Gartner Blog Network

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

My Top 7 Popular Gartner Blog Posts for November 2016

by Anton Chuvakin  |  December 2, 2016

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) The Coming UBA / UEBA – SIEM War! (UEBA / UBA / security analytics research) Popular SIEM Starter Use Cases (SIEM research) SIEM Use Cases – And Other […]

Read more »

My Top 7 Popular Gartner Blog Posts for October 2016

by Anton Chuvakin  |  November 22, 2016

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) […]

Read more »

Our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” Paper is Published

by Anton Chuvakin  |  November 21, 2016

As my esteemed and fast-fingered colleague has already noted, our deception paper has published. World, please behold the 38 page awesomeness of “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” [Gartner GTP access required]! The abstract states “Deception is a viable option to improve threat detection and response capabilities. Technical professionals focused […]

Read more »

UEBA Shines Where SIEM Whines?

by Anton Chuvakin  |  November 14, 2016

Remember my Popular SIEM Starter Use Cases post from 2014? Let’s take a look at that list of popular SIEM use cases and see how/where UEBA helps. This will make the SIEM/UEBA war discussion come to life more (check this discussion out as well, as an optional pre-requisite)… Let’s try it using the same table […]

Read more »

The Coming UBA / UEBA – SIEM War!

by Anton Chuvakin  |  November 7, 2016

A war is coming!! A war where not everybody will survive [which is, I guess, the whole point of having a war, eh? :-)] Indeed, I see a high chance of a dramatic SIEM vs UEBA / UBA confrontation in the next 1-2 years – and it will be fun to watch! The essence of […]

Read more »

SOC Webinar Questions Answered

by Anton Chuvakin  |  October 28, 2016

As promised, here my Gartner SOC webinar Q&A (webinar recording) – admittedly I am keeping some answers short since there were so many of them [some questions are edited for clarity; those that refer to specific vendors are excluded]: How do you see the role of BRO IDS when it comes to hunting? We see […]

Read more »

Next Research: Back to Security Analytics and UBA/UEBA

by Anton Chuvakin  |  October 27, 2016

Our deception research is winding down and the paper is nearly ready, so we are thinking about what’s next. In fact, we are going to cook something really exciting: a comparison of various User and Entity Behavior Analytics (UEBA, sometimes just UBA) tools. And of course UEBA/UBA usage tips, “decent practices” [that’s what passes for […]

Read more »

Our “How to Plan, Design, Operate and Evolve a SOC” Paper Is Published

by Anton Chuvakin  |  October 25, 2016

As Augusto already mentioned, our SOC paper is out. Run, not walk, to read our “How to Plan, Design, Operate and Evolve a SOC” (Gartner GTP access required). The abstract states “Technical professionals pursuing a more mature security practice may decide to centralize all or part of those activities into a SOC. This guidance presents […]

Read more »

APT-Ready? Better Threat Detection vs Detecting “Better” Threats?

by Anton Chuvakin  |  October 19, 2016

As we mentioned a few times before, we see a lot of “deception as detection” use cases. Frankly, we see nearly all deception projects focused on threat detection (typically of the lateral movement of the attacker and other middle parts of the killchain) and not on the observation of the entrapped attackers and not on […]

Read more »

Security Planning Guide for 2017

by Anton Chuvakin  |  October 17, 2016

Our team has just released our annual security planning guide: “2017 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it! The abstract states: “Achieving three goals for resilient digital business — privacy, safety and reliability — in a fast-paced business, IT and risk landscape remains challenging. This will […]

Read more »