Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Let’s Define "SIEM"!

by Anton Chuvakin  |  August 14, 2017

Shockingly, I am going to do another “is this 2005?” kind of post, now that I riled everybody up with my previous one. Let’s … DEFINE SIEM! But let’s define...

Read more »

Is SIEM The Best Threat Detection Technology, Ever?

by Anton Chuvakin  |  August 7, 2017

That’d be a “NO” – those of my readers who are “anti-SIEM” can calm down now :–) Well…. let me explain and perhaps you will see that the answer evolves...

Read more »

Summer of SIEM 2017 Coming...

by Anton Chuvakin  |  July 11, 2017

Initially, I wanted to name this post “My SIEM Is Too Slow | My SIEM Is Too Dumb”, but then I decided to go for a milder version, because –...

Read more »

More Cloud Security Monitoring Contemplations

by Anton Chuvakin  |  April 25, 2017

Your choice for security monitoring and/or threat detection technologies for different cloud models (SaaS, PaaS, IaaS) is, essentially: Use the security controls that your cloud service provider (CSP) offers …...

Read more »

Cloud Threat Detection Research

by Anton Chuvakin  |  April 19, 2017

What an amazing coincidence! After all the UEBA / UBA excitement (that is, sadly, still ongoing….) and after my short threat hunting paper (out already!), we are about to revisit...

Read more »

Planned: A Quick Paper on Threat Hunting - Ideas Sought

by Anton Chuvakin  |  March 1, 2017

As it happens, I will now work on a short and sweet paper on THREAT HUNTING. So far, I’ve have seen two types of materials on THREAT HUNTING (TH): Great...

Read more »

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in...

Read more »

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

UEBA Shines Where SIEM Whines?

by Anton Chuvakin  |  November 14, 2016

Remember my Popular SIEM Starter Use Cases post from 2014? Let’s take a look at that list of popular SIEM use cases and see how/where UEBA helps. This will make...

Read more »

SOC Webinar Questions Answered

by Anton Chuvakin  |  October 28, 2016

As promised, here my Gartner SOC webinar Q&A (webinar recording) – admittedly I am keeping some answers short since there were so many of them [some questions are edited for...

Read more »