Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Fun Challenges with SIEM Use Cases

by Anton Chuvakin  |  November 11, 2015

Often I save the solutions for our Gartner GTP papers, but I blog about the challenges. No, this won't be a post [eh.... a short trilogy of no more than...

Read more »

SIEM Use Cases - And Other Security Monitoring Use Cases Too!

by Anton Chuvakin  |  October 27, 2015

SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake...

Read more »

Five Basic Forgotten Security Alert Truths

by Anton Chuvakin  |  September 25, 2015

Here is a fun one: everybody whines that organizations have too many alerts, even the makers of the tools that produce alerts. Everybody! Everybody!! Everybody!!! When people whine [which, BTW,...

Read more »

On Space Between Detection and Response

by Anton Chuvakin  |  August 31, 2015

Let’s ponder the space between Detection (D) and Response (R): D <aim your mind here!> R Do you see it clearly now? Where does DETECTION end and RESPONSE begins? What...

Read more »

Your SOC Nuclear Triad

by Anton Chuvakin  |  August 4, 2015

Let’s talk modern SOC tools. The analogy I’d like to use is that of a “Nuclear Triad” – a key cold war concept. The triad consisted of strategic bombers, ICBMs...

Read more »

My "How to Monitor the Security of Public Cloud Resources" Publishes

by Anton Chuvakin  |  July 30, 2015

My “How to Monitor the Security of Public Cloud Resources” paper just went up on the Gartner site. It is an update of the work I’ve done back in 2012...

Read more »

Reality Check on EDR / ETDR

by Anton Chuvakin  |  July 23, 2015

How exciting is Endpoint Detection and Response (EDR) technology? -- Sorry to piss on your parade, but for many organizations it is NOT exciting at all. Look, it is hard...

Read more »

Trouble In The Cloud?!

by Anton Chuvakin  |  June 22, 2015

What challenges does the usage of traditional, on-premise security tools [monitoring tools, like SIEM or DLP, in particular] creates in the cloud [SaaS, PaaS, IaaS models]? Here are some I’ve...

Read more »

Once More on Cloud SIEM or SaaS SIEM

by Anton Chuvakin  |  June 16, 2015

A reminder: cloud SIEM (“SaaS SIEM”) does not really exist yet [so, those who compute market share numbers for it are simply deluded]. However, today there are some “almost SaaS...

Read more »

Cloud Security Monitoring ... Revisited (aka It Is Not 2012 Anymore!)

by Anton Chuvakin  |  May 26, 2015

My next project, now that I am done with security analytics for now, is to revisit our cloud security monitoring work. Specifically, some of you remember my 2012 (!) paper...

Read more »