Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Anton’s Favorite Threat Hunting Links

by Anton Chuvakin  |  March 21, 2016

Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of...

Read more »

My Detection Confidence Survey Results

by Anton Chuvakin  |  February 19, 2016

A few weeks ago I posted a quick one-question survey on threat and compromise detection. I asked “Imagine that you have clearly identified top 3 critical information assets (systems, documents,...

Read more »

Our New Paper on Security Monitoring Use Cases Publishes

by Anton Chuvakin  |  February 17, 2016

It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:...

Read more »

EDR Research Commencing: Call To Action!

by Anton Chuvakin  |  January 27, 2016

As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new...

Read more »

No, Virginia, It Does NOT Mean That!

by Anton Chuvakin  |  January 25, 2016

This is a post to finally put this idiocy to rest: “If you can DETECT, why can’t you PREVENT!?” Here are my top 5 reasons why DETECTION excellence does NOT...

Read more »

"Deception as Detection" or Give Deception a Chance?

by Anton Chuvakin  |  January 8, 2016

Many industry observers have noticed that deception approaches are re-emerging in the collective attention of the operational [as opposed to research] security industry and community (“cyber”- community?). We even have...

Read more »

A Quick Update on Our Research

by Anton Chuvakin  |  December 29, 2015

Since some of you are asking, here is what is cooking…. Just done: vulnerability assessment and vulnerability management (finished Nov 2015) “How to Implement Enterprise Vulnerability Assessment” “A Guidance Framework...

Read more »

Where Does EDR End and "NG AV" Begin?

by Anton Chuvakin  |  December 3, 2015

What is the difference between Endpoint Detection and Response (EDR, previously named ETDR) and “NG anti-virus” (“NG AV” is not an official term)? Specifically, where EDR ends and AV begins?...

Read more »

Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL?

by Anton Chuvakin  |  December 2, 2015

Can I run my SIEM project exclusively with the use case content (including rules, reports, alerts, dashboards, algorithms) provided by my SIEM vendor? Short answer: YES, as long as you...

Read more »

SIEM Use Case Implementation and Tuning Process

by Anton Chuvakin  |  November 25, 2015

Time to touch the main challenge: SIEM use case implementation / refinement process [also applicable to other monitoring technologies, like UBA / UEBA]. In our seminal paper on the topic,...

Read more »