Anton Chuvakin

Anton Chuvakin

77p

557 comments posted · 25 followers · following 0

129 weeks ago @ Anton Chuvakin Blog - An Open Letter to Andr... · 0 replies · +2 points

Thanks a lot for the comment. Still, I am planning to give them another chance before taking an iPlunge :-)

260 weeks ago @ Anton Chuvakin Blog - Monthly Blog Round-Up ... · 0 replies · +1 points

I have no idea what HTTPA stands for -- sorry. I can google, sure, but it won't be my opinion :-)

279 weeks ago @ Anton Chuvakin Blog - Simple Log Review Chec... · 0 replies · +2 points

>Each modern OS should have a clearly defined, specific set of logging instructions to ensure that
>Security can hand a checklist to the admins and say "we need this".

Agreed, but sadly, such per-OS checklists don't exist in one place. In the good old times (mid-1990s) some people maintained them, but this effort is kinda ... not alive now.

283 weeks ago @ Anton Chuvakin Blog - On Choosing SIEM · 0 replies · +1 points

SIEM installations supporting 100,000 EPS do exist, but they are definitely on the complex and expensive side, and in most cases involve multiple, sometimes dozens, of servers.

288 weeks ago @ Anton Chuvakin Blog - SANS Top 6 Log Reports... · 0 replies · +1 points

Thanks for the comment. This was literally years in the making :-)

329 weeks ago @ Anton Chuvakin Blog - Monthly Blog Round-Up ... · 0 replies · +1 points

Thanks for the comment and for the idea. It does seem like a great case for using game theory indeed. Let me think of how I can do it

337 weeks ago @ Anton Chuvakin Blog - Top 10 Criteria for a ... · 0 replies · +1 points

Agreed, the initial integration and operational process is what hinders many SIEM projects. On-site log integration tools have been known since the early days of SIEM (2002-2003), but not every log can be quickly parsed., even with the best tools..

337 weeks ago @ Anton Chuvakin Blog - Proactive and Continuo... · 0 replies · +1 points

Sorry, this conversation is a bit too involved to have in comments. I'd love to see more information about your continuous compliance platform

344 weeks ago @ Anton Chuvakin Blog - PCI Compliance Book Gi... · 0 replies · +1 points

Received via G+ https://plus.google.com/104051623244958334514/pos...
Jeff Hall 3:55 AM
Here's my entry. And since it involves log management and analysis, it should be an automagic winner. LOL

A very large retailer decides to reorganize their IT department to be more responsive and reactive. As part of that reorganization, they create a group titled 'Enterprise Monitoring' that is responsible for the care/feeding of the log management and analysis solutions. Centralized personnel that actually do the monitoring are pushed out to the business units where, according to IT management, the actual monitoring belongs.

Everyone at the meeting announcing this decision says that the name. Enterprise Monitoring, needs to be changed because it gives the impression that the group does the monitoring, but they are over ruled.

Spin ahead almost a year later to their PCI assessment. The monitoring personnel that were pushed out to the business units were, surprise/surprise, were seen as new bodies that could be used for everything BUT monitoring. So, we have great log management and analysis solutions running, but no one has been monitoring anything for almost a year! When asked, the business units point to the Enterprise Monitoring group and say that it is their responsibility because they are 'Enterprise Monitoring'. DUH!

344 weeks ago @ Anton Chuvakin Blog - New SIEM Whitepaper on... · 0 replies · +4 points

Hmmm, I was able to find a copy in Google cache as per above. I do have a copy, but I am not sure I can release it. Maybe I can toss it online some time later after I am sure its original publisher no longer cares...