Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Security Planning Guide for 2016

by Anton Chuvakin  |  October 5, 2015

Our team has just released our annual security planning guide: “2016 Planning Guide for Security and Risk Management.” Every GTP customer should go and read it! Its abstract states: “Technical professionals must make resilience a foundation of digital business. In 2016 and beyond, achieving three important goals — privacy, safety and reliability — will require […]

Read more »

Security Analytics Webinar Questions – Answered

by Anton Chuvakin  |  September 29, 2015

As promised, I am posting selected Q&A from my recent security analytics webinar (recording is here somewhere). As a reminder, the topics were: How to evolve beyond your SIEM to gain better insight from the data you have? How to start a security analytics project? Which security problems can be solved with big data? BTW, […]

Read more »

Five Basic Forgotten Security Alert Truths

by Anton Chuvakin  |  September 25, 2015

Here is a fun one: everybody whines that organizations have too many alerts, even the makers of the tools that produce alerts. Everybody! Everybody!! Everybody!!! When people whine [which, BTW, I totally respect – whining is an essential human right, as we all know], their lamentations often obscure a few basic truths about alerts. These […]

Read more »

Security: Automate And/Or Die?

by Anton Chuvakin  |  September 11, 2015

While I generally dislike abstract security debates like “how to be more proactive?”, “are we dynamic enough?” and “should we automate more?”, some recent experiences made me pick the last one up. So, in one ear I am hearing “we need to automate more” since we don’t have enough people or since our infratructure is […]

Read more »

Upcoming Webinar: Demystifying Security Analytics: Data, Methods, Use Cases

by Anton Chuvakin  |  September 4, 2015

I am doing a webinar based on my security analytics research earlier this year (resulting paper [Gartner GTP access required]). This is a great opportunity for those without said access to see some parts of this research. Webinar title: Demystifying Security Analytics: Data, Methods, Use Cases Date/time: Thursday, September 10, 2015 at 10AM ET and […]

Read more »

On Space Between Detection and Response

by Anton Chuvakin  |  August 31, 2015

Let’s ponder the space between Detection (D) and Response (R): D <aim your mind here!> R Do you see it clearly now? Where does DETECTION end and RESPONSE begins? What is this space between them? As more organizations finally give their detection controls the attention they deserve, the critically important space between D and R […]

Read more »

Co-Managed SIEM Rising

by Anton Chuvakin  |  August 24, 2015

I don’t usually blog on specific research … but when I do, it is about SIEM. So, a very interesting piece just went up on the Gartner site. It is called “How and When to Use Co-managed SIEM” (Gartner access, but not GTP access required) and is written by Toby Bussa. The summary states: “Co-managed […]

Read more »

My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes

by Anton Chuvakin  |  August 18, 2015

My freshly updated “Evaluation Criteria for Security Information and Event Management” (2015 edition) is up on the Gartner site. Admittedly, it is a relatively minor update, but I have expanded sections related to workflow, incident management, threat intelligence, analytics (of course!) and tightened a bunch of various loose ends. As a reminder, the document lists […]

Read more »

Speaking at Gartner Security Summit Australia 2015

by Anton Chuvakin  |  August 17, 2015

Gartner Security Summit Australia 2015 is coming soon. Here is my traditional blog post summarizing my speaking at this event (Sydney, Australia – August 24-25, 2015): “Security Incident Response in the Age of the APT” is definitely going to be a refresher for some people; at the same time, modern IR is a new area […]

Read more »

Threat Intelligence and Operational Agility

by Anton Chuvakin  |  August 13, 2015

I sometimes say that “threat intel doesn’t help people who don’t help themselves.” Here is one particular example: if you buy the best threat intelligence possible – mixed strategic and tactical, with full actor information, detailed indicators, and with revelations about future attacks targeted to your organization, can you really benefit from it? Those who […]

Read more »