Gartner Blog Network

Category: 'siem' Blog Posts

from the Gartner Blog Network

Once More on Cloud SIEM or SaaS SIEM

by Anton Chuvakin  |  June 16, 2015

A reminder: cloud SIEM (“SaaS SIEM”) does not really exist yet [so, those who compute market share numbers for it are simply deluded]. However, today there are some “almost SaaS...

Read more »

Speaking at Gartner Security & Risk Management Summit 2015

by Anton Chuvakin  |  April 7, 2015

Gartner Security & Risk Management Summit 2015 is coming soon [well, for some definition of "soon" :-)]! Here is my traditional blog post summarizing my speaking at this event (Washington,...

Read more »

Who Validates Alerts Validated by Your Alert Validator Software?

by Anton Chuvakin  |  March 6, 2015

Pardon the idiotic title, but some recent discussions around security analytics have made this question practically relevant. So: You have a SIEM and other security technologies focused on detection and...

Read more »

SIEM/ DLP Add-on Brain?

by Anton Chuvakin  |  February 27, 2015

Initially I wanted to call this post “SIEM has no brains”, but then questioned such harshness towards the technology I’ve been continuously loving for 13 years :-) In any case,...

Read more »

Those Pesky Users: How To Catch Bad Usage of Good Accounts

by Anton Chuvakin  |  February 19, 2015

Gartner says “Malware Is Already Inside Your Organization; Deal With It.” But you know what? I wish it were just stupid malware (well, some is not so stupid): via a...

Read more »

Do You Want "Security Analytics" Or Do You Just Hate Your SIEM?

by Anton Chuvakin  |  January 26, 2015

Now that I’ve taken a fair number of “security analytics” client inquiries (with wildly different meanings of the phase), I can share one emerging pattern: a lot of this newly-found...

Read more »

Should I Use "SIEM X" or "MSSP Y"?

by Anton Chuvakin  |  December 16, 2014

Lately I’ve been surprised by some organizational decision-making as they think about their sourcing choices for security monitoring. Specifically, some organizations want to decide between “SIEM Brand X” and “MSSP...

Read more »

My UPDATED "SIEM Technology Assessment and Select Vendor Profiles" Publishes

by Anton Chuvakin  |  September 19, 2014

My other SIEM paper is updated as well: “SIEM Technology Assessment and Select Vendor Profiles.” It contains updated SIEM technology overview, some fun new trends, and refreshed vendor profiles. Here...

Read more »

My UPDATED "Security Information and Event Management Architecture and Operational Processes" Publishes

by Anton Chuvakin  |  September 15, 2014

Finally, I completed an epic update to my 2012 paper “Security Information and Event Management Architecture and Operational Processes.” I think of this paper, interchangeably, as of “SIEM’s missing manual”...

Read more »

SIEM Real-time and Historical Analytics Collide?

by Anton Chuvakin  |  July 30, 2014

SIEM technology has evolved to a point where conflicting requirements are starting to tear it apart – and I am not the only one to observe that. See here: Just...

Read more »