Gartner Blog Network

Category: 'siem' Blog Posts

from the Gartner Blog Network

Why SIEMs F*cked Up Application Log Analysis?

by Anton Chuvakin  |  January 13, 2017

This is going to be a short one: why do you think the SIEM vendors f*cked up application log analysis so badly? Think about it, SIEM technology started roughly in...

Read more »

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

UEBA Shines Where SIEM Whines?

by Anton Chuvakin  |  November 14, 2016

Remember my Popular SIEM Starter Use Cases post from 2014? Let’s take a look at that list of popular SIEM use cases and see how/where UEBA helps. This will make...

Read more »

The Coming UBA / UEBA - SIEM War!

by Anton Chuvakin  |  November 7, 2016

A war is coming!! A war where not everybody will survive [which is, I guess, the whole point of having a war, eh? :-)] Indeed, I see a high chance...

Read more »

PCI Council Log Monitoring Supplement

by Anton Chuvakin  |  August 3, 2016

As I was gracefuly reminded, PCI Council has released a new (and MUCH neeed) document, “Information Supplement: Effective Daily Log Monitoring.” A lot of research (example) reveals that Requrement 10...

Read more »

Our New Paper on Security Monitoring Use Cases Publishes

by Anton Chuvakin  |  February 17, 2016

It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:...

Read more »

Our 2016 SIEM Papers Are Out!

by Anton Chuvakin  |  February 12, 2016

We are happy to announce that our awesome SIEM papers have just published: The fabled “Security Information and Event Management Architecture and Operational Processes” (now in its 3rd edition) is...

Read more »

A Quick Update on Our Research

by Anton Chuvakin  |  December 29, 2015

Since some of you are asking, here is what is cooking…. Just done: vulnerability assessment and vulnerability management (finished Nov 2015) “How to Implement Enterprise Vulnerability Assessment” “A Guidance Framework...

Read more »

Starting A SIEM Project from Vendor Use Case Content: WIN or FAIL?

by Anton Chuvakin  |  December 2, 2015

Can I run my SIEM project exclusively with the use case content (including rules, reports, alerts, dashboards, algorithms) provided by my SIEM vendor? Short answer: YES, as long as you...

Read more »

SIEM Use Case Implementation and Tuning Process

by Anton Chuvakin  |  November 25, 2015

Time to touch the main challenge: SIEM use case implementation / refinement process [also applicable to other monitoring technologies, like UBA / UEBA]. In our seminal paper on the topic,...

Read more »