Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):
- Security Correlation Then and Now: A Sad Truth About SIEM
- Can We Have “Detection as Code”?
- Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
- NEW Anton’s Alert Fatigue: The Study
- Revisiting the Visibility Triad for 2020 (update for 2025 is coming soon)
- Beware: Clown-grade SOCs Still Abound
- Why is Threat Detection Hard?
- A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
- Top 10 SIEM Log Sources in Real Life? [updated/modified version]
- How to Think about Threat Detection in the Cloud
Top posts with paper announcements:
- New Paper: “Future of the SOC: SOC People — Skills, Not Tiers”
- New Paper: “Future of the SOC: Forces shaping modern security operations”
- New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)
- New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5)
- New Paper: “Future of SOC: Transform the ‘How’” (Paper 5)
- New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” (the classic 2021 ASO paper!)
- New Paper: “Securing AI: Similar or Different?“ (update for 2025 coming soon!)
NEW: recent 3 fun posts, must-read:
- Anton’s Alert Fatigue: The Study (long!)
- The Return of the Baby ASO: Why SOCs Still Suck?
- 15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?
Top 7 Cloud Security Podcast by Google episodes (excluding the oldest 3!):
- EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil (our best episode! officially!)
- EP8 Zero Trust: Fast Forward from 2010 to 2021
- EP47 “Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security”
- EP17 Modern Threat Detection at Google
- EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
- EP103 Security Incident Response and Public Cloud — Exploring with Mandiant
- EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All
Now, fun posts by topic.
Security operations / detection & response:
- “Security Correlation Then and Now: A Sad Truth About SIEM”
- “Migrate Off That Old SIEM Already!” (VIDEO!)
- “Measuring the SOC: What Counts and What Doesn’t in 2025?” (Google Cloud Blog)
- “Can We Have “Detection as Code”?”
- “Revisiting the Visibility Triad for 2020”
- “Beware: Clown-grade SOCs Still Abound”
- “Why is Threat Detection Hard?”
- “A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next”
- “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…”
- “Top 10 SIEM Log Sources in Real Life?” (NEWER VERSION)
- “Debating SIEM in 2023, Part 1”
- “Debating SIEM in 2023, Part 2”
- “Log Centralization: The End Is Nigh?”
- “How to Make Threat Detection Better?”
- “SIEM Content, False Positives and Engineering (Or Not) Security”
- “Modern SecOps Masterclass: Now Available on Coursera”
(if you only read one, choose this one!)
Cloud security:
- “Using Cloud Securely — The Config Doom Question”
- “Who Does What In Cloud Threat Detection?”
- “How to Solve the Mystery of Cloud Defense in Depth?”
- “Does the World Need Cloud Detection and Response (CDR)?”
- “Use Cloud Securely? What Does This Even Mean?!”
- “How CISOs need to adapt their mental models for cloud security” [GCP blog]
- “Who Does What In Cloud Threat Detection?”
- “Cloud Migration Security Woes”
- “Move to Cloud: A Chance to Finally Transform Security?”
- “It’s a multicloud jungle out there. Here’s how your security can survive“
HGD:
- “How Google Does It: Finding, tracking, and fixing vulnerabilities” (Google Cloud blog)
- “How Google Does It: Red teaming at scale” (Google Cloud blog)
CISO, culture, FMC, etc
- “New Office of the CISO Paper: Organizing Security for Digital Transformation”
- “10 ways to make cyber-physical systems more resilient”
AI security:
- ”Our Security of AI Papers and Blogs Explained” [this has a whole lot of AI security fun links that you so want to click!]
- “Securing AI Supply Chain: Like Software, Only Not” (Google Cloud blog, 30K views…)
- “Spotlighting ‘shadow AI’: How to protect against risky AI practices” (part 1)
- “Shadow AI Strikes Back: Enterprise AI Absent Oversight in the Age of Gen AI” (part 2)
- “New Paper: “Securing AI: Similar or Different?“
- “The Prompt: What to think about when you’re thinking about securing AI”
- “Gen AI governance: 10 tips to level up your AI program”
- “AI Adoption: Learning from the Cloud’s Early Days”
- NEW: “Demystifying AI Security: New Paper on Real-World SAIF Applications”
- “To securely build AI on Google Cloud, follow these best practices”
- “Oops! 5 serious gen AI security mistakes to avoid”
- “3 new ways to use AI as your security sidekick” (Google Cloud blog)
(if you only read one, choose this one!)
NEW: fun presentations shared:
- Detection Engineering Maturity — Helping SIEMs Find Their Adulting Skills (2024)
- Future of SOC: More Security, Less Operations (2024)
- SOC Meets Cloud: What Breaks, What Changes, What to Do? (2023)
- Meet the Ghost of SecOps Future (2023)
- The Future of Log Centralization for SIEMs and DFIR — Is the End Nigh? (2023)
- 20 Years of SIEM (2022)
Enjoy!
Previous posts in this series:
- Anton’s Security Blog Quarterly Q4 2024
- Anton’s Security Blog Quarterly Q3 2024
- Anton’s Security Blog Quarterly Q2 2024
- Anton’s Security Blog Quarterly Q1 2024 Lite
- Anton’s Security Blog Quarterly Q3 2023
- Anton’s Security Blog Quarterly Q2 2023
- Anton’s Security Blog Quarterly Q1 2023
- Anton’s Security Blog Quarterly Q4 2022
- Anton’s Security Blog Quarterly Q3 2022
- Anton’s Security Blog Quarterly Q2 2022
- Anton’s Security Blog Quarterly Q1 2022
- Anton’s Security Blog Quarterly Q4 2021
- Anton’s Security Blog Quarterly Q3 2021
- Anton’s Security Blog Quarterly Q2 2021
- Anton’s Security Blog Quarterly Q1 2021
- Anton’s Security Blog Quarterly Q3.5 2020
- By Anton Chuvakin (Ex-Gartner VP Research; Head Security Google Cloud)
Original link of post is here
Comments