Gartner Blog Network

Category: 'siem' Blog Posts

from the Gartner Blog Network

SIEM Use Case Implementation and Tuning Process

by Anton Chuvakin  |  November 25, 2015

Time to touch the main challenge: SIEM use case implementation / refinement process [also applicable to other monitoring technologies, like UBA / UEBA]. In our seminal paper on the topic,...

Read more »

Fun Challenges with SIEM Use Cases

by Anton Chuvakin  |  November 11, 2015

Often I save the solutions for our Gartner GTP papers, but I blog about the challenges. No, this won't be a post [eh.... a short trilogy of no more than...

Read more »

SIEM Use Case Discovery

by Anton Chuvakin  |  November 5, 2015

Our journey to SIEM use cases begins at SIEM USE CASE DISCOVERY, a commonly overlooked [even by me :-)] step. Coincidentally, why didn’t I take it seriously sometimes? Because if...

Read more »

SIEM Use Cases - And Other Security Monitoring Use Cases Too!

by Anton Chuvakin  |  October 27, 2015

SIEM and other flexible, broad-use security technologies (but, frankly, SIEM more than others!) raise the critical question of USE CASES. So, together with Augusto Barros, we are about to undertake...

Read more »

Co-Managed SIEM Rising

by Anton Chuvakin  |  August 24, 2015

I don’t usually blog on specific research … but when I do, it is about SIEM. So, a very interesting piece just went up on the Gartner site. It is...

Read more »

My "Evaluation Criteria for Security Information and Event Management" 2015 Update Publishes

by Anton Chuvakin  |  August 18, 2015

My freshly updated “Evaluation Criteria for Security Information and Event Management” (2015 edition) is up on the Gartner site. Admittedly, it is a relatively minor update, but I have expanded...

Read more »

Your SOC Nuclear Triad

by Anton Chuvakin  |  August 4, 2015

Let’s talk modern SOC tools. The analogy I’d like to use is that of a “Nuclear Triad” – a key cold war concept. The triad consisted of strategic bombers, ICBMs...

Read more »

Once More on Cloud SIEM or SaaS SIEM

by Anton Chuvakin  |  June 16, 2015

A reminder: cloud SIEM (“SaaS SIEM”) does not really exist yet [so, those who compute market share numbers for it are simply deluded]. However, today there are some “almost SaaS...

Read more »

Speaking at Gartner Security & Risk Management Summit 2015

by Anton Chuvakin  |  April 7, 2015

Gartner Security & Risk Management Summit 2015 is coming soon [well, for some definition of "soon" :-)]! Here is my traditional blog post summarizing my speaking at this event (Washington,...

Read more »

Who Validates Alerts Validated by Your Alert Validator Software?

by Anton Chuvakin  |  March 6, 2015

Pardon the idiotic title, but some recent discussions around security analytics have made this question practically relevant. So: You have a SIEM and other security technologies focused on detection and...

Read more »