Anton Chuvakin

A member of the Gartner Blog Network

Entries Categorized as 'SIEM'


SIEM Webinar Questions – Answered

by Anton Chuvakin  |  April 14, 2014  |  4 Comments

Last year, I did this great SIEM webinar on “SIEM Architecture and Operational Processes” [free access to recording! No Gartner subscription required] and received a lot of excellent questions. This is the forgotten post with said questions. The webinar was about “Security information and event management (SIEM) is a key technology that provides security visibility, [...]

4 Comments »

Category: analytics logging monitoring security SIEM     Tags:

How to Use Threat Intelligence with Your SIEM?

by Anton Chuvakin  |  March 26, 2014  |  10 Comments

SIEM and Threat Intelligence (TI) feeds are a marriage made in heaven! Indeed, every SIEM user should send technical TI feeds into their SIEM tool. We touched on that subject several times, but in this post will look at in in depth. Well, in as much depth as possible to still make my future paper [...]

10 Comments »

Category: analytics collective incident response logging monitoring security SIEM threat intelligence     Tags:

Speaking at Gartner Security & Risk Management Summit 2014

by Anton Chuvakin  |  March 24, 2014  |  7 Comments

For those attending Gartner 2014 Security and Risk Management Summit (June 23-26, 2014 in Washington, DC), here is what I am presenting on: SIEM Architecture and Operational Processes Network and Endpoint Visibility for Incident Response Security Incident Response in the Age of the APT The sessions in detail: SIEM Architecture and Operational Processes Security information [...]

7 Comments »

Category: announcement conference ETDR incident response network forensics security SIEM     Tags:

My Security Solution Paths Published: Threats and Vulnerabilities

by Anton Chuvakin  |  January 24, 2014  |  1 Comment

As some of you know, Gartner GTP has a brilliant resource called Reference Architecture that is “a unique decision-making tool that provides tailored recommendations to guide IT architecture decisions”, including of course the decisions about security. Apart from Decision Points and Templates, the reference architecture includes Solution Paths that guide our clients to other documents [...]

1 Comment »

Category: announcement ETDR incident response monitoring security SIEM vulnerability management     Tags:

Big Data for Security Realities – Case 2 Variety Explosion

by Anton Chuvakin  |  October 17, 2013  |  Comments Off

Part of my research this quarter focuses on assessing the reality of using big data approaches for security and providing practical, GTP-style recommendations for enterprises. So, what else IS real? One more case that occasionally (not as often as Case 1) shows up is “data variety explosion.” Specifically, this scenario goes like this: The organization [...]

Comments Off

Category: analytics big data security SIEM     Tags:

Detailed SIEM Use Case Example

by Anton Chuvakin  |  September 24, 2013  |  Comments Off

During inquiries, I am handling a lot of questions about SIEM use cases, what they are, where to get them, how to create them, how to document them, evolve them, map them to particular SIEM features, etc, etc. I often walk through a complete example to explain it, with a painful level of details; here [...]

Comments Off

Category: logging monitoring policy security SIEM     Tags:

Upcoming Webinar: SIEM Architecture and Operational Processes

by Anton Chuvakin  |  September 19, 2013  |  Comments Off

Following the theme I explored in “Security Information and Event Management Architecture and Operational Processes” paper, I am doing a webinar titled “SIEM Architecture and Operational Processes” Date: Wednesday, September 25, 2013 Time: 10AM EDT [delivered by a sleepy Anton ] and 1PM EDT [delivered by a well-caffeinated Anton] Title: SIEM Architecture and Operational Processes [...]

Comments Off

Category: announcement conference SIEM     Tags:

Alert-driven vs Exploration-driven Security Analysis

by Anton Chuvakin  |  May 20, 2013  |  7 Comments

Is alert-driven security workflow “dead”?! It is most certainly not. However, it is being challenged at some enlightened organizations that deploy SIEM, network forensics or other analytics technologies (notice how elegantly I am avoiding the marketer-corrupted term “big data” ). A fellow SIEM literati once called it using “tech support workflow” for security incident response [...]

7 Comments »

Category: analytics monitoring network forensics security SIEM     Tags: , , ,

9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car

by Anton Chuvakin  |  April 15, 2013  |  2 Comments

Here is how  building an enterprise security analytics “big data” capability is like building a flying car: You can buy a car from a lot of suppliers, but no one will sell you a flying car It makes little sense to build your own *regular* car, since there are so many to buy Some people/firms [...]

2 Comments »

Category: analytics big data security SIEM     Tags: , , ,

Updated SIEM RFP Toolkit Out!

by Anton Chuvakin  |  April 11, 2013  |  2 Comments

Here is a useful resource on SIEM that has been recently updated by Mark Nicolett and Kelly Kavanagh: SIEM RFT Toolkit. “Organizations that need to improve their log management, compliance reporting or real-time security event management capabilities can benefit from a security information and event management (SIEM) technology deployment. The SIEM project team should engage [...]

2 Comments »

Category: announcement SIEM     Tags: