Gartner Blog Network


SIEM Use Cases – And Other Security Monitoring Use Cases Too!

by Anton Chuvakin  |  October 27, 2015  |  2 Comments

SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake a research project dedicated to finding, creating, refining, optimizing and retiring use cases for SIEM and some other monitoring technologies. This effort promises to be very exciting – and of course supremely valuable for Gartner GTP clients!

For now, while we are still deciding on the scope of this effort (and finishing up our VA / VM research too) here are some useful links.

Some of my past writing on SIEM use cases can be found here:

Some other excellent SIEM use case writing is linked below:

Enjoy!

Select recent blog posts related to SIEM:

Category: monitoring  security  siem  

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on SIEM Use Cases – And Other Security Monitoring Use Cases Too!


  1. […] Anton Chuvakin recently mentioned on his blog, we are starting some research on the work around security monitoring use cases: from the basic […]

  2. […] Our journey to SIEM use cases begins at SIEM USE CASE DISCOVERY, a commonly overlooked [even by me :-)] step. Coincidentally, why didn’t I take it seriously sometimes? Because if you acquired a million-dollar SIEM tool, an intelligent position would be to assume that you know what problems it will help you solve! As you can imagine, in our reality things are quite different. Plenty of organizations have acquired expensive SIEM tools for all sorts of magically idiotic reasons (such as “for compliance”) and only then started thinking about the problems the tools can help them solve and the operational practices need to actually solve them. […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.