Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Gartner Hiring SIEM/MSSP Experts – Two Roles (US and EU)

by Anton Chuvakin  |  March 13, 2017

Gartner [but NOT our team] has TWO positions open for SIEM / MSSP / vulnerability management experts. The topic requirements include (for both): Managed Security Service Providers / MSSP Security consulting services Security monitoring technologies / SIEM Security analytics Vulnerability Management ONE is in US / North America – apply and see details here. ANOTHER […]

Read more »

My Top 7 Popular Gartner Blog Posts for February 2017

by Anton Chuvakin  |  March 2, 2017

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) Popular SIEM Starter Use Cases (SIEM research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Detailed SIEM Use Case Example (SIEM research) […]

Read more »

Planned: A Quick Paper on Threat Hunting – Ideas Sought

by Anton Chuvakin  |  March 1, 2017

As it happens, I will now work on a short and sweet paper on THREAT HUNTING. So far, I’ve have seen two types of materials on THREAT HUNTING (TH): Great materials written by the “security 1%-ers” for other security 1%-ers or, perhaps, for the …ahem… 2%-ers, i.e. less elitish elites [IMHO, much of it is […]

Read more »

RSA 2017: What’s The Theme?

by Anton Chuvakin  |  February 22, 2017

As I mentioned before, unlike some in our industry, I love RSA Conference (#RSAC), chiefly as an “industry–in–a-room” [not to be confused with a mythical SOC-in-a-box :-)] phenomenon. RSA is best venue for “theme divination”, a strictly non-scientific process of absorbing huge amounts of hype in the vendor expo halls and the sessions in order […]

Read more »

Our Team Is Hiring Again: Position Open – Network Security in US/North America

by Anton Chuvakin  |  February 16, 2017

Our team at Gartner for Technical Professionals (GTP) is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)! Work with awesome people like … well … all of us here This replacement position [one of us went to pursue his dream job, apparently :-)] is for a network […]

Read more »

My Top 7 Popular Gartner Blog Posts for January 2017

by Anton Chuvakin  |  February 2, 2017

Most popular blog posts from my Gartner blog during the past month are: Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) Why SIEMs F*cked Up Application Log Analysis? (UEBA / UBA research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter […]

Read more »

Security in 2025 – Extrapolate or Bust?

by Anton Chuvakin  |  January 27, 2017

What year is this? Still 2017, indeed. So, imagine it is 2025… and 8 years have passed. How is information security (“cyber security”) different in 2025? But before you start droning about …well… drones and AIs and vast machine intelligences and 7G mobile security (all fun subjects, I am sure!), think about Windows 2008. Windows […]

Read more »

Ok, So Who Really MUST Get a UEBA?

by Anton Chuvakin  |  January 24, 2017

As I mentioned in my 2014 post on security analytics and in a related GTP paper at the same time, “The noise about big data for security has grown deafening in the industry, but the reality lags far, far behind.” Two years have passed since that time. What can I tell you? It still “lags […]

Read more »

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in 1997, so 20 years ago. 20 years is like 2 gazillion years in “IT years.” But even today I see a lot of people who […]

Read more »

On UEBA / UBA Use Cases

by Anton Chuvakin  |  January 5, 2017

After much agonizing, we (Augusto and myself) have settled on the following list of UEBA / UBA use cases for our upcoming UEBA technology comparison. Here they are: Compromised account detection: this is a “classic UBA” usage – study account authentication and usage information to conclude that the account is being used by a malicious […]

Read more »