In the SIEM world, Azure Sentinel is very much a newcomer, but is already shaking up the enterprise-dominated space. Priced at about 10x cheaper than its competitors ($2.76 per GB), the tool massively undercuts every other product. In very non-Microsoft fashion, it also brings to the table some very cutting-edge features, like Jupyter Notebooks and bring-your-own machine learning (features that…
Recently I had a conversation with my team manager, and the conversation turned to “where do you see the future of security going?” It didn’t take much thought to come up with an answer: more analytics, more automation, fewer people. Let’s approach these one at a time. More Analytics Not everything can be reduced to raw numbers, but don’t tell…
For years, I’ve done almost all of my development in the cloud. Most of this has been spent with Cloud9 (and then AWS Cloud9 after Amazon bought the company). Now that I’m using an iPad Pro full time (more on that in another post) this has become more important to me. And following the success of Cloud9, competitors have started…
I recently bought an iPad Pro and the Magic Keyboard. More on that in an upcoming post. But when I was making my decision to purchase, I did a lot of research. And I would always come across reviews like this one from Tom’s Hardware Guide that complains about how heavy/thick the Magic Keyboard makes the iPad. They compare it…
I write code. I’m not a programmer. I am a security engineer who can code. Why is that important?
I want to walk through how to write a QRadar app, specifically to collect logs from a log source that only allows the use of an API and that QRadar does not natively support. Examples at the time of writing include Duo Security and Trend Micro Apex Central, but there are potentially thousands of others you might run into.
No, I’m not talking about QRadar on Cloud (QRoC) or even running QRadar in a cloud environment. I’m talking about how to manage a QRadar system when a number of your log sources are sitting in the cloud.
Writing QRadar apps isn’t always the most straightforward task. I learned a lot of stuff the hard way. Here’s the most important things.
The Maginot Line in World War II was the French defense against invading German forces. It covered almost the entire perimeter of the country, was impervious to attacks from the air or ground, and had backup supply lines on the inside of the perimeter. It was well staffed with trained and experienced soldiers. It was hugely expensive, state-of-the-art, and considered…
(At the time I wrote this (2017), I had never heard of “zero trust networking”. Looking back, that’s what I’m describing in this post. If you’re interested in these concepts, please read up on zero trust) The way we are dealing with security is all wrong. No one can deny it, but no one is doing anything about it. Why?…