Anton Chuvakin

A member of the Gartner Blog Network

Entries Categorized as 'SIEM'


My UPDATED “SIEM Technology Assessment and Select Vendor Profiles” Publishes

by Anton Chuvakin  |  September 19, 2014  |  Submit a Comment

My other SIEM paper is updated as well: “SIEM Technology Assessment and Select Vendor Profiles.” It contains updated SIEM technology overview, some fun new trends, and refreshed vendor profiles. Here is how you can use all my recent SIEM stuff: What Do You Want? My SIEM paper to read Figure how to buy the right […]

Submit a Comment »

Category: announcement security SIEM     Tags:

My UPDATED “Security Information and Event Management Architecture and Operational Processes” Publishes

by Anton Chuvakin  |  September 15, 2014  |  5 Comments

Finally, I completed an epic update to my 2012 paper “Security Information and Event Management Architecture and Operational Processes.” I think of this paper, interchangeably, as of “SIEM’s missing manual” or a “SIEM bible” … It now has expanded SIEM process guidance, new detailed use cases, more SIEM metrics, updated SIEM maturity framework and other […]

5 Comments »

Category: announcement security SIEM     Tags:

SIEM Real-time and Historical Analytics Collide?

by Anton Chuvakin  |  July 30, 2014  |  4 Comments

SIEM technology has evolved to a point where conflicting requirements are starting to tear it apart – and I am not the only one to observe that. See here: Just as at its birth in the late 1990s, today’s SIEM must excel at real-time analysis using rule-based correlation and other methods and analyze thousands of […]

4 Comments »

Category: analytics monitoring security SIEM     Tags:

SIEM and Badness Detection

by Anton Chuvakin  |  July 24, 2014  |  5 Comments

A long time ago, in a galaxy far far away … at the very dawn of my security career I attended a presentation by somebody who is now a notable incident response expert. Well … who am I kidding? He was a notable IR expert back in 2000, way…way before IR was cool and way […]

5 Comments »

Category: analytics security SIEM     Tags:

My Blueprint for Designing a SIEM Deployment Publishes

by Anton Chuvakin  |  July 22, 2014  |  4 Comments

Another new document on SIEM that I wrote just published: Blueprint for Designing a SIEM Deployment. “Planning a distributed enterprise SIEM deployment is challenging for information security teams at many organizations. This Blueprint shows the architecture and timeline for an enterprise security information and event management deployment and highlights key tasks for each stage. “ […]

4 Comments »

Category: announcement security SIEM     Tags:

“Stop The Pain” Thinking vs the Use Case Thinking

by Anton Chuvakin  |  July 17, 2014  |  3 Comments

“Hello, I am your anti-virus program. Which specific viruses would you like me to kill today? Enter names here: [……..]” While I don’t recall the exact state of the art of anti-virus back in the late 1980s, I do not remember any anti-virus program ever asking such a question. The technology originated in response to […]

3 Comments »

Category: philosophy security SIEM     Tags:

More on SIEM Maturity – And Request for Feedback!

by Anton Chuvakin  |  July 14, 2014  |  11 Comments

During my original SIEM architecture and operational practices research (see the paper here and a presentation here), I looked at the topic of SIEM operation maturity. Organizations that purchase and deploy SIEM technologies are at different stages of their IT and information security maturity (such as when measured by Gartner ITScore for Security). Certain security […]

11 Comments »

Category: monitoring security SIEM     Tags:

My Evaluation Criteria for Security Information and Event Management Publishes

by Anton Chuvakin  |  July 2, 2014  |  4 Comments

It is with tremendous excitement that I am announcing the publication of my “Evaluation Criteria for Security Information and Event Management” document and SIEM selection tool (download link inside the document). Love the “Magic Quadrant for Security Information and Event Management” and “Critical Capabilities for Security Information and Event Management” but want more details? [and […]

4 Comments »

Category: announcement security SIEM     Tags:

SIEM Magic Quadrant 2014 Is Out!

by Anton Chuvakin  |  June 26, 2014  |  7 Comments

SIEM Magic Quadrant and SIEM Critical Capabilities documents have just been published [Gartner subscription require for access – at least until some vendor republishes the content…] “Magic Quadrant for Security Information and Event Management” (2014) “Critical Capabilities for Security Information and Event Management” (2014) Some fun quotes from this year’s documents: “Broad adoption of SIEM […]

7 Comments »

Category: announcement security SIEM     Tags:

On SIEM Tool and Operation Metrics

by Anton Chuvakin  |  June 17, 2014  |  19 Comments

While some people whine that “their SIEM deployment has failed”, how the hell do they know? I’ve met some folks who spent 8 digits (that’s EIGHT digits!) on SIEM and they are as happy as pigs in clover. They think that SIEM is the best security investment they’ve ever made, for realz. Measuring SIEM health […]

19 Comments »

Category: security SIEM     Tags: