Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Our “How to Plan, Design, Operate and Evolve a SOC” Paper Is Published

by Anton Chuvakin  |  October 25, 2016

As Augusto already mentioned, our SOC paper is out. Run, not walk, to read our “How to Plan, Design, Operate and Evolve a SOC” (Gartner GTP access required). The abstract...

Read more »

Upcoming Webinar: Design a Modern Security Operation Center (SOC)

by Anton Chuvakin  |  October 11, 2016

Tomorrow I am doing a webinar based on our SOC research. This is a great opportunity for those without Gartner GTP access to see some parts of this research. If...

Read more »

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10...

Read more »

Can I Detect Advanced Threats With Just Flows/IPFIX?

by Anton Chuvakin  |  July 21, 2016

Source IP. Destination IP. Source port. Destination port. Network protocol. Connection time. A bit more context data. Is this enough to detect “an advanced threat”? Before you jump to conclusions,...

Read more »

New Research Starting Soon: Threat Intel, SOC, etc

by Anton Chuvakin  |  May 11, 2016

Our EDR research is winding down, so we are about to start our next cycle, here is what we have in mind. THREAT INTELLIGENCE TOPIC: An update to our “How...

Read more »

Anton’s Favorite Threat Hunting Links

by Anton Chuvakin  |  March 21, 2016

Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of...

Read more »

My Detection Confidence Survey Results

by Anton Chuvakin  |  February 19, 2016

A few weeks ago I posted a quick one-question survey on threat and compromise detection. I asked “Imagine that you have clearly identified top 3 critical information assets (systems, documents,...

Read more »

Our New Paper on Security Monitoring Use Cases Publishes

by Anton Chuvakin  |  February 17, 2016

It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:...

Read more »

EDR Research Commencing: Call To Action!

by Anton Chuvakin  |  January 27, 2016

As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new...

Read more »

No, Virginia, It Does NOT Mean That!

by Anton Chuvakin  |  January 25, 2016

This is a post to finally put this idiocy to rest: “If you can DETECT, why can’t you PREVENT!?” Here are my top 5 reasons why DETECTION excellence does NOT...

Read more »