Anton Chuvakin
77p557 comments posted · 349 followers · following 0
7 years ago @ Anton Chuvakin Blog - An Open Letter to Andr... · 0 replies · +2 points
10 years ago @ Anton Chuvakin Blog - Monthly Blog Round-Up ... · 0 replies · +1 points
10 years ago @ Anton Chuvakin Blog - Simple Log Review Chec... · 0 replies · +2 points
>Security can hand a checklist to the admins and say "we need this".
Agreed, but sadly, such per-OS checklists don't exist in one place. In the good old times (mid-1990s) some people maintained them, but this effort is kinda ... not alive now.
10 years ago @ Anton Chuvakin Blog - On Choosing SIEM · 0 replies · +1 points
10 years ago @ Anton Chuvakin Blog - SANS Top 6 Log Reports... · 0 replies · +4 points
11 years ago @ Anton Chuvakin Blog - Monthly Blog Round-Up ... · 0 replies · +1 points
11 years ago @ Anton Chuvakin Blog - Top 10 Criteria for a ... · 0 replies · +1 points
11 years ago @ Anton Chuvakin Blog - Proactive and Continuo... · 0 replies · +1 points
11 years ago @ Anton Chuvakin Blog - PCI Compliance Book Gi... · 0 replies · +1 points
Jeff Hall 3:55 AM
Here's my entry. And since it involves log management and analysis, it should be an automagic winner. LOL
A very large retailer decides to reorganize their IT department to be more responsive and reactive. As part of that reorganization, they create a group titled 'Enterprise Monitoring' that is responsible for the care/feeding of the log management and analysis solutions. Centralized personnel that actually do the monitoring are pushed out to the business units where, according to IT management, the actual monitoring belongs.
Everyone at the meeting announcing this decision says that the name. Enterprise Monitoring, needs to be changed because it gives the impression that the group does the monitoring, but they are over ruled.
Spin ahead almost a year later to their PCI assessment. The monitoring personnel that were pushed out to the business units were, surprise/surprise, were seen as new bodies that could be used for everything BUT monitoring. So, we have great log management and analysis solutions running, but no one has been monitoring anything for almost a year! When asked, the business units point to the Enterprise Monitoring group and say that it is their responsibility because they are 'Enterprise Monitoring'. DUH!
11 years ago @ Anton Chuvakin Blog - New SIEM Whitepaper on... · 0 replies · +4 points