

5 years

Yes, you've heard right! My last day at @Gartner_inc is TOMORROW Amazing 8 years come to an end.

45

8

148

Dr. Anton Chuvakin

@anton_chuvakin

6 years

I was finally told not to say "fuck" on my work blog. I hereby report that all fucks have been edited out and the new ones will not be given #AchievementUnlocked :-)

16

1

145

Dr. Anton Chuvakin

@anton_chuvakin

8 months

"Detection Engineering is Painful — and It Shouldn’t Be (Part 1)" <- a new co-authored series on detection engineering.

Detection Engineering is Painful — and It Shouldn’t Be (Part 1)

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous…

medium.com

3

28

138

Dr. Anton Chuvakin

@anton_chuvakin

3 years

So, it turns out that because somebody coined the acronym "DevSecOps", now there are clowns who assume that "DevSecOps" includes security operations (like SOC, etc), because the silly word DevSecOps includes SecOps. WTH and perhaps even WTAF...

29

16

136

Dr. Anton Chuvakin

@anton_chuvakin

5 years

@mattblaze He can report you to the central blockchain authority... Oh... Wait...:-)

1

2

129

Dr. Anton Chuvakin

@anton_chuvakin

5 years

Another bit from the shocking but not surprising box: vendor relabels 'made in china' hardware with 'made in the us' labels to sell to USG

Fortinet negotiates $545,000 settlement for selling Chinese-made tech to U.S. government

Federal investigators say an unnamed Fortinet employee directed his or her underlings to change the company’s labels to suggest that Fortinet’s products were “designed” or “assembled” in the U.S.

www.bizjournals.com

8

92

129

Dr. Anton Chuvakin

@anton_chuvakin

5 years

"Our IT refuses to patch because **WHAT IF THAT PATCH INTRODUCES A NEW VULNERABILITY**" #overheard

21

29

125

Dr. Anton Chuvakin

@anton_chuvakin

1 year

OK, don't hate me, but let me ask this: the 1st #CSPM vendor (to secure cloud configs) was born in 2012-2013. Today is 2023. 10 years of working on cloud misconfigurations for security. WHY ARE THEY STILL A THING? WHY ARE THEY STILL THE MAIN THING? WTAF?

58

18

123

Dr. Anton Chuvakin

@anton_chuvakin

2 years

"Left of #SIEM ? Right of SIEM? Get It Right!" <- this post explores the ever-fun topic of SIEM success with some [hopefully] new-ish approaches :-)

2

35

122

Dr. Anton Chuvakin

@anton_chuvakin

4 years

#overheard "We have DevSecOps here!" -- "What does it mean, actually?" -- "Well, developers do whatever they want, while security guys bitch about everything..."

10

26

121

Dr. Anton Chuvakin

@anton_chuvakin

2 years

New Paper: “Future Of The #SOC : Process Consistency and Creativity: a Delicate Balance” <- here is the 3rd, much delayed BUT VERY FUN SOC paper from our work with Deloitte

0

42

120

Dr. Anton Chuvakin

@anton_chuvakin

7 years

Frankly, SECURITY AUTOMATION is not about "do security without people", but about allowing your people to DO MORE. #random

12

88

118

Dr. Anton Chuvakin

@anton_chuvakin

3 years

So I embarked on a journey to create a framework to judge the quality of detections, but for now ended up with this incomplete thought blog: Like, sorry, whatever :-)

How to Make Threat Detection Better?

I keep coming to the same topic over and over — why are we still bad at detecting threats?

medium.com

13

25

121

Dr. Anton Chuvakin

@anton_chuvakin

4 months

Which log sources / data sources flowing into your #SIEM (or equivalent!) you would call HUGELY critical today yet you did not have 5 years ago? #question

28

27

119

Dr. Anton Chuvakin

@anton_chuvakin

6 years

"Gartner research again and again confirms that one cannot outsource planning or accountability for detection and response. Indeed, you can use services for almost everything, but planning (and adapting the plan as things change) requires internal resources. " (src: future paper)

3

51

117

Dr. Anton Chuvakin

@anton_chuvakin

3 years

This is actually a great post for those who whine that "ZT is just a marketing buzzword." Because, NO, here is ain't :-)

Applying zero trust to user access and production services | Google Cloud Blog

How Google applies Zero Trust concepts to secure end-user access and running production systems at scale.

cloud.google.com

12

22

116

Dr. Anton Chuvakin

@anton_chuvakin

4 years

"Why is Threat Detection Hard?" <- following a discussion here, updated with new ideas (just in time for #cybersecurityawarenessmonth )

Why is Threat Detection Hard?

