Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

How to Grow to Strategic Threat Intel Consumption?

by Anton Chuvakin  |  August 24, 2016

Here is a bitchingly hard question: how to get organizations to move up the maturity scale of using threat intelligence (TI), from blindly [ok, not always blindly] dropping indicator feeds into tools to [at least] appreciating and utilizing strategic threat intelligence? Now, a cynicist [and …well…aren’t we all?] may say “why help people who won’t […]

Read more »

Speaking at Gartner Security and Risk Management Summit London 2016

by Anton Chuvakin  |  August 23, 2016

Gartner Security Summit London 2016 is coming soon – and this time I will be there! Here is my traditional blog post summarizing my speaking at this event (London, UK – September 12-13, 2016): “The Fast Evolving State of Security Analytics 2016” is a broad overview of security analytics. It will also focus in part […]

Read more »

Threats Inside vs Insider Threat

by Anton Chuvakin  |  August 9, 2016

Here is a quick one on INSIDER THREAT. Deep down, we all know that nobody cares about the insider threat. Well, not literally “nobody”; few organizations do care about their insider threats [and, yes, those who genuinely care tend to care a whole lot, granted]. Now, many say they do care (a great example), but, […]

Read more »

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10 in general and log review in particular are extremely hard for many organizations, large and small. Some of my favorite quotes follow below: “Having security […]

Read more »

My Top 7 Popular Gartner Blog Posts for July 2016

by Anton Chuvakin  |  August 1, 2016

Most popular blog posts from my Gartner blog during the past month are: My “How to Work With an MSSP to Improve Security” Paper Publishes (MSSP research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) […]

Read more »

Our Team Is Hiring Again: Position Open – Data Security in UK/Europe

by Anton Chuvakin  |  July 22, 2016

Our team at Gartner for Technical Professionals (GTP) is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! This new role is for a data security person. Excerpts from the job description – with my highlights: “Create and maintain high quality, accurate, and in depth documents or architecture […]

Read more »

Can I Detect Advanced Threats With Just Flows/IPFIX?

by Anton Chuvakin  |  July 21, 2016

Source IP. Destination IP. Source port. Destination port. Network protocol. Connection time. A bit more context data. Is this enough to detect “an advanced threat”? Before you jump to conclusions, let’s have a productive discussion here. Some context is required to make it just such a discussion. Here is where it started: Detecting *REAL* advanced […]

Read more »

Speaking at Gartner Catalyst 2016

by Anton Chuvakin  |  July 15, 2016

Gartner Catalyst 2016, a conference by Gartner for Techical Professionals (GTP), is coming soon. Here is my traditional blog post summarizing my speaking at this event (San Diego, CA – August 15-18, 2016): “Dealing With Insider Threat” talk will will examine organizations in terms of real-world preventative “actions” (or lack their-of), investment in time, energy […]

Read more »

About The Tri-Team Model of SOC, CIRT, “Threat Something”

by Anton Chuvakin  |  July 7, 2016

From the clients with THE MOST mature security operations, we learn the so-called “tri-team” model for detection and response: SOC – primarily monitoring and threat detection in near real-time, and of course alert triage. CSIRT – security incident response “Threat something” (no standard name: we heard “theat fusion center”, “threat management center’’”, “threat intelligence team” […]

Read more »

My Top 7 Popular Gartner Blog Posts for June 2016

by Anton Chuvakin  |  July 1, 2016

Most popular blog posts from my Gartner blog during the past month are: My “How to Work With an MSSP to Improve Security” Paper Publishes (MSSP research … we really should update it soon) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) […]

Read more »