Gartner Blog Network


Our New Paper on Security Monitoring Use Cases Publishes

by Anton Chuvakin  |  February 17, 2016  |  1 Comment

It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:

“Use cases are in the core of security monitoring activities. A structured process to identify, prioritize, implement and maintain use cases allows organizations to align monitoring efforts to security strategy, choose the best solutions and maximize the value obtained from security monitoring tools.”

This work covers BOTH a process to handle SIEM use case content [and other security monitoring use cases] and a library of common use cases for different technologies. For more value, it can be read together with “Selecting Security Monitoring Approaches by Using the Attack Chain Model” [GTP access also required]

Some fun quotes follow below:

  • “Organizations need a process to identify, prioritize, implement and maintain security monitoring use cases (UCs). […] These processes cannot be too complex because security monitoring requires fast and constant changes to align with evolving threats.”
  • “Organizations perform security monitoring by implementing security monitoring use cases. […] Choosing which of these [tools] to use is a daunting task in large part because significant overlap exists in these solutions and also because their individual and combined monitoring effectiveness is difficult to measure.”
  • “A broken use-case discovery process means you will solve only easy and specific problems (like “see if anybody connects to our payment card database at night”). To overcome this, use this guidance to create your process.”

Enjoy the paper! And congrats to Augusto for an awesome idea to create this research!

P.S. Augusto’s blog post on the topic is here.

Related blog posts annoucing research publication:

Category: announcement  monitoring  security  siem  

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Our New Paper on Security Monitoring Use Cases Publishes


  1. Nadia says:

    How can I get the Membership of Gartner in order to be able to read the Articles?

    Thank you



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.