Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Five Basic Forgotten Security Alert Truths

by Anton Chuvakin  |  September 25, 2015

Here is a fun one: everybody whines that organizations have too many alerts, even the makers of the tools that produce alerts. Everybody! Everybody!! Everybody!!! When people whine [which, BTW,...

Read more »

On Space Between Detection and Response

by Anton Chuvakin  |  August 31, 2015

Let’s ponder the space between Detection (D) and Response (R): D <aim your mind here!> R Do you see it clearly now? Where does DETECTION end and RESPONSE begins? What...

Read more »

Your SOC Nuclear Triad

by Anton Chuvakin  |  August 4, 2015

Let’s talk modern SOC tools. The analogy I’d like to use is that of a “Nuclear Triad” – a key cold war concept. The triad consisted of strategic bombers, ICBMs...

Read more »

My "How to Monitor the Security of Public Cloud Resources" Publishes

by Anton Chuvakin  |  July 30, 2015

My “How to Monitor the Security of Public Cloud Resources” paper just went up on the Gartner site. It is an update of the work I’ve done back in 2012...

Read more »

Reality Check on EDR / ETDR

by Anton Chuvakin  |  July 23, 2015

How exciting is Endpoint Detection and Response (EDR) technology? -- Sorry to piss on your parade, but for many organizations it is NOT exciting at all. Look, it is hard...

Read more »

Trouble In The Cloud?!

by Anton Chuvakin  |  June 22, 2015

What challenges does the usage of traditional, on-premise security tools [monitoring tools, like SIEM or DLP, in particular] creates in the cloud [SaaS, PaaS, IaaS models]? Here are some I’ve...

Read more »

Once More on Cloud SIEM or SaaS SIEM

by Anton Chuvakin  |  June 16, 2015

A reminder: cloud SIEM (“SaaS SIEM”) does not really exist yet [so, those who compute market share numbers for it are simply deluded]. However, today there are some “almost SaaS...

Read more »

Cloud Security Monitoring ... Revisited (aka It Is Not 2012 Anymore!)

by Anton Chuvakin  |  May 26, 2015

My next project, now that I am done with security analytics for now, is to revisit our cloud security monitoring work. Specifically, some of you remember my 2012 (!) paper...

Read more »

Who Validates Alerts Validated by Your Alert Validator Software?

by Anton Chuvakin  |  March 6, 2015

Pardon the idiotic title, but some recent discussions around security analytics have made this question practically relevant. So: You have a SIEM and other security technologies focused on detection and...

Read more »

SIEM/ DLP Add-on Brain?

by Anton Chuvakin  |  February 27, 2015

Initially I wanted to call this post “SIEM has no brains”, but then questioned such harshness towards the technology I’ve been continuously loving for 13 years :-) In any case,...

Read more »