While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so…

medium.com

6

46

114

Dr. Anton Chuvakin

@anton_chuvakin

3 months

Our #SIEM migration blog really hit the spot, it seems. What *BLAZING HOT* #SIEM topic should we handle next? We do have a candidate in mind, but wanted to ask here too.. P.S. Friends don't let friends say "XDR" :-)

Migrate Off That Old SIEM Already!

This is cross-posted from Google Cloud Community site, and written jointly with Dave Herrald.

medium.com

5

28

112

Dr. Anton Chuvakin

@anton_chuvakin

1 month

You probably also met some people who do #SIEM like this... #random

10

15

108

Dr. Anton Chuvakin

@anton_chuvakin

2 months

People who want to automate their security ops / #SOC yet hate a #SOAR (and, it goes without saying, hate DIY even more).... any advice for them? Please not "SOAR 2.0" or our "not SOAR tool" ... this would still be recommending SOAR :-)

47

12

108

Dr. Anton Chuvakin

@anton_chuvakin

3 years

"If you see pentesters always get in, why are you surprised you cannot defeat ransomware?" #random

4

17

101

Dr. Anton Chuvakin

@anton_chuvakin

2 years

" #SOC is Not Dead Yet It May Be Reborn As Security Operations Center of Excellence" <- took much longer and came out a lot rantier, but here is is. cc @beaker :-)

SOC is Not Dead Yet It May Be Reborn As Security Operations Center of Excellence

For many years, security practitioners imagined a security operations center (SOC) as a big room, full of expensive monitors and chairs. In…

medium.com

7

35

103

Dr. Anton Chuvakin

@anton_chuvakin

1 year

Do you want to read a relatively fun blog about #SIEM ? Probably not, but here it is anyway: :-)

Debating SIEM in 2023, Part 1

Hey, it is 2023, let’s debate SIEM again!

medium.com

7

21

102

Dr. Anton Chuvakin

@anton_chuvakin

5 months

"Cooking Intelligent Detections from Threat Intelligence (Part 6)" <- our detection engineering series continue and we started to dive into more useful details of TI to DE interactions

Cooking Intelligent Detections from Threat Intelligence (Part 6)

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous…

medium.com

1

35

100

Dr. Anton Chuvakin

@anton_chuvakin

5 months

People on X: "you guys move too slow on AI. the other guy is faster" People from large enterprises: "cloud? how do we adopt this and deal with this?" People from (some) SMBs: "security is not our core business, who would want to hack us?" Everybody lives in different decades.

7

18

100

Dr. Anton Chuvakin

@anton_chuvakin

7 months

"Focus Threat Intel Capabilities at Detection Engineering (Part 4)" <- our series on detection engineering (DE) continue with Part 4 that looks at the intel flows from CTI/TI to DE.

0

32

97

Dr. Anton Chuvakin

@anton_chuvakin

5 years

"Rule Based Detection?" <- a bit of a rant on #detection approaches, warning: may contain thinking! :-)

11

48

90

Dr. Anton Chuvakin

@anton_chuvakin

4 years

@varcharr A local cloud instance

3

1

93

Dr. Anton Chuvakin

@anton_chuvakin

6 months

Many of you say that if you take a year off cyber security, you come back useless. I have compassion for your PoV but I see a lot of organizations where 1996-2003 reign supreme. Both tech and practices.

