Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Baby’s First Threat Intel Usage Questions

by Anton Chuvakin  |  June 28, 2016

Every time I think I already wrote the most basic blog post on threat intelligence usage, somebody comes and asks for an even more basic one… Now, many of you have retweeted this tweet: “1. Get threat intel 2. ???? 3. Profit!” syndrome seem to plague many organizations. — Dr. Anton Chuvakin (@anton_chuvakin) June 21, […]

Read more »

Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes

by Anton Chuvakin  |  June 20, 2016

Our 2nd EDR paper has published: enjoy the “Comparison of Endpoint Detection and Response (EDR) Technologies and Solutions” [Gartner GTP access required]. The summary states that “Endpoint detection and response tools are an important component of modern security architectures. Existing tools support organizations trying to quickly detect, identify and react to threats on workstations and […]

Read more »

My Top 7 Popular Gartner Blog Posts for May 2016

by Anton Chuvakin  |  June 7, 2016

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) Revisiting Vulnerability Assessment and Vulnerability Management Research (vulnerability management research) My “How to Work […]

Read more »

Our Paper “Endpoint Detection and Response Tool Architecture and Operations Practices” Publishes

by Anton Chuvakin  |  May 26, 2016

OK, I am being very late here, but the 1st of 2 of our 2016 EDR papers titled “Endpoint Detection and Response Tool Architecture and Operations Practices” has published. Augusto promptly announced it here [while I was working hard in Honolulu…] and so I am late here, but I have some fun quotes. This paper […]

Read more »

How a Lower Maturity Security Organization Can Use Threat Intel?

by Anton Chuvakin  |  May 16, 2016

As we mentioned, we are starting a refresh effort for our threat intelligence paper [Gartner GTP access required]. One thing we may add is more detailed guidance on the usage of threat intel for lower-maturity security organizations. You know, those that just learned to spell “S-I-E-M” and that are constantly pushed to do “more with […]

Read more »

New Research Starting Soon: Threat Intel, SOC, etc

by Anton Chuvakin  |  May 11, 2016

Our EDR research is winding down, so we are about to start our next cycle, here is what we have in mind. THREAT INTELLIGENCE TOPIC: An update to our “How to Collect, Refine, Utilize and Create Threat Intelligence” that compares types of threat intelligence data and outlines common TI usage patterns. We [Augusto and myself] […]

Read more »

Our “Understanding Insider Threats” Paper Publishes

by Anton Chuvakin  |  May 9, 2016

Very few of you knew that we’ve been “secretly” working on a report dedicated to the insider threat – for the last year or so. We had a few false starts [because, frankly, we could not find anybody who actually cared about the problem :-)], but we finally did it!! Please welcome “Understanding Insider Threats” […]

Read more »

Highlights From Verizon Data Breach Report 2016

by Anton Chuvakin  |  May 4, 2016

Here are my favorite “data-bits”, quotes and fun items from Verizon’s 2016 Data Breach Investigations Report: “The Actors in breaches are predominantly external. While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house.” <- a useful […]

Read more »

One More Time On EDR Use Cases

by Anton Chuvakin  |  May 3, 2016

Our first EDR paper is about to be published, but I wanted to draw your attention to my favorite topic – the use cases. We touched on the EDR (back then: ETDR) use cases in this post in 2013, but we are revisiting them in current research. In our view, EDR use cases can be […]

Read more »

EDR Tool Wins – Only For The Enlightened?

by Anton Chuvakin  |  April 25, 2016

We are nearing the end of our Endpoint Detection and Response (EDR) research project; we just pushed our first paper – on EDR operational practices – into review and are concentrating on a technology comparison paper, a more difficult effort. One thing has emerged from many of the recent conversations with EDR vendors and users. […]

Read more »