Gartner Blog Network

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in 1997, so 20 years ago. 20 years is like 2 gazillion years in “IT years.” But even today I see a lot of people who […]

Read more »

On UEBA / UBA Use Cases

by Anton Chuvakin  |  January 5, 2017

After much agonizing, we (Augusto and myself) have settled on the following list of UEBA / UBA use cases for our upcoming UEBA technology comparison. Here they are: Compromised account detection: this is a “classic UBA” usage – study account authentication and usage information to conclude that the account is being used by a malicious […]

Read more »

My Top 7 Popular Gartner Blog Posts for December 2016

by Anton Chuvakin  |  January 3, 2017

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) […]

Read more »

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is required for all of the papers; the list includes updates to existing papers, such as those on threat intel, incident response and SIEM. Deception: “Applying […]

Read more »

UEBA Clearly Defined, Again?

by Anton Chuvakin  |  December 12, 2016

Ok, so after yet another request to “define UBA | UEBA clearly”, this post was born. First, Gartner “Market Guide for User and Entity Behavior Analytics” (not the research we are planning, BTW) just went up and its authors do spent time clarifying UEBA characteristics. To quote, “User and entity behavior analytics offers profiling and […]

Read more »

What Should Your UEBA Show: Indications or Conclusions?

by Anton Chuvakin  |  December 8, 2016

While starting to research UBA / UEBA and other analytics-related security tools, one interesting paradox has emerged. I’d call it “INSIGHT vs CERTAINTY paradox.” Specifically: Some UEBA users and prospects say “give me CERTAINTY” (some grumpily add: “I can get ‘false positives’ from my SIEM, should I want them”) Other UEBA users say “give me […]

Read more »

My Top 7 Popular Gartner Blog Posts for November 2016

by Anton Chuvakin  |  December 2, 2016

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) The Coming UBA / UEBA – SIEM War! (UEBA / UBA / security analytics research) Popular SIEM Starter Use Cases (SIEM research) SIEM Use Cases – And Other […]

Read more »

My Top 7 Popular Gartner Blog Posts for October 2016

by Anton Chuvakin  |  November 22, 2016

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) […]

Read more »

Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published

by Anton Chuvakin  |  November 21, 2016

As my esteemed and fast-fingered colleague has already noted, our deception paper has published. World, please behold the 38 page awesomeness of “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” [Gartner GTP access required]! The abstract states “Deception is a viable option to improve threat detection and response capabilities. Technical professionals focused […]

Read more »

UEBA Shines Where SIEM Whines?

by Anton Chuvakin  |  November 14, 2016

Remember my Popular SIEM Starter Use Cases post from 2014? Let’s take a look at that list of popular SIEM use cases and see how/where UEBA helps. This will make the SIEM/UEBA war discussion come to life more (check this discussion out as well, as an optional pre-requisite)… Let’s try it using the same table […]

Read more »