Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

How a Lower Maturity Security Organization Can Use Threat Intel?

by Anton Chuvakin  |  May 16, 2016

As we mentioned, we are starting a refresh effort for our threat intelligence paper [Gartner GTP access required]. One thing we may add is more detailed guidance on the usage of threat intel for lower-maturity security organizations. You know, those that just learned to spell “S-I-E-M” and that are constantly pushed to do “more with […]

Read more »

New Research Starting Soon: Threat Intel, SOC, etc

by Anton Chuvakin  |  May 11, 2016

Our EDR research is winding down, so we are about to start our next cycle, here is what we have in mind. THREAT INTELLIGENCE TOPIC: An update to our “How to Collect, Refine, Utilize and Create Threat Intelligence” that compares types of threat intelligence data and outlines common TI usage patterns. We [Augusto and myself] […]

Read more »

Our “Understanding Insider Threats” Paper Publishes

by Anton Chuvakin  |  May 9, 2016

Very few of you knew that we’ve been “secretly” working on a report dedicated to the insider threat – for the last year or so. We had a few false starts [because, frankly, we could not find anybody who actually cared about the problem :-)], but we finally did it!! Please welcome “Understanding Insider Threats” […]

Read more »

Highlights From Verizon Data Breach Report 2016

by Anton Chuvakin  |  May 4, 2016

Here are my favorite “data-bits”, quotes and fun items from Verizon’s 2016 Data Breach Investigations Report: “The Actors in breaches are predominantly external. While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house.” <- a useful […]

Read more »

One More Time On EDR Use Cases

by Anton Chuvakin  |  May 3, 2016

Our first EDR paper is about to be published, but I wanted to draw your attention to my favorite topic – the use cases. We touched on the EDR (back then: ETDR) use cases in this post in 2013, but we are revisiting them in current research. In our view, EDR use cases can be […]

Read more »

EDR Tool Wins – Only For The Enlightened?

by Anton Chuvakin  |  April 25, 2016

We are nearing the end of our Endpoint Detection and Response (EDR) research project; we just pushed our first paper – on EDR operational practices – into review and are concentrating on a technology comparison paper, a more difficult effort. One thing has emerged from many of the recent conversations with EDR vendors and users. […]

Read more »

Our “How to Plan and Execute Modern Security Incident Response” Publishes

by Anton Chuvakin  |  April 11, 2016

Our updated security incident response (IR) paper, now renamed “How to Plan and Execute Modern Security Incident Response” (Gartner GTP access required) has just published. Some fun quotes follow below: “Effective security IR fuses together technical and nontechnical resources, which are bound by the incident response policy, procedures and plans. Most organizations have an underdeveloped […]

Read more »

Speaking at Gartner Security & Risk Management Summit 2016

by Anton Chuvakin  |  April 8, 2016

Gartner Security & Risk Management Summit 2016 is coming soon and here is my traditional blog post summarizing my speaking at this upcoming event (Washington, DC, June 13-16, 2016). “How to Run an SIEM Operation?” reveals a guidance framework that offers a structured approach for running and growing an SIEM deployment at a large enterprise […]

Read more »

Sad Hilarity of Predictive Analytics in Security?

by Anton Chuvakin  |  March 31, 2016

After spending a week in Siberia, I am ready for more fun blogging – and of course for more drama that is our industry (GO CYBER DRAMA!). In any case, the topic is PREDICTIVE ANALYTICS in SECURITY: What is it? Can we have it? What is it? First, I’ve encountered a few “false predictive” examples […]

Read more »

Anton’s Favorite Threat Hunting Links

by Anton Chuvakin  |  March 21, 2016

Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of Anton’s favorite threat hunting links, in no particular order: Incident Response Hunting Tools (by @sroberts) has a whole bunch of tools. Incident Response is Dead…Long […]

Read more »