Gartner Blog Network

Augusto Barros
Research Director
1 years at Gartner
19 years IT Industry

Augusto Barros is Research Director in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

Comparing UEBA Solutions

by Augusto Barros  |  November 28, 2016

As Anton anticipated, we’ve started working on our next research cycle, now with the intent of producing a comparison of UEBA (User and Entity Behavior Analytics) solutions. We produced a paper comparing EDR solutions a few months ago, but so far the discussion on how to compare UEBA solutions has been far more complex (and […]

Read more »

Deception Technologies – The Paper

by Augusto Barros  |  November 18, 2016

After some very fun research, we’re finally publishing our paper on deception technologies: Applying Deception Technologies and Techniques to Improve Threat Detection and Response 18 November 2016 | ID: G00314562 Augusto Barros | Anton Chuvakin Summary: Deception is a viable option to improve threat detection and response capabilities. Technical professionals focused on security should evaluate […]

Read more »

So You Want To Build A SOC?

by Augusto Barros  |  October 17, 2016

Now you can! But should you do it? As anticipated here and here, our new paper about how to plan, design, operate and evolve a Security Operations Center is out! This is a big doc with guidance for organizations with the intent of building their SOC (or for those that have one and want to make […]

Read more »

Deception as a Feature

by Augusto Barros  |  September 30, 2016

One of the things we are also covering as part of our research on deception technologies is the inclusion of deception techniques as features in other security products. There are many solutions that could benefit from honeypots and honeytokens to increase their effectiveness: SIEM, UEBA, EDR, WAF, and others. We’ve been tracking a few cases […]

Read more »

Building a Business Case for Deception

by Augusto Barros  |  September 27, 2016

So we’ve been working on our deception technologies research (have we mentioned we want to hear YOUR story about how YOU are using those?) and one of the things we are trying to understand is how organizations are building business cases for deceptions tools. As Anton said, most of the times deception will be seen […]

Read more »

New Research: Deception Technologies!

by Augusto Barros  |  September 13, 2016

With the work on our upcoming SOC paper and on the TI paper refresh winding down, we are preparing to start some exciting research in our new project: Deception Technologies! We’ve been blogging about this for some time, but the time to do some structured on the topic has finally come. There are many vendors […]

Read more »

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on “how to build a SOC”, we came into a conclusion that a modern SOC has some interesting differences from the old vanilla SOC that most organizations have in place. In essence, the difference is related to the inclusion of Threat Intelligence and Hunting/Continuous IR activities. The way […]

Read more »

Are Security Monitoring Alerts Becoming Obsolete?

by Augusto Barros  |  July 8, 2016

If I ask anyone working on a SOC about a high level description of their monitoring process, the answer will most likely look like this: “The SIEM generates an alert, the first level analyst validates it and send it to the second level. Then…” Most SOCs today work by putting their first level analysts – […]

Read more »

What’s Like to Use Non-MRTI Threat Intelligence

by Augusto Barros  |  July 6, 2016

We often hear clients asking about threat intelligence related processes: how to collect, refine and utilize it (by the way, this document is being updated; let us know if you have feedback about it!). It’s very easy to explain and visualize when we are talking about machine readable TI (MRTI for short); your tools ingest […]

Read more »

Coming to Sao Paulo for the Gartner Security Summit

by Augusto Barros  |  July 6, 2016

I’m very excited to come back to São Paulo for the Garter Security and Risk Management Summit in August. During August 2nd and 3rd I’ll have a packed schedule there, including a shared keynote with analysts Claudio Neiva and Felix Gaehtgens. The other sessions I’ll be delivering during the event are (titles and descriptions in […]

Read more »