Anton’s Security Blog Quarterly Q4 2025

Anton’s Security Blog Quarterly Q4 2025

Anton Chuvakin

5 min readDec 29, 2025

Amazingly, Medium has fixed the stats so my blog /podcast quarterly is back to life. As before, this covers bothAnton on Security and my posts fromGoogle Cloud blog,Google Cloud community blog, and ourCloud Security Podcast (subscribe on Spotify).

Top 10 posts with the most lifetime views (excluding paper announcement blogs):

• Anton’s Alert Fatigue: The Study [A.C. — wow, this is still #1 now! Awesome! Perhaps I need more of such deep studies]
• Security Correlation Then and Now: A Sad Truth About SIEM
• Can We Have “Detection as Code”?
• Revisiting the Visibility Triad for 2020 (update for 2025 is here!)
• Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
• Beware: Clown-grade SOCs Still Abound
• Why is Threat Detection Hard?
• A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
• Anton and The Great XDR Debate, Part 1
• Log Centralization: The End Is Nigh?

Top 5 posts with paper announcements:

• New Paper: “Future of the SOC: SOC People — Skills, Not Tiers” (paper 2 of the series)
• New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) (one more paper coming later in 2026 … we are researching now!)
• New Paper: “Future of the SOC: Forces shaping modern security operations”
• New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)
• New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” (the classic 2021 ASO paper!)
• New Paper: “Future of SOC: Transform the ‘How’” (Paper 5)
• New Paper: “Securing AI: Similar or Different?“
• New Office of the CISO Paper: Organizing Security for Digital Transformation” (paper)
• 10 ways to make cyber-physical systems more resilient” (paper)

NEW: recent 3 fun posts, must-read:

• Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer! (is your SOC AI-ready?)
• Shadow Agents: A New Era of Shadow AI Risk in the Enterprise (see you at RSA 2026!)
• Decoupled SIEM: Where I Think We Are Now? (this is not over yet!)

Top 7 Cloud Security Podcast by Google episodes (excluding the oldest 3!):

• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil (our best episode! officially!)
• EP47 “Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security”
• EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All
• EP8 Zero Trust: Fast Forward from 2010 to 2021
• EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!
• EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw
• EP17 Modern Threat Detection at Google

(also see our NEW 2025 reflections blog about the show)

Now, fun posts by topic.

Security operations / detection & response:

• “Security Correlation Then and Now: A Sad Truth About SIEM”
• “Migrate Off That Old SIEM Already!” (VIDEO!)
• “Measuring the SOC: What Counts and What Doesn’t in 2025?” (Google Cloud Blog)
• “Can We Have “Detection as Code”?”
• “Revisiting the Visibility Triad for 2020” and “SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025”
• “Beware: Clown-grade SOCs Still Abound”
• “Why is Threat Detection Hard?”
• “A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next”
• “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…”
• “Top 10 SIEM Log Sources in Real Life?” (NEWER VERSION)
• “Debating SIEM in 2023, Part 1”
• “Debating SIEM in 2023, Part 2”
• “Log Centralization: The End Is Nigh?”
• “Living with Multiple SIEMs”
• “Decoupled SIEM: Brilliant or Stupid?”
• “How to Make Threat Detection Better?”
• “SIEM Content, False Positives and Engineering (Or Not) Security”
• “Modern SecOps Masterclass: Now Available on Coursera”

(if you only read one, choose this one!)

Cloud security:

• “Secure cloud. Insecure use. (And what you can do about it)”
• “Using Cloud Securely — The Config Doom Question”
• “Who Does What In Cloud Threat Detection?”
• “How to Solve the Mystery of Cloud Defense in Depth?”
• “Does the World Need Cloud Detection and Response (CDR)?”
• “Use Cloud Securely? What Does This Even Mean?!”
• “How CISOs need to adapt their mental models for cloud security” [GCP blog]
• “Who Does What In Cloud Threat Detection?”
• “Cloud Migration Security Woes”
• “Move to Cloud: A Chance to Finally Transform Security?”
• “It’s a multicloud jungle out there. Here’s how your security can survive“

(if you only read one, choose this one!)

How Google Does Security (HGD):

[...]

Original source

📄 organizing_security_digital_transformation.pdf

📄 ociso_pcast_paper_2024.pdf