Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Incident Response Becomes Threat Response … OR Does It: IR Research Commencing

by Anton Chuvakin  |  February 5, 2016

As planned, we are starting our research effort on EDR, but also one on security incident response (IR), a topic we last touched in 2013. Most likely, we will be updating our document titled “Security Incident Response in the Age of APT” [Gartner GTP access required] and possibly, but not likely, creating a new document […]

Read more »

EDR Research Commencing: Call To Action!

by Anton Chuvakin  |  January 27, 2016

As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new document with a deeper technical dive on EDR technology. If you recall, I’ve been whining incessantly about the fuzzy boundary between EDR (at least the […]

Read more »

No, Virginia, It Does NOT Mean That!

by Anton Chuvakin  |  January 25, 2016

This is a post to finally put this idiocy to rest: “If you can DETECT, why can’t you PREVENT!?” Here are my top 5 reasons why DETECTION excellence does NOT automatically mean you can have PREVENTION: Uncertainty – prevention [blocking] is black and white (switch open / closed), and requires 100.0% dead certainty of a […]

Read more »

“Deception as Detection” or Give Deception a Chance?

by Anton Chuvakin  |  January 8, 2016

Many industry observers have noticed that deception approaches are re-emerging in the collective attention of the operational [as opposed to research] security industry and community (“cyber”- community?). We even have a paper to prove it [Gartner access required]. Frankly, I’ve been working on this post for a long time – and it has been tearing […]

Read more »

Jumping Security Maturity FAIL!

by Anton Chuvakin  |  January 6, 2016

Strategic threat intel before patching? Malware reversing before firewalls? Honeypots before NIPS? Are you freaking insane?! Well, are you? Why are you doing this? What good do you think it will do? Well, it gets your boss’s boss points for “being innovative” and “using cutting edge tech”… I will give you that. Also, it lets […]

Read more »

All My Research Published in 2015

by Anton Chuvakin  |  January 5, 2016

To make it easy for my readers to find my recent research, here is the list of everything I published in 2015: Vulnerability assessment and vulnerability management (VA / VM): How to Implement Enterprise Vulnerability Assessment A Guidance Framework for Developing and Implementing Vulnerability Management A Comparison of Vulnerability and Security Configuration Assessment Solutions Security […]

Read more »

A Quick Update on Our Research

by Anton Chuvakin  |  December 29, 2015

Since some of you are asking, here is what is cooking…. Just done: vulnerability assessment and vulnerability management (finished Nov 2015) “How to Implement Enterprise Vulnerability Assessment” “A Guidance Framework for Developing and Implementing Vulnerability Management” “A Comparison of Vulnerability and Security Configuration Assessment Solutions” Cooking now: SIEM updates, security monitoring use cases in depth […]

Read more »

Our Team Is Hiring Again: Second Position Open – Application Security in Europe

by Anton Chuvakin  |  December 7, 2015

Our team at Gartner for Technical Professionals (GTP) is HIRING again and ANOTHER POSITION opens up! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! This new role is for an application security person, so this time we have a specific focus area in mind – and a specific location. […]

Read more »

Where Does EDR End and “NG AV” Begin?

by Anton Chuvakin  |  December 3, 2015

What is the difference between Endpoint Detection and Response (EDR, previously named ETDR) and “NG anti-virus” (“NG AV” is not an official term)? Specifically, where EDR ends and AV begins? Short answer: Damned if I know Longer answer: Why am I even writing about EDR, for gods’ sakes?! Shouldn’t I be focused on SIEM use […]

Read more »

Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL?

by Anton Chuvakin  |  December 2, 2015

Can I run my SIEM project exclusively with the use case content (including rules, reports, alerts, dashboards, algorithms) provided by my SIEM vendor? Short answer: YES, as long as you START there, rather than FINISH there. Longer answer: Indeed, many organizations have successfully implemented their monitoring capabilities (whether SIEM-centric or focused on other monitoring and […]

Read more »