Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Highlights From Verizon Data Breach Report 2016

by Anton Chuvakin  |  May 4, 2016

Here are my favorite “data-bits”, quotes and fun items from Verizon’s 2016 Data Breach Investigations Report: “The Actors in breaches are predominantly external. While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house.” <- a useful […]

Read more »

One More Time On EDR Use Cases

by Anton Chuvakin  |  May 3, 2016

Our first EDR paper is about to be published, but I wanted to draw your attention to my favorite topic – the use cases. We touched on the EDR (back then: ETDR) use cases in this post in 2013, but we are revisiting them in current research. In our view, EDR use cases can be […]

Read more »

EDR Tool Wins – Only For The Enlightened?

by Anton Chuvakin  |  April 25, 2016

We are nearing the end of our Endpoint Detection and Response (EDR) research project; we just pushed our first paper – on EDR operational practices – into review and are concentrating on a technology comparison paper, a more difficult effort. One thing has emerged from many of the recent conversations with EDR vendors and users. […]

Read more »

Our “How to Plan and Execute Modern Security Incident Response” Publishes

by Anton Chuvakin  |  April 11, 2016

Our updated security incident response (IR) paper, now renamed “How to Plan and Execute Modern Security Incident Response” (Gartner GTP access required) has just published. Some fun quotes follow below: “Effective security IR fuses together technical and nontechnical resources, which are bound by the incident response policy, procedures and plans. Most organizations have an underdeveloped […]

Read more »

Speaking at Gartner Security & Risk Management Summit 2016

by Anton Chuvakin  |  April 8, 2016

Gartner Security & Risk Management Summit 2016 is coming soon and here is my traditional blog post summarizing my speaking at this upcoming event (Washington, DC, June 13-16, 2016). “How to Run an SIEM Operation?” reveals a guidance framework that offers a structured approach for running and growing an SIEM deployment at a large enterprise […]

Read more »

Sad Hilarity of Predictive Analytics in Security?

by Anton Chuvakin  |  March 31, 2016

After spending a week in Siberia, I am ready for more fun blogging – and of course for more drama that is our industry (GO CYBER DRAMA!). In any case, the topic is PREDICTIVE ANALYTICS in SECURITY: What is it? Can we have it? What is it? First, I’ve encountered a few “false predictive” examples […]

Read more »

Anton’s Favorite Threat Hunting Links

by Anton Chuvakin  |  March 21, 2016

Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of Anton’s favorite threat hunting links, in no particular order: Incident Response Hunting Tools (by @sroberts) has a whole bunch of tools. Incident Response is Dead…Long […]

Read more »

EDR Mud Fight: Kernel or Userland?

by Anton Chuvakin  |  March 18, 2016

I am feeling adventurous, so let’s have an EDR mud fight [pillow fight?] – kernel or userland agent? Top Pros Top Cons Kernel mode EDR agent Better resilience vs the attacker Some additional visibility (memory, etc) Higher chance of system stability problems Some types of visibility not available in kernel mode User mode EDR agent […]

Read more »

Using EDR For Remediation?

by Anton Chuvakin  |  March 11, 2016

“Do you believe in bible? – Totally, man, I’ve seen one!” OK, do you believe in APT automatic remediation? In fact, have you seen one done successfully? BTW, here we define “remediation” as “putting it the way it was.” My point is that automated remediation of compromised systems – however much desired – is also […]

Read more »

Our Team Is Hiring Again: Position Open – Data Security in US/North America

by Anton Chuvakin  |  March 9, 2016

Our team at Gartner for Technical Professionals (GTP) is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! This new role is for a data security person, so this time we have a specific coverage area in mind. Excerpts from the job description – with my highlights: Create […]

Read more »