Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

On Space Between Detection and Response

by Anton Chuvakin  |  August 31, 2015

Let’s ponder the space between Detection (D) and Response (R): D <aim your mind here!> R Do you see it clearly now? Where does DETECTION end and RESPONSE begins? What is this space between them? As more organizations finally give their detection controls the attention they deserve, the critically important space between D and R […]

Read more »

Co-Managed SIEM Rising

by Anton Chuvakin  |  August 24, 2015

I don’t usually blog on specific research … but when I do, it is about SIEM. So, a very interesting piece just went up on the Gartner site. It is called “How and When to Use Co-managed SIEM” (Gartner access, but not GTP access required) and is written by Toby Bussa. The summary states: “Co-managed […]

Read more »

My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes

by Anton Chuvakin  |  August 18, 2015

My freshly updated “Evaluation Criteria for Security Information and Event Management” (2015 edition) is up on the Gartner site. Admittedly, it is a relatively minor update, but I have expanded sections related to workflow, incident management, threat intelligence, analytics (of course!) and tightened a bunch of various loose ends. As a reminder, the document lists […]

Read more »

Speaking at Gartner Security Summit Australia 2015

by Anton Chuvakin  |  August 17, 2015

Gartner Security Summit Australia 2015 is coming soon. Here is my traditional blog post summarizing my speaking at this event (Sydney, Australia – August 24-25, 2015): “Security Incident Response in the Age of the APT” is definitely going to be a refresher for some people; at the same time, modern IR is a new area […]

Read more »

Threat Intelligence and Operational Agility

by Anton Chuvakin  |  August 13, 2015

I sometimes say that “threat intel doesn’t help people who don’t help themselves.” Here is one particular example: if you buy the best threat intelligence possible – mixed strategic and tactical, with full actor information, detailed indicators, and with revelations about future attacks targeted to your organization, can you really benefit from it? Those who […]

Read more »

Revisiting Vulnerability Assessment and Vulnerability Management Research

by Anton Chuvakin  |  August 7, 2015

Together with our new team member, Augusto Barros (blog, Twitter), we have embarked on an update to Gartner GTP vulnerability assessment (VA) and vulnerability management (VM) research. Let me tell you, we have some awesome plans! First, here are the key documents we have on the topic (only GTP documents listed): “Vulnerability and Security Configuration […]

Read more »

Your SOC Nuclear Triad

by Anton Chuvakin  |  August 4, 2015

Let’s talk modern SOC tools. The analogy I’d like to use is that of a “Nuclear Triad” – a key cold war concept. The triad consisted of strategic bombers, ICBMs and missile submarines (strictly speaking, submarine missiles – SLBMs) and sought to “significantly reduce the possibility that an enemy could destroy all of a nation’s […]

Read more »

My “How to Monitor the Security of Public Cloud Resources” Publishes

by Anton Chuvakin  |  July 30, 2015

My “How to Monitor the Security of Public Cloud Resources” paper just went up on the Gartner site. It is an update of the work I’ve done back in 2012 to identify the architectural approaches for monitoring public cloud assets. The paper has a lot of new content and a new discussion of a gateway-centric […]

Read more »

On Tanks vs Tractors

by Anton Chuvakin  |  July 24, 2015

Well, you all expect deep technical guidance from us at Gartner GTP – but here you are going to get another “philosophical post” (aka rant) – inspired by the “Jeepgate”, naturally. Many recent IoT security “faux pas” [and I am happy to say faux pas, rather than disasters] seem to trigger a rage of security […]

Read more »

Reality Check on EDR / ETDR

by Anton Chuvakin  |  July 23, 2015

How exciting is Endpoint Detection and Response (EDR) technology? — Sorry to piss on your parade, but for many organizations it is NOT exciting at all. Look, it is hard for me write this since personally I am super-excited about EDR / ETDR [hey, I came up with the original name]. Also, given the open […]

Read more »