Anton Chuvakin

A member of the Gartner Blog Network

Entries Categorized as 'SIEM'

My Blueprint for Designing a SIEM Deployment Publishes

by Anton Chuvakin  |  July 22, 2014  |  1 Comment

Another new document on SIEM that I wrote just published: Blueprint for Designing a SIEM Deployment. “Planning a distributed enterprise SIEM deployment is challenging for information security teams at many organizations. This Blueprint shows the architecture and timeline for an enterprise security information and event management deployment and highlights key tasks for each stage. “ [...]

1 Comment »

Category: announcement security SIEM     Tags:

“Stop The Pain” Thinking vs the Use Case Thinking

by Anton Chuvakin  |  July 17, 2014  |  1 Comment

“Hello, I am your anti-virus program. Which specific viruses would you like me to kill today? Enter names here: [……..]” While I don’t recall the exact state of the art of anti-virus back in the late 1980s, I do not remember any anti-virus program ever asking such a question. The technology originated in response to [...]

1 Comment »

Category: philosophy security SIEM     Tags:

More on SIEM Maturity – And Request for Feedback!

by Anton Chuvakin  |  July 14, 2014  |  10 Comments

During my original SIEM architecture and operational practices research (see the paper here and a presentation here), I looked at the topic of SIEM operation maturity. Organizations that purchase and deploy SIEM technologies are at different stages of their IT and information security maturity (such as when measured by Gartner ITScore for Security). Certain security [...]


Category: monitoring security SIEM     Tags:

My Evaluation Criteria for Security Information and Event Management Publishes

by Anton Chuvakin  |  July 2, 2014  |  4 Comments

It is with tremendous excitement that I am announcing the publication of my “Evaluation Criteria for Security Information and Event Management” document and SIEM selection tool (download link inside the document). Love the “Magic Quadrant for Security Information and Event Management” and “Critical Capabilities for Security Information and Event Management” but want more details? [and [...]


Category: announcement security SIEM     Tags:

SIEM Magic Quadrant 2014 Is Out!

by Anton Chuvakin  |  June 26, 2014  |  7 Comments

SIEM Magic Quadrant and SIEM Critical Capabilities documents have just been published [Gartner subscription require for access – at least until some vendor republishes the content…] “Magic Quadrant for Security Information and Event Management” (2014) “Critical Capabilities for Security Information and Event Management” (2014) Some fun quotes from this year’s documents: “Broad adoption of SIEM [...]


Category: announcement security SIEM     Tags:

On SIEM Tool and Operation Metrics

by Anton Chuvakin  |  June 17, 2014  |  19 Comments

While some people whine that “their SIEM deployment has failed”, how the hell do they know? I’ve met some folks who spent 8 digits (that’s EIGHT digits!) on SIEM and they are as happy as pigs in clover. They think that SIEM is the best security investment they’ve ever made, for realz. Measuring SIEM health [...]


Category: security SIEM     Tags:

SIEM Analytics Histories and Lessons

by Anton Chuvakin  |  June 6, 2014  |  9 Comments

I’ve been obsessed with stored/historical data analysis inside a SIEM for a while, long before the current craze about so-called “security analytics” has been inflicted upon the community. Yes, real-time correlation of an event stream is great (and has been implemented in SIEM products since the late 1990s), but historical data can tell a story [...]


Category: analytics philosophy security SIEM     Tags:

Popular SIEM Starter Use Cases

by Anton Chuvakin  |  May 14, 2014  |  2 Comments

Do you recall my post Detailed SIEM Use Case Example? I described one SIEM use case in depth, and mentioned that a lot of aspiring SIEM users are looking for “top use cases” to implement. Of course, the honest answer to “What are the best SIEM use cases?” must always be “it depends on your [...]


Category: analytics monitoring security SIEM     Tags:

Back to SIEM Research!

by Anton Chuvakin  |  May 2, 2014  |  6 Comments

Now that my threat intelligence research project is wrapping up, I am going to be spending my summer in SIEM! Here is what I have in mind for the next few months: An architectural blueprint (a new type of GTP document) on SIEM that will depict one good way of architecting Security Information and Event [...]


Category: announcement security SIEM     Tags:

SIEM Webinar Questions – Answered

by Anton Chuvakin  |  April 14, 2014  |  4 Comments

Last year, I did this great SIEM webinar on “SIEM Architecture and Operational Processes” [free access to recording! No Gartner subscription required] and received a lot of excellent questions. This is the forgotten post with said questions. The webinar was about “Security information and event management (SIEM) is a key technology that provides security visibility, [...]


Category: analytics logging monitoring security SIEM     Tags: