Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Who Validates Alerts Validated by Your Alert Validator Software?

by Anton Chuvakin  |  March 6, 2015

Pardon the idiotic title, but some recent discussions around security analytics have made this question practically relevant. So: You have a SIEM and other security technologies focused on detection and alerting As a result, you have lots of security alerts – and you think it is too damn many! You don’t have enough people to […]

Read more »

My Top 7 Popular Gartner Blog Posts for February

by Anton Chuvakin  |  March 4, 2015

Most popular blog posts from my Gartner blog during the past month are: Security Analytics: Projects vs Boxes (Build vs Buy)? (security analytics research) Security Analytics Lessons Learned — and Ignored! (security analytics research) Do You Want “Security Analytics” Or Do You Just Hate Your SIEM? (security analytics research) Named: Endpoint Threat Detection & Response […]

Read more »

Killed by AI Much? A Rise of Non-deterministic Security!

by Anton Chuvakin  |  March 3, 2015

Remember [some] NIDS of the 1990s? Specifically, those that were unable to show the packets that matched the rule triggering the alert! Remember how they were deeply hated by the intrusion detection literati? Security technology that is not transparent and auditable is … what’s the polite term for this? … BAD SHIT! My research into […]

Read more »

SIEM/ DLP Add-on Brain?

by Anton Chuvakin  |  February 27, 2015

Initially I wanted to call this post “SIEM has no brains”, but then questioned such harshness towards the technology I’ve been continuously loving for 13 years In any case, my long-time readers may recall this post called “Pathetic Analytics Epiphany!” (from 5 years ago) [and this one from 8] where I whine incessantly about the […]

Read more »

All My Research Published in 2014

by Anton Chuvakin  |  February 23, 2015

To make it easy for my readers to find my recent research, here is the list of everything I published in 2014: Security Information and Event Management (SIEM): Security Information and Event Management Architecture and Operational Processes SIEM Technology Assessment and Select Vendor Profiles Blueprint for Designing a SIEM Deployment Evaluation Criteria for Security Information […]

Read more »

Our Team Is Hiring Again: Join Gartner GTP Now!

by Anton Chuvakin  |  February 20, 2015

Our team at Gartner is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! Excerpts from the job description (with my highlights): Create and maintain high quality, accurate, and in depth documents or architecture positions in information security, security monitoring, threat intelligence, security event and information management systems, […]

Read more »

Those Pesky Users: How To Catch Bad Usage of Good Accounts

by Anton Chuvakin  |  February 19, 2015

Gartner says “Malware Is Already Inside Your Organization; Deal With It.” But you know what? I wish it were just stupid malware (well, some is not so stupid): via a plethora of remote access methods, human attackers are also inside. BTW, I don’t mean the actual “insiders”, seemingly nobody cares about those nowadays :–) Result? […]

Read more »

Security Analytics Lessons Learned — and Ignored!

by Anton Chuvakin  |  February 9, 2015

As I was finishing the most excellent book “Data-Driven Security: Analysis, Visualization and Dashboards“ (see book site also), one paragraph jumped out and bit me in the face – ouch! Well, not really, but it literally forced me write the below. Specifically, in Chapter 12 there is a gem of a sidebar called “Building a […]

Read more »

Security Analytics: Projects vs Boxes (Build vs Buy)?

by Anton Chuvakin  |  February 3, 2015

This is going to be a sad one. This is going to include lines like “Even if you only spend $1m on security data scientists per year, you can …” and “Our ML-based appliance can detect 68% of attacks that utilize DNS covert channel for exfiltrating RAR files, but only if …” and such. If […]

Read more »

My “How to Work With an MSSP to Improve Security” Paper Publishes

by Anton Chuvakin  |  January 30, 2015

My “How to Work With an MSSP to Improve Security” has just published. It took a lot of work, and – at 37 pages – it cannot be called “an MSSP user bible.” However, I think I hit many of the sore spots of client – MSSP relationship and provided guidance on preparing, onboarding and […]

Read more »