So you want to disable SSLv3?

Recent vulnerability released by Google called Poodle - puts security administrators to scramble keeping up with "heartbleed", "retiring of SHA-1" and "removal of SSLv3"  As I come from the solutions and enterprise architecture background, I get pinged by these questions about the real risk and impact of implementing these security enforcement's.

Integrating Google's BigQuery into your Security Operations Center (SOC).

In your security operations it is not uncommon for you to require access to some large datasets and analyze them.  The obvious answer is to store them in a bigdata solution.  If you are in the business of building your own bigdata solution, you find many technical details as distractions to running your core service - security analysis in this case.

Rolling PCAP (Packet Capture) for a production network

It is common to see many SOCs (Security Operations Centers) wanting a packet capture of a recent event to trace down some network activity either part of an attack or an investigation.  A file format called PCAP is a good way to store network data on the disk.  However no one can afford to store PCAP forever, so a rolling packet capture depending on your network bandwidth is a very viable way to collect and store PCAP.

Overcoming your CDN provider in web logs

As I consult with clients on security incidents in large organizations, they always puzzled by an incident that shows all their web attacks as originating from either Akamai or Amazon.  This is typically due to some reconfiguration of application services to be distributed using a CDN (Content Delivery Network).  It is not surprising for organizations like Target after a large breach incident to sift through millions of logs only to find attacks appear to have come either through a trusted service provider (like Akamai) or through a partner.