23

10

92

Dr. Anton Chuvakin

@anton_chuvakin

4 years

As promised, here are some fun blogs on our detection approach and YARA-L we just launched: Part 1 Part 2 Part 3

Chronicle Road to Detection: YARA-L Language — Part 3 of 3

Note: this blog series now exists in a cleaned-up full whitepaper form at https://hubs.ly/H0pvD_30

medium.com

9

34

91

Dr. Anton Chuvakin

@anton_chuvakin

4 years

Psychoanalyze this: I am annoyed when security controls are discussed without any mention of or regard for threats, threat actors, threat scenarios, etc. Am I normal? :-)

36

9

92

Dr. Anton Chuvakin

@anton_chuvakin

4 years

First time ever at #RSAC : a vendor basically refused to talk to me upon seeing my Press badge. "We are told not to talk to press." Much wow.

23

2

88

Dr. Anton Chuvakin

@anton_chuvakin

5 years

"Two in five 'AI startups' essentially have no AI, mega-survey of nearly 3,000 upstarts finds" <- say #AI then hilarity ensues :-)

Two in five 'AI startups' essentially have no AI, mega-survey of nearly 3,000 upstarts finds

One pint of beer please, Mr Barman. I am 18 today, honest!

www.theregister.com

10

42

87

Dr. Anton Chuvakin

@anton_chuvakin

2 months

However, here is a weird one: *during* the ransom situation, ransom spend is seen by their bosses as a "hard must" while a security spend is not going to help you at all *at that time.* Security spend was needed years before. So they pay. How do we solve this one? (3/3/)

24

3

91

Dr. Anton Chuvakin

@anton_chuvakin

5 years

So how do we explain the trend that more organizations choose to pay ransomware ransoms? Criminals seen as better value than security vendors? :-)

36

17

86

Dr. Anton Chuvakin

@anton_chuvakin

6 years

Org: “HELP! My SIEM deployment failed! We hear #SIEM is old/dead tech ...” Analyst: “Well, have you tried using it!?” Org: “Say what? I installed it, isn’t it enough?” #random #totallyfake #madeup #artificial #nottrue #nope

9

24

86

Dr. Anton Chuvakin

@anton_chuvakin

25 days

Defense in depth won't save you if you are prone to mistakes as a pattern. If you screw up auth, exposed a VM to the internet, I bet you also screw up other things. (1/2)

7

17

86

Dr. Anton Chuvakin

@anton_chuvakin

7 months

"Build for Detection Engineering, and Alerting Will Improve (Part 3)" <- our detection engineering series continue, some usable ideas emerge :-)

Build for Detection Engineering, and Alerting Will Improve (Part 3)

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous…

medium.com

1

24

87

Dr. Anton Chuvakin

@anton_chuvakin

3 years

"Kill #SOC Toil, Do SOC Eng" <- another fun post that builds more bridges from #SRE to #SOC ... enjoy! cc @imanghanizada

2

26

81

Dr. Anton Chuvakin

@anton_chuvakin

4 months

Not sure about you, but I find this whole "don't expose those VPN appliances to the internet or they will get owned" thing hilarious...

12

6

79

Dr. Anton Chuvakin

@anton_chuvakin

3 years

Those saying it, have you literally never heard of defense in depth?! Security architecture?! Sounds like security thinking regressed back 20 years here... (3/3) #Frustrated

12

6

80

Dr. Anton Chuvakin

@anton_chuvakin

6 years

Sorry, $VENDOR, but "if you cannot explain your technology to an analyst, your prospect or your client won't get it either" is pretty much a universal law....

1

16

81

Dr. Anton Chuvakin

@anton_chuvakin

3 years

One thing I hate (HATE!) is people building subpar security products and then, when caught, saying "but it is for clients who have nothing better" or "but people just want this for compliance." Frankly, this MAYBE (a generous "maybe") was OK in 2009, but 2021? NO! #random

12

9

82

Dr. Anton Chuvakin

@anton_chuvakin

3 years

"Role of Context in Threat Detection" <- a bit ranty, but hopefully fun and useful post on threat detection.

