Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Tricky: Building a Business Case for A Deception Tool?

by Anton Chuvakin  |  September 23, 2016

How do you develop a business case for a DECEPTION TOOL?! I just went through a whole bunch of deception vendor materials and I was unpleasantly surprised at the lack of advice from the vendors in this regard. For sure, those few organizations adopting deception tools are struggling with this challenge. Naturally, there is no […]

Read more »

It Is Happening: We Are Starting Our Deception Research!

by Anton Chuvakin  |  September 16, 2016

As my illustrious colleague mentioned, we are starting a new research project, one we wanted to run for a while, about DECEPTION. While there is already Gartner research on the topic (this and this), we at Gartner GTP will approach this from an end-user perspective, as always. So, in the next few weeks we will be […]

Read more »

My Top 7 Popular Gartner Blog Posts for August 2016

by Anton Chuvakin  |  September 5, 2016

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) My “How to Work With an MSSP to Improve Security” Paper Publishes (MSSP research) […]

Read more »

How to Grow to Strategic Threat Intel Consumption?

by Anton Chuvakin  |  August 24, 2016

Here is a bitchingly hard question: how to get organizations to move up the maturity scale of using threat intelligence (TI), from blindly [ok, not always blindly] dropping indicator feeds into tools to [at least] appreciating and utilizing strategic threat intelligence? Now, a cynicist [and …well…aren’t we all?] may say “why help people who won’t […]

Read more »

Speaking at Gartner Security and Risk Management Summit London 2016

by Anton Chuvakin  |  August 23, 2016

Gartner Security Summit London 2016 is coming soon – and this time I will be there! Here is my traditional blog post summarizing my speaking at this event (London, UK – September 12-13, 2016): “The Fast Evolving State of Security Analytics 2016” is a broad overview of security analytics. It will also focus in part […]

Read more »

Threats Inside vs Insider Threat

by Anton Chuvakin  |  August 9, 2016

Here is a quick one on INSIDER THREAT. Deep down, we all know that nobody cares about the insider threat. Well, not literally “nobody”; few organizations do care about their insider threats [and, yes, those who genuinely care tend to care a whole lot, granted]. Now, many say they do care (a great example), but, […]

Read more »

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10 in general and log review in particular are extremely hard for many organizations, large and small. Some of my favorite quotes follow below: “Having security […]

Read more »

My Top 7 Popular Gartner Blog Posts for July 2016

by Anton Chuvakin  |  August 1, 2016

Most popular blog posts from my Gartner blog during the past month are: My “How to Work With an MSSP to Improve Security” Paper Publishes (MSSP research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) […]

Read more »

Our Team Is Hiring Again: Position Open – Data Security in UK/Europe

by Anton Chuvakin  |  July 22, 2016

Our team at Gartner for Technical Professionals (GTP) is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! This new role is for a data security person. Excerpts from the job description – with my highlights: “Create and maintain high quality, accurate, and in depth documents or architecture […]

Read more »

Can I Detect Advanced Threats With Just Flows/IPFIX?

by Anton Chuvakin  |  July 21, 2016

Source IP. Destination IP. Source port. Destination port. Network protocol. Connection time. A bit more context data. Is this enough to detect “an advanced threat”? Before you jump to conclusions, let’s have a productive discussion here. Some context is required to make it just such a discussion. Here is where it started: Detecting *REAL* advanced […]

Read more »