Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

EDR Research Commencing: Call To Action!

by Anton Chuvakin  |  January 27, 2016

As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new...

Read more »

No, Virginia, It Does NOT Mean That!

by Anton Chuvakin  |  January 25, 2016

This is a post to finally put this idiocy to rest: “If you can DETECT, why can’t you PREVENT!?” Here are my top 5 reasons why DETECTION excellence does NOT...

Read more »

"Deception as Detection" or Give Deception a Chance?

by Anton Chuvakin  |  January 8, 2016

Many industry observers have noticed that deception approaches are re-emerging in the collective attention of the operational [as opposed to research] security industry and community (“cyber”- community?). We even have...

Read more »

A Quick Update on Our Research

by Anton Chuvakin  |  December 29, 2015

Since some of you are asking, here is what is cooking…. Just done: vulnerability assessment and vulnerability management (finished Nov 2015) “How to Implement Enterprise Vulnerability Assessment” “A Guidance Framework...

Read more »

Where Does EDR End and "NG AV" Begin?

by Anton Chuvakin  |  December 3, 2015

What is the difference between Endpoint Detection and Response (EDR, previously named ETDR) and “NG anti-virus” (“NG AV” is not an official term)? Specifically, where EDR ends and AV begins?...

Read more »

Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL?

by Anton Chuvakin  |  December 2, 2015

Can I run my SIEM project exclusively with the use case content (including rules, reports, alerts, dashboards, algorithms) provided by my SIEM vendor? Short answer: YES, as long as you...

Read more »

SIEM Use Case Implementation and Tuning Process

by Anton Chuvakin  |  November 25, 2015

Time to touch the main challenge: SIEM use case implementation / refinement process [also applicable to other monitoring technologies, like UBA / UEBA]. In our seminal paper on the topic,...

Read more »

Fun Challenges with SIEM Use Cases

by Anton Chuvakin  |  November 11, 2015

Often I save the solutions for our Gartner GTP papers, but I blog about the challenges. No, this won't be a post [eh.... a short trilogy of no more than...

Read more »

SIEM Use Cases - And Other Security Monitoring Use Cases Too!

by Anton Chuvakin  |  October 27, 2015

SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake...

Read more »

Five Basic Forgotten Security Alert Truths

by Anton Chuvakin  |  September 25, 2015

Here is a fun one: everybody whines that organizations have too many alerts, even the makers of the tools that produce alerts. Everybody! Everybody!! Everybody!!! When people whine [which, BTW,...

Read more »