Our EDR research is winding down, so we are about to start our next cycle, here is what we have in mind.
- THREAT INTELLIGENCE TOPIC: An update to our “How to Collect, Refine, Utilize and Create Threat Intelligence” that compares types of threat intelligence data and outlines common TI usage patterns. We [Augusto and myself] are happy to take Vendor Briefings from the threat intel vendors, if there are any left :–)
- Also, an update to our “Threat Assessment in the Age of the APT”, a paper on the threat assessment process makes use of threat intelligence in order to determine which threats are relevant to an organization. It may be dry, but it is useful for those that are making their security more threat-centric.
- SECURITY OPERATIONS CENTER TOPIC: FInally, our pièce de résistance, a new paper on how to build a modern SOC. Seriously, we want to write a friggin’ SOC bible [yes, we think running a good today SOC requires some praying :–)] and focus on the 2016 SOC requirements, not 1998…. A lot of work is ahead for us on this one – and of course lots of fun blog posts!
So, our call to action:
- Threat intelligence (TI) providers and/or threat intelligence platform (TIP) tool vendors, feel free to schedule a VB, BUT be ready for A LOT of questions on how your data and/or tools are used by real clients. Frankly, your dark web mojo is of no interest to us, UNLESS you can prove it is being actively used by [many] clients and you also explain how!
- Anybody with recent SOC-building experience (vendor, consultant, enterprise, etc), we are happy to chat via whatever means comfortable to you. And, no, those who paid an MSSP and now live under an illusion of “having a SOC” need not apply
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.