Gartner Blog Network


Cloud Threat Detection Research

by Anton Chuvakin  |  April 19, 2017  |  3 Comments

What an amazing coincidence! After all the UEBA / UBA excitement (that is, sadly, still ongoing….) and after my short threat hunting paper (out already!), we are about to revisit the cloud security topic.

If you recall, in 2015 I updated my 2012 paper on approaches to security monitoring in the cloud. It is a great paper, but it has too many tables :-) Too damn many tables.

In any case, we are going to modernize the paper a bit, given that cloud usage has grown and “mainstreamed” – and finally more people are actively seeking ways to secure stuff in the cloud.

Also, we want to refocus the paper more towards threat detection and response in the cloud, since security monitoring sounds a bit vague to some.

Now, some of you will see this and say “Ah, I know cloud threat detection – it is spelled C.A.S.B.” Well, you’d be wrong – while detecting threats to your SaaS usage is in fact largely about CASB, the situation across PaaS and IaaS is more complex [and, no, I don’t cover CASB, but we do mention them in the paper]. For IaaS, we now have another 4-letter acronym – CWPP (yes, really, it is called that!). How do you pronounce that?

Another central question for many [still] is: can you bring your legacy detection controls with you in the cloud AND should you? Will you have a good time if you do?

In any case, we will share more of our plans as they crystallize…

BTW, right after this quick foray into the cloud, we will go back into vulnerability management (that we have not touched since 2015). If you are a vulnerability assessment (VA) vendor or a vendor that deals with vulnerability assessment data, please schedule a briefing.

Related blog posts on cloud security:

Category: cloud  monitoring  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Cloud Threat Detection Research


  1. knujlla says:

    “4-letter acronym – CWPP (yes, really, it is called that!). How do you pronounce that?”

    How about quip?

  2. […] native “built for the cloud” security tools (CASB, CWPP, cloud log management, etc)…. but accept that you will lose the single view across old and new […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.