Gartner Blog Network

Category: 'siem' Blog Posts

from the Gartner Blog Network

Co-Managed SIEM Rising

by Anton Chuvakin  |  August 24, 2015

I don’t usually blog on specific research … but when I do, it is about SIEM. So, a very interesting piece just went up on the Gartner site. It is...

Read more »

My "Evaluation Criteria for Security Information and Event Management" 2015 Update Publishes

by Anton Chuvakin  |  August 18, 2015

My freshly updated “Evaluation Criteria for Security Information and Event Management” (2015 edition) is up on the Gartner site. Admittedly, it is a relatively minor update, but I have expanded...

Read more »

Your SOC Nuclear Triad

by Anton Chuvakin  |  August 4, 2015

Let’s talk modern SOC tools. The analogy I’d like to use is that of a “Nuclear Triad” – a key cold war concept. The triad consisted of strategic bombers, ICBMs...

Read more »

Once More on Cloud SIEM or SaaS SIEM

by Anton Chuvakin  |  June 16, 2015

A reminder: cloud SIEM (“SaaS SIEM”) does not really exist yet [so, those who compute market share numbers for it are simply deluded]. However, today there are some “almost SaaS...

Read more »

Speaking at Gartner Security & Risk Management Summit 2015

by Anton Chuvakin  |  April 7, 2015

Gartner Security & Risk Management Summit 2015 is coming soon [well, for some definition of "soon" :-)]! Here is my traditional blog post summarizing my speaking at this event (Washington,...

Read more »

Who Validates Alerts Validated by Your Alert Validator Software?

by Anton Chuvakin  |  March 6, 2015

Pardon the idiotic title, but some recent discussions around security analytics have made this question practically relevant. So: You have a SIEM and other security technologies focused on detection and...

Read more »

SIEM/ DLP Add-on Brain?

by Anton Chuvakin  |  February 27, 2015

Initially I wanted to call this post “SIEM has no brains”, but then questioned such harshness towards the technology I’ve been continuously loving for 13 years :-) In any case,...

Read more »

Those Pesky Users: How To Catch Bad Usage of Good Accounts

by Anton Chuvakin  |  February 19, 2015

Gartner says “Malware Is Already Inside Your Organization; Deal With It.” But you know what? I wish it were just stupid malware (well, some is not so stupid): via a...

Read more »

Do You Want "Security Analytics" Or Do You Just Hate Your SIEM?

by Anton Chuvakin  |  January 26, 2015

Now that I’ve taken a fair number of “security analytics” client inquiries (with wildly different meanings of the phase), I can share one emerging pattern: a lot of this newly-found...

Read more »

Should I Use "SIEM X" or "MSSP Y"?

by Anton Chuvakin  |  December 16, 2014

Lately I’ve been surprised by some organizational decision-making as they think about their sourcing choices for security monitoring. Specifically, some organizations want to decide between “SIEM Brand X” and “MSSP...

Read more »