Gartner Blog Network

Augusto Barros
Research Director
1 years at Gartner
19 years IT Industry

Augusto Barros is Research Director in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on “how to build a SOC”, we came into a conclusion that a modern SOC has some interesting differences from the old vanilla SOC that most organizations have in place. In essence, the difference is related to the inclusion of Threat Intelligence and Hunting/Continuous IR activities. The way […]

Read more »

Are Security Monitoring Alerts Becoming Obsolete?

by Augusto Barros  |  July 8, 2016

If I ask anyone working on a SOC about a high level description of their monitoring process, the answer will most likely look like this: “The SIEM generates an alert, the first level analyst validates it and send it to the second level. Then…” Most SOCs today work by putting their first level analysts – […]

Read more »

What’s Like to Use Non-MRTI Threat Intelligence

by Augusto Barros  |  July 6, 2016

We often hear clients asking about threat intelligence related processes: how to collect, refine and utilize it (by the way, this document is being updated; let us know if you have feedback about it!). It’s very easy to explain and visualize when we are talking about machine readable TI (MRTI for short); your tools ingest […]

Read more »

Coming to Sao Paulo for the Gartner Security Summit

by Augusto Barros  |  July 6, 2016

I’m very excited to come back to São Paulo for the Garter Security and Risk Management Summit in August. During August 2nd and 3rd I’ll have a packed schedule there, including a shared keynote with analysts Claudio Neiva and Felix Gaehtgens. The other sessions I’ll be delivering during the event are (titles and descriptions in […]

Read more »

The EDR Comparison Paper is Out!

by Augusto Barros  |  July 5, 2016

This is old news, but the paper was published right before the maelstrom of the Gartner Security Summit. The paper compares the EDR solutions from 10 vendors (those more visible to Gartner based on number of inquiry calls specifically about EDR): Carbon Black Enterprise Response Cisco Advanced Malware Protection for Endpoints Confer CounterTack CrowdStrike Falcon […]

Read more »

Notes From My First Security Summit

by Augusto Barros  |  July 5, 2016

I’ve finally found some time to collect my notes and impressions from my first Gartner Security and Risk Management Summit, back in June. I delivered one full session on Vulnerability Management and a short debate session with Anton Chuvakin about outsourcing security operations. We also hosted a roundtable on Vulnerability Management and a workshop on […]

Read more »

Our first EDR paper is OUT!

by Augusto Barros  |  May 19, 2016

It’s almost impossible to get ahead of Dr. Chuvakin on blog posts and announcing new research, but I’m lucky enough he is driving at this precise moment and not able to do it before me Our first of two Endpoint Detection and Response papers, “Endpoint Detection and Response Tool Architecture and Practices”, is out. This […]

Read more »

How to Plan and Execute Modern Security Incident Response – NEW

by Augusto Barros  |  April 13, 2016

I had the opportunity to work with Anton on updating one of his best documents, “How to Plan and Execute Modern Security Incident Response”, which was published today on Gartner.com (GTP Access required). The document is a nice assessment of what organizations should be doing in terms of incident response today. It covers some of […]

Read more »

Gartner Security & Risk Management Summit – US

by Augusto Barros  |  April 13, 2016

So, the great Security & Risk Management Summit is approaching (June 13-16), and I’m happy to be one of the speakers there. My sessions on the agenda are: The World Is Changing: How Does It Affect My Vulnerability Management Program? Developing, Implementing and Optimizing Security Monitoring Use Cases (Workshop) – Together with Anton Chuvakin To […]

Read more »

RSA Conference 2016 observations

by Augusto Barros  |  March 16, 2016

It’s a bit late to write about what I saw at RSA this year (it’s almost time for the Gartner Security & Risk Management Summit!), but I’ve finally defeated procrastination and managed to write down my thoughts. Here it is:   Keywords: isolation, visibility, “analytics”, deep/smart/machine learning: most booths would have at least one of […]

Read more »