Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Our Team Is Hiring Again: Position Open – Data Security in UK/Europe

by Anton Chuvakin  |  July 22, 2016

Our team at Gartner for Technical Professionals (GTP) is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! This new role is for a data security person. Excerpts from the job description – with my highlights: “Create and maintain high quality, accurate, and in depth documents or architecture […]

Read more »

Can I Detect Advanced Threats With Just Flows/IPFIX?

by Anton Chuvakin  |  July 21, 2016

Source IP. Destination IP. Source port. Destination port. Network protocol. Connection time. A bit more context data. Is this enough to detect “an advanced threat”? Before you jump to conclusions, let’s have a productive discussion here. Some context is required to make it just such a discussion. Here is where it started: Detecting *REAL* advanced […]

Read more »

Speaking at Gartner Catalyst 2016

by Anton Chuvakin  |  July 15, 2016

Gartner Catalyst 2016, a conference by Gartner for Techical Professionals (GTP), is coming soon. Here is my traditional blog post summarizing my speaking at this event (San Diego, CA – August 15-18, 2016): “Dealing With Insider Threat” talk will will examine organizations in terms of real-world preventative “actions” (or lack their-of), investment in time, energy […]

Read more »

About The Tri-Team Model of SOC, CIRT, “Threat Something”

by Anton Chuvakin  |  July 7, 2016

From the clients with THE MOST mature security operations, we learn the so-called “tri-team” model for detection and response: SOC – primarily monitoring and threat detection in near real-time, and of course alert triage. CSIRT – security incident response “Threat something” (no standard name: we heard “theat fusion center”, “threat management center’’”, “threat intelligence team” […]

Read more »

My Top 7 Popular Gartner Blog Posts for June 2016

by Anton Chuvakin  |  July 1, 2016

Most popular blog posts from my Gartner blog during the past month are: My “How to Work With an MSSP to Improve Security” Paper Publishes (MSSP research … we really should update it soon) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) […]

Read more »

Baby’s First Threat Intel Usage Questions

by Anton Chuvakin  |  June 28, 2016

Every time I think I already wrote the most basic blog post on threat intelligence usage, somebody comes and asks for an even more basic one… Now, many of you have retweeted this tweet: “1. Get threat intel 2. ???? 3. Profit!” syndrome seem to plague many organizations. — Dr. Anton Chuvakin (@anton_chuvakin) June 21, […]

Read more »

Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes

by Anton Chuvakin  |  June 20, 2016

Our 2nd EDR paper has published: enjoy the “Comparison of Endpoint Detection and Response (EDR) Technologies and Solutions” [Gartner GTP access required]. The summary states that “Endpoint detection and response tools are an important component of modern security architectures. Existing tools support organizations trying to quickly detect, identify and react to threats on workstations and […]

Read more »

My Top 7 Popular Gartner Blog Posts for May 2016

by Anton Chuvakin  |  June 7, 2016

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) Revisiting Vulnerability Assessment and Vulnerability Management Research (vulnerability management research) My “How to Work […]

Read more »

Our Paper “Endpoint Detection and Response Tool Architecture and Operations Practices” Publishes

by Anton Chuvakin  |  May 26, 2016

OK, I am being very late here, but the 1st of 2 of our 2016 EDR papers titled “Endpoint Detection and Response Tool Architecture and Operations Practices” has published. Augusto promptly announced it here [while I was working hard in Honolulu…] and so I am late here, but I have some fun quotes. This paper […]

Read more »

How a Lower Maturity Security Organization Can Use Threat Intel?

by Anton Chuvakin  |  May 16, 2016

As we mentioned, we are starting a refresh effort for our threat intelligence paper [Gartner GTP access required]. One thing we may add is more detailed guidance on the usage of threat intel for lower-maturity security organizations. You know, those that just learned to spell “S-I-E-M” and that are constantly pushed to do “more with […]

Read more »