Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Action Item: SaaS SIEM Users Sought!

by Anton Chuvakin  |  July 19, 2017

As we already mentioned, one of the papers we are writing this quarter would be about (in part) SIEM delivered via a Software-as-a-service (SaaS) model. Let’s call it “SaaS SIEM.” If you recall, my long-time position was that such a thing didn’t really exist. As late as 2015, I mentioned this very fact. Well, it […]

Read more »

Flashback 2014: SIEM Deployment Blueprint Visual

by Anton Chuvakin  |  July 17, 2017

Back in 2014, we tried to create a SIEM “one-pager” that we published as “Blueprint for Designing a SIEM Deployment.” The essence of this short note was a picture that represented a typical SIEM deployment and also attempted to depict a typical SIEM implementation process (via the stage numbers that denote one of the possible […]

Read more »

Speaking at Gartner Security Summit Australia 2017

by Anton Chuvakin  |  July 14, 2017

Gartner Security & Risk Management Summit Australia / APAC 2017 is coming soon and here is my traditional blog post summarizing my speaking at this upcoming event (Sydney, Australia, August 21-22, 2017). “How to Deploy and Operationalize User and Entity Behavior Analytics (UEBA) Tools” – “UEBA can successfully detect malicious and suspicious activity that otherwise […]

Read more »

Summer of SIEM 2017 Coming…

by Anton Chuvakin  |  July 11, 2017

Initially, I wanted to name this post “My SIEM Is Too Slow | My SIEM Is Too Dumb”, but then I decided to go for a milder version, because – against all odds – I still love SIEM. So, now that we are wrapping up our cloud and VA/VM research, it is time to plan […]

Read more »

My Top 7 Popular Gartner Blog Posts for June 2017

by Anton Chuvakin  |  July 7, 2017

Most popular blog posts from my Gartner blog during the past month are: Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) […]

Read more »

Security Without Security People: A [Sad] Way Forward?

by Anton Chuvakin  |  June 29, 2017

This post is a convergence of a few things: our recent foray into more basic security areas (such as from threat hunting to vulnerability management), my experiences at a recent Security Summit and of course recent ransomware-like incidents (from WannaCry to Petya). So, we analysts lots of do 1on1s at Gartner Events, these are essentially […]

Read more »

Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”

by Anton Chuvakin  |  June 19, 2017

Now, I would have called this paper like so: “What is better, OLD anti-virus or NEW anti-virus?!” The author went for a tamer title version, but it is still an awesome paper, if you are into anti-malware or endpoint security. It contains a detailed feature by feature comparison of many vendors related to fighting malware […]

Read more »

Befuddled By “Hackback”

by Anton Chuvakin  |  June 7, 2017

I’ve been meaning to write this literally for years. But now all this hoopla around “Active Cyber Defense Certainty Act” [PDF] (aka “the Hackback Law”) has triggered me into action. Let’s start from the obvious – hilarity will ensue: OMG, people are *seriously* debating this new hack-back law. So wow. Refer the dude to the […]

Read more »

Upcoming Webinar: User and Entity Behavior Analytics Tools

by Anton Chuvakin  |  June 6, 2017

Another Summer, another fun webinar with me. Topic: How to Test, Deploy and Operationalize User and Entity Behavior Analytics (UEBA) Tools Date: July 11, 2017 Time: 10PM PT / 1PM ET Register: here Description: UEBA tools can successfully detect malicious and suspicious activity that otherwise goes unnoticed, but these new detection tools employ unfamiliar approaches […]

Read more »

My Top 7 Popular Gartner Blog Posts for May 2017

by Anton Chuvakin  |  June 2, 2017

Most popular blog posts from my Gartner blog during the past month are: Why Your Security Data Lake Project Will FAIL! (likely my most popular Gartner blog post ever!) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Our “Comparison of Endpoint Detection […]

Read more »