Anton Chuvakin

San Jose

Information Security Expert and Contributor at Freelance

Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG

Featured in: Favicon

forbes.com Favicon

medium.com Favicon

gartner.com Favicon

darkreading.com Favicon

infosecurity-magazine.com Favicon

securityboulevard.com Favicon

enterprisersproject.com Favicon

cloudsecurityalliance.org Favicon

healthcaredive.com Favicon

cybersecuritydive.com

Articles

Anton’s Security Blog Quarterly Q1 2025

3 weeks ago | securityboulevard.com | Anton Chuvakin

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):• Security Correlation Then and Now: A Sad Truth About SIEM• Can We Have “Detection as Code”?
Anton’s Security Blog Quarterly Q1 2025

3 weeks ago | medium.com | Anton Chuvakin

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs, Medium posts only):Security Correlation Then and Now: A Sad Truth About SIEMCan We Have “Detection as Code”?
The Return of the Baby ASO: Why SOCs Still Suck?

1 month ago | securityboulevard.com | Anton Chuvakin

“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten war, their pages yellowed and brittle, offered no solace, only a hollow echo of outdated procedures. We were digital ghosts, sorting through the digital detritus of a network that had long since abandoned us.
The Return of the Baby ASO: Why SOCs Still Suck?

1 month ago | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·5 min read·--“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten war, their pages yellowed and brittle, offered no solace, only a hollow echo of outdated procedures.
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)

2 months ago | securityboulevard.com | Anton Chuvakin

Do you have a fair-weather friend? Or two? OK, do you also have a fair-weather SOC? This train of thought was inspired by reading pilot forums about how some training approaches lead to “fair weather pilots” who perform well in all cases except real emergencies. Anyhow, let me stop with this because this is not my area; it only triggered the ideation process for me. So, what does fair-weather SOC look like?
A Fair Weather SOC: 5 Signs It’s Time to Panic (and Fix It!)

2 months ago | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·5 min read·--A fair-weather SOC by Meta AIDo you have a fair-weather friend? Or two? Fair weather friend (via Google)OK, do you also have a fair-weather SOC? This train of thought was inspired by reading pilot forums about how some training approaches lead to “fair weather pilots” who perform well in all cases except real emergencies. Anyhow, let me stop with this because this is not my area; it only triggered the ideation process for me.
15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?

Feb 6, 2025 | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·3 min read·--Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of their operations (IF event_type=exploit FOLLOWED BY event_type=config_change ON the same machine THEN alert).
15+ Years of Loading Threat Intel into SIEM: Why Does This Still Suck?

Feb 6, 2025 | securityboulevard.com | Anton Chuvakin

Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of their operations (IF event_type=exploit FOLLOWED BY event_type=config_change ON the same machine THEN alert).
Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Jan 29, 2025 | securityboulevard.com | Anton Chuvakin

[written together with Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud; originally posted here]In 2024, we shared our insights on how to approach generative AI securely by exploring the fundamentals of this innovative technology, delving into key security terms, and examining the essential policies needed for AI governance. We also discussed Google Cloud’s approach to AI security and shared helpful resources like the Secure AI Framework (SAIF).
Google Cloud Security Threat Horizons Report #11 Is Out!

Jan 22, 2025 | medium.com | Anton Chuvakin

Anton Chuvakin·FollowPublished inAnton on Security·4 min read·--This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10).