Security Warrior - Details

Ifmonthly, why notannualblog round-up? These are my top popular"Security Warrior" blogposts for 2008. Enjoy!

1. Just as last year (!!!), the"fallout" from being featured on a high-profile programming site continues to drive humongous loads of traffic which made this set of posts the most popular, even for this year  year, even though it was posted more than a year ago.  The topic that got such a huge boost wasanti-virus efficiency. The posts are:Answer to My Antivirus Mystery Question and a"Fun" Story,More on Anti-virus and Anti-malware,Let's Play a Fun Game Here ... A Scary Game,The Original Anti-Virus Test Paper is Here!,Protected but Owned: My Little Investigationas well as a final entry about my own switch away from mainstream major-vendor anti-virus tool:A Bit More on AV  andClosure (Kind of) to the Anti-Virus Efficiency/Effectiveness Saga.The staying power of this series of posts is truly astounding; pretty much a Slashdot effect.
2. Due to totally bizarre reasons that just blow my mind, people keep obsessively googling for“open source SIEM”and thus I have to add this little post calledOn Open Source in SIEM and Log Managementto a top list as – oh, shock! - #2. Just as a reminder, there is no credible open source SIEM tool (no “snort of SIEM”) – and there probably never will be.OSSECcomes kinda close, but solves a much more narrow problem (really well!)
3. Next by rank (amazingly, just as last year!) is a set of myTop11 lists: Top 11 Reasons to Collect and Preserve Computer Logsand Top 11 Reasons to Look at Your Logs(BTW, the third list,Top 11 Reasons to Secure and Protect Your Logs,was much more popular this year compared to last year – is log security finally coming?)
4. A champion of multiple months, “MUST-DO Logging for PCI?”  is also on the list; the world does need more specific PCI DSS guidance. PCI DSS guidance is not“too prescriptive,”it is more often not prescriptive enough!
5. I did a lot ofpollsin 2008 (mostly on logs, but onother subjectsas well)  and many were on the top lists. I will do more polls this year as well; obviously, on more topics than just logs.
6. In a similar Slashdot-like effect, my comments onTerry Child saga“On Doomsaying (Terry Childs case)”, “So ... Am I? Maybe I Am!” and “Admins , Good Guys or"I am NOT an Idiot!"” were on the top list. The whole thing REALLY opened my eyes that “information security” and “IT” are not always friends, lovers or even good neighbors … Security people often bitch about management – this saga made me think we need to bitch about IT more :-)
7. This cute,semi-humorous post  onSIEM(“11 Signs That Your SIEM Is A Dog or"Raffy, You Killed SIM!"”) was hot this year; it generate a lot of soul-searching about SIEM (some items are linkedhere)
8. Accidentally launching a “security idiot” meme (“You Are"A Security Idiot" If ...”) was also one of the highlights. The“security idiot” meme lives on.  (one day I will have to explain howthe original postoriginated)
9. Hurray to database logging (finally!) My posts related todatabase loggingtop the charts in 2008. Specifically,How to Do Database Logging/Monitoring"Right"?as well as its"prequels"Full Paper on Database Log Management PostedandOn Database Logging and Auditing (Teaser + NOW Full Paper).

Also enjoy:

Monthlytops:

• Monthly Blog Round-Up – December 2008
• Monthly Blog Round-Up - November 2008
• Monthly Blog Round-Up - October 2008
• Monthly Blog Round-Up - September 2008
• Monthly Blog Round-Up - August 2008
• Monthly Blog Round-Up - July 2008
• Monthly Blog Round-Up - June 2008
• Monthly Blog Round-Up - May 2008  
• Monthly Blog Round-Up - April 2008  
• Monthly Blog Round-Up - March 2008  
• Monthly Blog Round-Up - February 2008  
• Monthly Blog Round-Up - January 2008  
• Monthly Blog Round-Up - December 2007  
• Monthly Blog Round-Up - November 2007  
• Monthly Blog Round-Up - October 2007  
• Monthly Blog Round-Up - September 2007
• Monthly Blog Round-Up - August 2007

Annualtops:

• Annual Blog Round-Up – 2007

As we all know, blogs are a bit"stateless" and a lot of good content gets lost since many people, sadly, only pay attention to what they seetoday. Thesemonthly round-upsis an attempt to remind people of useful content from the past month! If you are “too busy to read the blogs” (!), at least readthese.

So, here is my nextmonthly"Security Warrior" bloground-up of top 5 popular posts/topics.

1. Truly shockingly,AGAINx3:-) this month, the"Top 11 Reasons to Secure and Protect Your Logs" came up as on the Top list.  My Top 11 lists on logging live on! Is log security finally of interest to people?
2. Admittedly,making funof other’s security predictions is easier thanpredicting correctly. In any case, “On Retarded Year-end Security Predictions” got the #2 spot this month.
3. People, there is NO open source SIEM that you can use in place of “market-leaning” (aka “expensive”) products! Despite that “On Open Source in SIEM and Log Management” is also again on the top list, to much of my amazement.
4. My list of PCI DSS-related blogs is in on the top list: “PCI DSS Blogs”
5. For whatever bizarre reason, theanti-virus sagais back to the top, where it stayed for many months.

See youin January. Also see my annual “Top Posts” (2007, 2008)

Possibly related posts / past monthly popular blog round-ups:

• Monthly Blog Round-Up - November 2008
• Monthly Blog Round-Up - October 2008
• Monthly Blog Round-Up - September 2008
• Monthly Blog Round-Up - August 2008
• Monthly Blog Round-Up - July 2008
• Monthly Blog Round-Up - June 2008
• Monthly Blog Round-Up - May 2008  
• Monthly Blog Round-Up - April 2008  
• Monthly Blog Round-Up - March 2008  
• Monthly Blog Round-Up - February 2008  
• Monthly Blog Round-Up - January 2008  
• Monthly Blog Round-Up - December 2007  
• Monthly Blog Round-Up - November 2007  
• Monthly Blog Round-Up - October 2007  
• Monthly Blog Round-Up - September 2007
• Monthly Blog Round-Up - August 2007