Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”

by Anton Chuvakin  |  June 19, 2017

Now, I would have called this paper like so: “What is better, OLD anti-virus or NEW anti-virus?!” The author went for a tamer title version, but it is still an awesome paper, if you are into anti-malware or endpoint security. It contains a detailed feature by feature comparison of many vendors related to fighting malware […]

Read more »

Befuddled By “Hackback”

by Anton Chuvakin  |  June 7, 2017

I’ve been meaning to write this literally for years. But now all this hoopla around “Active Cyber Defense Certainty Act” [PDF] (aka “the Hackback Law”) has triggered me into action. Let’s start from the obvious – hilarity will ensue: OMG, people are *seriously* debating this new hack-back law. So wow. Refer the dude to the […]

Read more »

Upcoming Webinar: User and Entity Behavior Analytics Tools

by Anton Chuvakin  |  June 6, 2017

Another Summer, another fun webinar with me. Topic: How to Test, Deploy and Operationalize User and Entity Behavior Analytics (UEBA) Tools Date: July 11, 2017 Time: 10PM PT / 1PM ET Register: here Description: UEBA tools can successfully detect malicious and suspicious activity that otherwise goes unnoticed, but these new detection tools employ unfamiliar approaches […]

Read more »

My Top 7 Popular Gartner Blog Posts for May 2017

by Anton Chuvakin  |  June 2, 2017

Most popular blog posts from my Gartner blog during the past month are: Why Your Security Data Lake Project Will FAIL! (likely my most popular Gartner blog post ever!) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Our “Comparison of Endpoint Detection […]

Read more »

WannaCry or Useful Reminders of the Realities of Vulnerability Management

by Anton Chuvakin  |  May 18, 2017

WannaCry whatever. Not that I am keyword trawling, but this recent Windows XP/NSA/North Korea/ransomware/bitcoin/OMG drama made me think about good old vulnerability management again – especially given that it is our current research project. If you look at social media, you’ll see TWO opposite voices about the situation: “OMG those idiots use Windows XP and/or […]

Read more »

My Top 7 Popular Gartner Blog Posts for April 2017

by Anton Chuvakin  |  May 13, 2017

Most popular blog posts from my Gartner blog during the past month are: Why Your Security Data Lake Project Will FAIL! (likely my single most popular Gartner blog post ever!) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Our Security Analytics and […]

Read more »

More Cloud Security Monitoring Contemplations

by Anton Chuvakin  |  April 25, 2017

Your choice for security monitoring and/or threat detection technologies for different cloud models (SaaS, PaaS, IaaS) is, essentially: Use the security controls that your cloud service provider (CSP) offers … but for many CSPs these are really shitty [or worse!], and even if they are great – they only work for this one provider. Does […]

Read more »

Cloud Threat Detection Research

by Anton Chuvakin  |  April 19, 2017

What an amazing coincidence! After all the UEBA / UBA excitement (that is, sadly, still ongoing….) and after my short threat hunting paper (out already!), we are about to revisit the cloud security topic. If you recall, in 2015 I updated my 2012 paper on approaches to security monitoring in the cloud. It is a […]

Read more »

Why Your Security Data Lake Project Will FAIL!

by Anton Chuvakin  |  April 11, 2017

Beats me, but for some reason organizations think that they can build A SECURITY DATA LAKE and/or their own CUSTOM BIG DATA SECURITY ANALYTICS tools. Let me tell you what will happen – it will FAIL. Cue the data swamp jokes. Mention data pond scum. Discuss pissing in the data pool. The result is the […]

Read more »

SIEM Future: A UEBA Path or An MDR Way?

by Anton Chuvakin  |  April 7, 2017

Want to hear a bad joke about #SIEM? Knock knock Who’s there? SIEM! No way… you are dead!!! Ok, in all seriousness, we all know SIEM is NOT dead – but a nearly $2b business with decent growth. To put this in context, a 2nd tier SIEM vendor likely makes more money than the entire […]

Read more »