[SecurityRatty] tag: top5

Monthly Blog Round-Up October 2008

Mon, 10 Nov 2008 13:35:00 +0000

As we all know, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. These monthly round-ups is an attempt to remind people of useful content from the past month!

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

OF COURSE, the news of my “transition” is the item #1, by far. “Change!!!” and “Qualys” posts rule the list.
Last month I posted a bunch of my presentations on logs, security, etc on the blog. “Presentation from GOVCERT.NL 2008: Log Forensics” takes one of the tops spots; and so do “Presentation on Application Logging, Done Wrong or Very Wrong” and “Presentation on Optimizing Your Logging for Insider Attack Tracking.” BTW, all the presentations are here.
Shockingly, AGAIN this month, the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post (maybe driven by my poll). BTW, see my other logging polls and my other “top 11” lists.
SIEM bashing reached a new high (eh…“low”? :-)), now that Richard is helping too; my “11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!" is on the top list. It is both humorous and sadly true (and backed up by other sources and here.)
Somewhat predictably, PCI compliance is obviously still all the rage: MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list.

See you in November.

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

Monthly Blog Round-Up - August 2008

Thu, 04 Sep 2008 08:22:00 +0000

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

In a bizarre twist of fate (maybe driven by my latest poll), the "Top 11 Reasons to Secure and Protect Your Logs" came up as #1 most popular post in August. The analysis of said log security poll is coming up tomorrow. BTW, see my other logging polls: poll #8 that covered context data for log analysis is analyzed here and a controversial Windows Log Collection Poll (which is a poll #7) and poll #6 about logs that people actually review and poll #5 about logging challenges.
Next up is my post "Log Management - Day 1," which talks about the very first thing you do when embarking on a journey to log management.
Still burning hot is a post with my irreverent comments on a Terry Childs saga. Namely, "On Doomsaying (Terry Childs case)", "So ... Am I? Maybe I Am!" and "Admins , Good Guys or "I am NOT an Idiot!""
Somewhat predictably, PCI compliance is all the rage again with 1.2 coming out soon. So, MUST-DO Logging for PCI? post was again propelled to a place in my monthly Top5 list. It discusses the fact that there is no "easy list" of what you MUST do to comply.
Finally, my post "11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"". It is both humorous and sadly true (and backed up by other sources)

See you in September, when .... ah, come on! I will tell you later :-)

Possibly related posts / past monthly popular blog round-ups:

Technorati Tags: blog,security,loggings,monthly

Monthly Blog Round-Up - June 2008

Tue, 01 Jul 2008 07:10:00 +0000

I saw this idea of a monthly blog round-up and I liked it. In general, blogs are a bit "stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they see today. This is what is driving an idiotic campaign of such "news" as "hackers increase hacking", "compliance is hard/easy/matters/doesn't" or "awareness of virtualization/SaaS/hacking/compliance grows."

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

Again this month, my logging polls took the #1 spot! Poll #8 that covered context data for log analysis is analyzed here. Other popular polls include a controversial Windows Log Collection Poll (which is a poll #7) and poll #6 about logs that people actually look and poll #5 about logging challenges. Next poll is coming soon.
Not entirely surprising, my post/rant called "You Are "A Security Idiot" If ..." takes the #2 spot after being live for only a few days. Yes, we all like to point out other people's problems, especially when they are epically huge :-)
Also not surprisingly, my post "11 Signs That Your SIEM Is A Dog or "Raffy, You Killed SIM!"" is on the Top list. It is both humorous and sadly true (and backed up by other sources)
A curious subject of DLP or "data leak prevention" (specifically, the post called "So, CAN We Have DLP?") also tops the charts. My previous post on data leak 'prevention' ("In Passing on DLP") is popular as well.
Again and again, people googling for "open source SIEM" have pushed this post (this tiny old pathetic blurb) to top5. This ancient post from years ago explains why an open source SIEM will NOT emerge soon, if ever.

See you in July!