Role of Context in Threat Detection

I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed…

medium.com

6

27

79

Dr. Anton Chuvakin

@anton_chuvakin

3 years

I always feel funny when people ask for "technical solutions for ransomware." Last I checked, ransomware is malware. (1/n)

10

12

78

Dr. Anton Chuvakin

@anton_chuvakin

7 months

Detection Engineering is Painful — and It Shouldn’t Be (Part 1) [Medium Backup]

4

20

79

Dr. Anton Chuvakin

@anton_chuvakin

2 years

I am having a "mind blown" moment having met somebody with this view of detection engineering ->

24

14

79

Dr. Anton Chuvakin

@anton_chuvakin

1 year

Yes, I still see people who equate "defense in depth" with "using two firewalls of two different brands in series." YES, THEY STILL EXIST, these people. #random

15

18

78

Dr. Anton Chuvakin

@anton_chuvakin

3 years

"What a threat actor looks like in a well-designed zero trust environment"

3

13

75

Dr. Anton Chuvakin

@anton_chuvakin

3 years

How can #XDR be the future of #SOC if XDR builds on #EDR that relies on agents BUT most agree that future is containers/serverless/microservices? #DevilsAdvocateQuestion (cc @aabelak )

25

5

78

Dr. Anton Chuvakin

@anton_chuvakin

6 months

We may win the worst blog post title contest, but our Part 5 of detection engineering series is here: "Frameworks for DE-Friendly CTI (Part 5)" (we promise it is a fun read!)

Frameworks for DE-Friendly CTI (Part 5)

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous…

medium.com

0

22

77

Dr. Anton Chuvakin

@anton_chuvakin

5 years

That post I promised on log retention (this proves that it was not some kind of sad joke, BTW :-))

Retaining Logs For A Year: Boring or Useful?

Let’s start from the boring subject of log retention … and then evolve to some exciting topics like perhaps hunting (promise!). Our old…

medium.com

6

27

76

Dr. Anton Chuvakin

@anton_chuvakin

2 months

Some org: "We want to use AI to solve this hard security problem X" Also, SAME org: "What's event correlation? How do we enable it in our SIEM?" #facepalm #overheard

13

4

74

Dr. Anton Chuvakin

@anton_chuvakin

1 year

We need a scale to measure "Clown Risk" next week. The definition (of course, I'd have it!) is a variable to measure the ridiculousness of some security marketing messages at #RSAC . I'd say "zero click zero trust in minutes" would be a 10.

16

9

75

Dr. Anton Chuvakin

@anton_chuvakin

9 months

"Goals are for people who care about winning once. Systems are for people who care about winning repeatedly." - @JamesClear

1

22

74

Dr. Anton Chuvakin

@anton_chuvakin

4 months

Years of work (well, months of work, a year of slacking) finally delivered: "New Paper: “Future of the #SOC : Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)"

New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)

After a long, long, long writing effort break, we are ready with our 4th Deloitte / Google Future of the SOC paper “Future of the SOC…

medium.com

4

14

74

Dr. Anton Chuvakin

@anton_chuvakin

5 years

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence <- a fun read

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence

Where is your distributed ledger technology now?

www.theregister.com

5

38

67

Dr. Anton Chuvakin

@anton_chuvakin

5 years

On Monday I will rejoin the ranks of people who commute to work. After not doing this for 10 years. Can I have some compassion, please? No?! Yeah, I thought so.. #random

17

1

73

Dr. Anton Chuvakin

@anton_chuvakin

5 years

People who try to hunt before they try to detect (via rules and such) are like people who want to driver a Ferrari before they can walk ;-)

6

13

70

Dr. Anton Chuvakin

@anton_chuvakin

5 years

ML for security is easy, BUT ML for security that works reliably in real life and does not create bigger problems that it solves - very hard. #random

6

15

72

Dr. Anton Chuvakin

@anton_chuvakin

6 years

Important: How to Impress / Annoy an Analyst During a Vendor Briefing? Best / Worst Tips Here!

7

16

69

Dr. Anton Chuvakin

@anton_chuvakin

4 years

I am very sad about people who think that "hunting is cool, while detection engineering is boring"... #random

8

7

69

Dr. Anton Chuvakin

@anton_chuvakin

2 years

On Jan 20, 2022, I plan to release a new blog that *briefly* summarizes my 20 years with #SIEM . On that day in 2002, I joined my first #SIEM vendor as "security research analyst." YOU WON'T BELIEVE WHAT HAPPENED NEXT :-)

11

2

71

Dr. Anton Chuvakin

@anton_chuvakin

4 years

Another somewhat "ranty" threat detection post:

3

11

70

Dr. Anton Chuvakin

@anton_chuvakin

3 years

2012: Look, I can build a circa 2003 SIEM using Hadoop. 2021: Look, I can build a circa 2003 SIEM using Snowflake.

