Gartner Blog Network

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

RSA 2017: What’s The Theme?

by Anton Chuvakin  |  February 22, 2017

As I mentioned before, unlike some in our industry, I love RSA Conference (#RSAC), chiefly as an “industry–in–a-room” [not to be confused with a mythical SOC-in-a-box :-)] phenomenon. RSA is best venue for “theme divination”, a strictly non-scientific process of absorbing huge amounts of hype in the vendor expo halls and the sessions in order […]

Read more »

Our Team Is Hiring Again: Position Open – Network Security in US/North America

by Anton Chuvakin  |  February 16, 2017

Our team at Gartner for Technical Professionals (GTP) is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! Work with awesome people like … well … all of us here This replacement position [one of us went to pursue his dream job, apparently :-)] is for a network […]

Read more »

My Top 7 Popular Gartner Blog Posts for January 2017

by Anton Chuvakin  |  February 2, 2017

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) Why SIEMs F*cked Up Application Log Analysis? (UEBA / UBA research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter […]

Read more »

Security in 2025 – Extrapolate or Bust?

by Anton Chuvakin  |  January 27, 2017

What year is this? Still 2017, indeed. So, imagine it is 2025… and 8 years have passed. How is information security (“cyber security”) different in 2025? But before you start droning about …well… drones and AIs and vast machine intelligences and 7G mobile security (all fun subjects, I am sure!), think about Windows 2008. Windows […]

Read more »

Ok, So Who Really MUST Get a UEBA?

by Anton Chuvakin  |  January 24, 2017

As I mentioned in my 2014 post on security analytics and in a related GTP paper at the same time, “The noise about big data for security has grown deafening in the industry, but the reality lags far, far behind.” Two years have passed since that time. What can I tell you? It still “lags […]

Read more »

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in 1997, so 20 years ago. 20 years is like 2 gazillion years in “IT years.” But even today I see a lot of people who […]

Read more »

On UEBA / UBA Use Cases

by Anton Chuvakin  |  January 5, 2017

After much agonizing, we (Augusto and myself) have settled on the following list of UEBA / UBA use cases for our upcoming UEBA technology comparison. Here they are: Compromised account detection: this is a “classic UBA” usage – study account authentication and usage information to conclude that the account is being used by a malicious […]

Read more »

My Top 7 Popular Gartner Blog Posts for December 2016

by Anton Chuvakin  |  January 3, 2017

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) […]

Read more »

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is required for all of the papers; the list includes updates to existing papers, such as those on threat intel, incident response and SIEM. Deception: “Applying […]

Read more »

UEBA Clearly Defined, Again?

by Anton Chuvakin  |  December 12, 2016

Ok, so after yet another request to “define UBA | UEBA clearly”, this post was born. First, Gartner “Market Guide for User and Entity Behavior Analytics” (not the research we are planning, BTW) just went up and its authors do spent time clarifying UEBA characteristics. To quote, “User and entity behavior analytics offers profiling and […]

Read more »