Possibly related posts / past monthly popular blog round-ups:

Technorati tags: blog, security, loggings, monthly

Monthly Blog Round-Up - May 2008

Mon, 02 Jun 2008 16:54:00 +0000

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

First time this month, my logging polls took #1 spot! Specifically, a controversial Windows Log Collection Poll (which is a poll #7) sits highest among the Top5 posts (closely behind are poll #6 about logs that people actually look at as well as poll #5 about logging challenges). Poll #8 analysis is coming up tomorrow, BTW...
As expected, the post called "Reverse Compliance or "Logs as Proof of Incompetence?"" tops the charts as well. It is about, "reverse compliance", which is a motivation to purposefully avoid technologies that have a chance of telling you that you are NOT in compliance.
My quick post on data leak 'prevention' ("In Passing on DLP") is popular as well. Indeed, DLP is a very interesting segment of security market and there is plenty of innovation happening there.
ISO17799/27002 might not be hot in the US, but discussing why it is not IS indeed hot. WTH? Well, "Why Is ISO2700x Hot in UK, but Not in US?" is in Top5.
Again, people googling for "open source SIEM" have pushed this post (this tiny blurb) to top5. This ancient post from 2 years ago (!) years ago explains why an open source SIEM will NOT emerge soon, if ever.

See you in June!

Possibly related posts / past monthly popular blog round-ups:

Technorati tags: blog, security, loggings, monthly

Monthly Blog Round-Up - April 2008

Thu, 01 May 2008 18:17:00 +0000

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

In a bizarre twist of fate, the #1 post this month is this little blurb on what will motivate the improvement of security in the future. So, is it lawsuits after all?
Emerging from its well-deserved oblivion is the topic of anti-virus efficiency. Here are the posts: Answer to My Antivirus Mystery Question and a "Fun" Story, More on Anti-virus and Anti-malware, Let's Play a Fun Game Here ... A Scary Game, The Original Anti-Virus Test Paper is Here!, Protected but Owned: My Little Investigation, A Bit More on AV and Closure (Kind of) to the Anti-Virus Efficiency/Effectiveness Saga.
Again this month, my logging polls are super-hot: specifically, a controversial Windows Log Collection Poll (which is a poll #7) sits among the Top5 posts (closely behind is poll #6 about logs that people actually look at).
People, please stop googling for "open source SIEM." :-) Really! You are not going to find it, 'cause it doesn't exist (yes, OSSIM exists, but I still doubt that it will gain massive adoption any time soon). In any case, this tiny blurb from 2 (!) years ago where I explain why an open source SIEM will NOT emerge soon is in Top5 posts (weird indeed!). I have to tell you that the volume of google queries for "open source SIEM" that land on my blog has increased by a factor of 8 (!!!) over the course of last year.
Finally, a Top5 item which did not surprise me this month: my RSA impressions are Top5 as well (this post and the whole RSA2008 coverage)

See you in May!

Possibly related posts / past monthly popular blog round-ups:

Technorati tags: monthly

Monthly Blog Round-Up - March 2008

Wed, 02 Apr 2008 10:36:00 +0000

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

This month my logging polls are super-hot: specifically Logging Poll #6 "Which Logs Do You LOOK At?" Analysis leads the Top5. Do people look at logs? Which ones? Check out the poll analysis.
Somewhat predictably, PCI compliance is still all the rage. So, just like last month, MUST-DO Logging for PCI? post was propelled to a place in my Top5 popular posts list. It discusses the fact that there is no "easy list" of what you MUST do to comply.
Also predictably, next up are again my Top11 logging lists: Top 11 Reasons to Collect and Preserve Computer Logs and Top 11 Reasons to Look at Your Logs (the third list, Top 11 Reasons to Secure and Protect Your Logs, was not quite that popular - I long argued that, sadly, few people care about log security yet). A new one was also added to the list: Top 11 Reasons to Analyze Your Logs.
Surprisingly, my little impression from a CSO Summit (where I gave a keynote) made it to Top5: Data Theft "Russian-Style" Is your data stolen? Bad! Is it sold for $5 by the street vendors in Moscow? Super-bad!
Also surprisingly, one of my comments on a recent breach ("On Hannaford Brothers Breach and PCI") is in Top5. Newer comments are here.

See you in April!

Possibly related posts / past monthly popular blog round-ups:

Technorati tags: monthly

Monthly Blog Round-Up - February 2008

Mon, 03 Mar 2008 08:50:00 +0000

So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts and topics.

