Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Simple People Centric Security Actually Works at Large Midwest Energy firm

by Avivah Litan  |  December 7, 2016

I just returned from a Gartner peer-connect event where some 65 CISOs shared experiences, concerns and visions for a more secure future. There were many substantive discussions but one that stood out was a case study presented by a CISO from a large Midwest energy firm who implemented some simple people-centric and whitelisting security steps […]

Read more »

What Years of Hacks tell Vote Recount and Security Custodians

by Avivah Litan  |  November 27, 2016

It’s good to see that Americans are starting to take voting systems security seriously.  Secure voting is essential to democracy, but as with most other systems, no one thinks about it until there’s been a hack. Hopefully the upcoming vote recount will tell us if our voting systems have been hacked, if in fact there’s […]

Read more »

Cyber Hacking Lessons from the U.S. Election

by Avivah Litan  |  November 10, 2016

I was as stunned as anyone by the U.S. election results. I also immediately questioned the security of the state election systems. I just can’t help but wonder why an August 29  story written by well-respected journalist Michael Isikoff that ran on Yahoo News detailing an FBI alert about hacks into state election servers was […]

Read more »

Minformation; the new threat to Insider threat detection

by Avivah Litan  |  November 8, 2016

I just returned from a FITSI federal government information security conference where I spoke about insider threats.  A forensics expert in the audience asked one of the most provocative questions I’ve heard on this issue – what happens if an insider threat detection system falsely accuses an insider of a crime? This of course is […]

Read more »

Most SIEM vendors can’t make it to UEBA

by Avivah Litan  |  November 8, 2016

Gartner colleagues have been talking for a while about the convergence of SIEM and UEBA but the bigger question is: Can old school SIEM vendors retool their core engines to incorporate advanced analytics, user and entity profiling and risk scoring?  I think it will be tough for them to do this – mainly because of […]

Read more »

McAfee (Intel) User Conference – Old School meets New School before Lights go Out

by Avivah Litan  |  November 5, 2016

  I just returned from the ‘new’ McAfee’s (Intel Security) user and analyst conference in Las Vegas. The guest speakers – Ashton Kutcher (yes he actually has a brain!) and Ted Koppel – were phenomenal and the firm certainly was espousing all the right messages.  The new McAfee brand – whose new logo was introduced […]

Read more »

Yahoo! breach news is shocking but not surprising – what to do now?

by Avivah Litan  |  September 23, 2016

The 2014 compromise of a half billion user records at Yahoo! by a state-sponsored actor is shocking but not surprising. For years, we have been noting (what our clients have told us),  which is that: More American identities have been compromised than have not (See The Global Identity Dilemma: Static Biometrics are NOT the answer ). State […]

Read more »

The Global Identity Dilemma – Static Biometrics are NOT the answer

by Avivah Litan  |  September 16, 2016

I just returned from a couple of business trips to Brazil and Russia and reinforced my view that identity proofing is one of the top fraud issues across the globe. Companies and government agencies everywhere struggle to identify the person on the other end of an electronic transaction.  Fraudsters either make up fictitious identities, or […]

Read more »

Meet Delilah – the first Insider Threat Trojan

by Avivah Litan  |  July 14, 2016

Criminal recruitment of insiders is becoming an industry now with the release of a new Trojan called “Delilah”. Delilah recruits targeted insiders via social engineering and/or extortion, sometimes using ransomware techniques. It remains a closely held Trojan not yet available on the common black market, and is only shared amongst closed hacker groups, according to […]

Read more »

The Missing ‘D’ in the UEBA market

by Avivah Litan  |  June 22, 2016

I just got back from a whirlwind client-packed week at the flagship Gartner Security Summit in the Washington D.C. area. One thing that hit home was discussions with DAM (Database Activity Monitoring) vendors who are implementing a data centric view of UEBA. That is, they are starting with the data that their current products revolve […]

Read more »