6

71

Dr. Anton Chuvakin

@anton_chuvakin

4 years

"Don’t write to sound smart. Write to be useful. If you’re useful over a long time period, you will end up looking smart anyway." – @JamesClear

4

14

70

Dr. Anton Chuvakin

@anton_chuvakin

3 years

You guys may be a bit surprised, but I am launching a podcast... Details coming later today ;-)

5

70

Dr. Anton Chuvakin

@anton_chuvakin

2 months

"One More Time on #SIEM Telemetry / Log Sources … " <- ok so this has a boring title, but it has some useful info, I promise -)

One More Time on SIEM Telemetry / Log Sources …

(cross posted from Dark Reading, and inspired by a previous version of this blog)

medium.com

0

25

69

Dr. Anton Chuvakin

@anton_chuvakin

8 months

Why isn't anybody asking The Important Question: what will happen with all the black splunk t-shirts now? Are they not valid anymore? :-)

20

5

69

Dr. Anton Chuvakin

@anton_chuvakin

6 years

@swardley I use the same logic to offer $5k pentests: for $5k, without any testing I can tell you that you can be hacked and have lots of holes. Generally, 99.99% accuracy rate :-)

3

8

66

Dr. Anton Chuvakin

@anton_chuvakin

3 years

Got any juicy examples where following regulatory compliance measurably INCREASED security risk? #FridayFunQuestion

40

14

66

Dr. Anton Chuvakin

@anton_chuvakin

6 years

The "How To Build a SOC" Paper Update is OUT! - Augusto Barros <- our 2018 #SOC paper update is out!

0

27

65

Dr. Anton Chuvakin

@anton_chuvakin

1 year

#overheard "clownsourcing = delegating the task to somebody without any perceived ability to complete it, hilarity ensues."

6

14

66

Dr. Anton Chuvakin

@anton_chuvakin

5 years

"In vendor marketing, I always look for null value words (like “holistic” and “heuristic”) and substitute the real meaning (“non-existent” and “undocumented”)" [attributed to @john_pescatore ] #random

10

7

64

Dr. Anton Chuvakin

@anton_chuvakin

2 years

Probably my most "incomplete thought" blog in recent years:

How to Measure Threat Detection Quality for an Organization?

Sometimes I write blog posts with answers. In other cases, I write blog posts with questions. This particular blog post covers a topic…

medium.com

12

14

66

Dr. Anton Chuvakin

@anton_chuvakin

2 years

"As a defender, I am more scared about the uncontrollable growth of assets then about the growth of threats" -- [ well, frankly, this is a self-quote, but I catch myself using this a lot these days] :-)

3

10

65

Dr. Anton Chuvakin

@anton_chuvakin

4 years

I now find it funny that we never solved the data access governance problem for a older, simpler world of the 1990s data centers, and now we have to solve it for the world of multi/hybrid cloud, SaaS, WFH, IoT, GDPR, data sovereignty :-) I predict much hilarity will ensue...

11

12

64

Dr. Anton Chuvakin

@anton_chuvakin

1 year

" @Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!" <- fun new cloud threat report from us!

0

25

64

Dr. Anton Chuvakin

@anton_chuvakin

3 years

I've never been an AppSec expert and I never even played one on TV, so here is a question: do real application security people tell developers to "shift left" for security or is this marketing BS? #question

60

8

64

Dr. Anton Chuvakin

@anton_chuvakin

4 years

Which security vendor (IF ANY) you'd trust as a source for information on REAL top-tier threat actors? #question

68

10

62

Dr. Anton Chuvakin

@anton_chuvakin

5 years

So, do you all have favorite lists of "what to search for in sysmon data", like your favorite detection or hunt queries? For some reason, I feel like building an aggregate set and having fun with it ... #question

15

64