Finally, one post I wrote this month bumped the "anti-virus saga" from the #1 popular spot: Welcome to the Platform Club! :-) post discusses requirements for a log management platform (and makes fun of some folks in the process ...)
Now pushed to the #2 spot, next is the topic of anti-virus efficiency. Here are the posts: Answer to My Antivirus Mystery Question and a "Fun" Story, More on Anti-virus and Anti-malware, Let's Play a Fun Game Here ... A Scary Game, The Original Anti-Virus Test Paper is Here!, Protected but Owned: My Little Investigation, A Bit More on AV and Closure (Kind of) to the Anti-Virus Efficiency/Effectiveness Saga
Next are again my Top11 logging lists: Top 11 Reasons to Collect and Preserve Computer Logs and Top 11 Reasons to Look at Your Logs (the third list, Top 11 Reasons to Secure and Protect Your Logs, was not quite that popular - I long argued that, sadly, few people care about log security yet). A new one was also added to the list: Top 11 Reasons to Analyze Your Logs. Check it out!
PCI compliance is still all the rage! So, MUST-DO Logging for PCI? post was propelled to a place in my Top5 popular posts list. It discusses the fact that there is no "easy list" of what you MUST do to comply.
My logging polls are hot as well. Specifically, the analysis of my newest poll (Logging Poll #5 "Top Logging Challenges" Analysis) is popular.

See you in March - I will continue to make logs popular, research new log analysis methods and make fun of some people (of course!) :-)

Possibly related posts / past monthly popular blog round-ups:

Technorati tags: monthly, chuvakin

Annual Blog Round-Up - 2007

Fri, 04 Jan 2008 10:16:00 +0000

If monthly, why not annual blog round-up? These are my top popular "Security Warrior" blog posts for 2007! To make this a competition of posts, I am removing the links to the main blog, search labels (e.g. log management, which was indeed one of the most popular resources on the blog) as well as grouping posts together in theme clusters.

Same as during past few months, the "fallout" from being featured on a high-profile programming site continues to drive humongous loads of traffic which made this set of posts the most popular, even for the year. The topic that got such a huge boost was anti-virus efficiency. The posts are: Answer to My Antivirus Mystery Question and a "Fun" Story, More on Anti-virus and Anti-malware, Let's Play a Fun Game Here ... A Scary Game, The Original Anti-Virus Test Paper is Here!, Protected but Owned: My Little Investigation as well as a final entry about my own switch away from mainstream major-vendor anti-virus tool: A Bit More on AV and Closure (Kind of) to the Anti-Virus Efficiency/Effectiveness Saga.
Next by rank is a set of my Top11 lists: Top 11 Reasons to Collect and Preserve Computer Logs and Top 11 Reasons to Look at Your Logs (the third list, Top 11 Reasons to Secure and Protect Your Logs, was not quite that popular - I have long argued that, sadly, few people care about log security yet).
Wow! I love, love, love the fact that my blog readers made my first Common Event Expression (CEE), post introducing this emerging log standard, (official site now live!) one of the most popular: Finally, Common Event Expression (CEE) is Out!!!. My other CEE-related posts are labeled here.
Hurray to database logging (finally!) My posts related to database logging top the charts. Specifically, How to Do Database Logging/Monitoring "Right"? as well as its "prequels" :-) Full Paper on Database Log Management Posted and On Database Logging and Auditing (Teaser + NOW Full Paper).
Finally, security ROI saga that flared up mid-year is also among the most popular. Indeed, Security ROI Pile-Up! post made it into Top5 (the related posts are: The Entire Security ROI Blood Trail and ROI, ROSI, RROI and Harry Potter Tales). The rest of my ROI-related posts are labeled here.
At the risk of destroying my math credibility, I will add an item #6 to my Top 5 list, again. This little post called On Open Source in SIEM and Log Management have also generated a lot of traffic and discussion. Indeed, log management vs SIEM as well as reasons for a lack of a popular and complete open source log management solution are fun topics!

See you in 2009! :-)

Possibly related posts / past monthly popular blog round-ups:

Technorati tags: annual, 2007, review, round-up, security, chuvakin