Gartner Blog Network


New Research Starting Soon: Threat Intel, SOC, etc

by Anton Chuvakin  |  May 11, 2016  |  4 Comments

Our EDR research is winding down, so we are about to start our next cycle, here is what we have in mind.

  • THREAT INTELLIGENCE TOPIC: An update to our “How to Collect, Refine, Utilize and Create Threat Intelligence” that compares types of threat intelligence data and outlines common TI usage patterns. We [Augusto and myself] are happy to take Vendor Briefings from the threat intel vendors, if there are any left :–)
  • Also, an update to our “Threat Assessment in the Age of the APT”, a paper on the threat assessment process makes use of threat intelligence in order to determine which threats are relevant to an organization. It may be dry, but it is useful for those that are making their security more threat-centric.
  • SECURITY OPERATIONS CENTER TOPIC: FInally, our pièce de résistance, a new paper on how to build a modern SOC. Seriously, we want to write a friggin’ SOC bible [yes, we think running a good today SOC requires some praying :–)] and focus on the 2016 SOC requirements, not 1998…. A lot of work is ahead for us on this one – and of course lots of fun blog posts!

So, our call to action:

  • Threat intelligence (TI) providers and/or threat intelligence platform (TIP) tool vendors, feel free to schedule a VB, BUT be ready for A LOT of questions on how your data and/or tools are used by real clients. Frankly, your dark web mojo is of no interest to us, UNLESS you can prove it is being actively used by [many] clients and you also explain how!
  • Anybody with recent SOC-building experience (vendor, consultant, enterprise, etc), we are happy to chat via whatever means comfortable to you. And, no, those who paid an MSSP and now live under an illusion of “having a SOC” need not apply :-)

Category: announcement  monitoring  security  soc  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on New Research Starting Soon: Threat Intel, SOC, etc


  1. […] Anton Chuvakin Our EDR research is winding down, so we are about to start our next cycle, here is what we have in […]

  2. Mike Loginov says:

    Anton we are in the process of scoping a federated forward looking SOC that will also integrate with a CERT and other threat intel sources. Be interested to understand more of what you are seeking to achieve to see if any synergies? Regards. Mike

    • Thanks a lot for the comment. We are still formulating our questions and plans, so I’d be happy to share this [here or privately via email] when we have that.

  3. […] we mentioned, we are starting a refresh effort for our threat intelligence paper [Gartner GTP access required]. […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.