It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:
“Use cases are in the core of security monitoring activities. A structured process to identify, prioritize, implement and maintain use cases allows organizations to align monitoring efforts to security strategy, choose the best solutions and maximize the value obtained from security monitoring tools.”
This work covers BOTH a process to handle SIEM use case content [and other security monitoring use cases] and a library of common use cases for different technologies. For more value, it can be read together with “Selecting Security Monitoring Approaches by Using the Attack Chain Model” [GTP access also required]
Some fun quotes follow below:
- “Organizations need a process to identify, prioritize, implement and maintain security monitoring use cases (UCs). […] These processes cannot be too complex because security monitoring requires fast and constant changes to align with evolving threats.”
- “Organizations perform security monitoring by implementing security monitoring use cases. […] Choosing which of these [tools] to use is a daunting task in large part because significant overlap exists in these solutions and also because their individual and combined monitoring effectiveness is difficult to measure.”
- “A broken use-case discovery process means you will solve only easy and specific problems (like “see if anybody connects to our payment card database at night”). To overcome this, use this guidance to create your process.”
P.S. Augusto’s blog post on the topic is here.
Related blog posts annoucing research publication:
- Our 2016 SIEM Papers Are Out!
- All My Research Published in 2015
- Our Vulnerability Assessment Vulnerability Management Research Publishes
- 2030: Have They Social Engineered Your AI?! [our Maverick piece published]
- My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes
- My “How to Monitor the Security of Public Cloud Resources” Publishes
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- All My Research Published in 2014
- All My Research Published in 2013
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.