Anton Chuvakin

A member of the Gartner Blog Network

Anton Chuvakin
Research VP
2+ years with Gartner
14 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Coverage Areas:

Security Monitoring Planning Tool?

by Anton Chuvakin  |  April 23, 2014  |  4 Comments

The easy stuff is for wussies – how about I dedicate my time to creating a structured approach for deciding which monitoring technology to use under various circumstances? For example, a SIEM can be used to monitor a database for security issues using native database logs; or you can use a DAP tool. Similarly, firewall logs fed into a SIEM can sometimes work for monitoring anomalous network connections, in other circumstances a NIPS or even an NBA may be a better choice.

So here’s what I’m thinking about: can we build a decision tool that works like this:

 

Decide WHY = think attacks, privileged user activities, resource access [regulations define some of the WHYs for you, but won’t be explicitly mentioned here]

+

Pick WHAT = think databases, files, entire systems, connections, data in various forms, etc

=

Get the best 1-2 technology choices for each set of circumstances.

 

Realistic? Worth doing? What do you think?

P.S. This decision tool will intentionally avoid answering the “Why?” question for you (this is done elsewhere when risk related activities are undertaken) and also will focus on technology choices (leaving operational processes to be established separately).

4 Comments »

Category: monitoring security     Tags:

4 responses so far ↓