Gartner Blog Network

Category: 'threat-intelligence' Blog Posts

from the Gartner Blog Network

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

How to Grow to Strategic Threat Intel Consumption?

by Anton Chuvakin  |  August 24, 2016

Here is a bitchingly hard question: how to get organizations to move up the maturity scale of using threat intelligence (TI), from blindly [ok, not always blindly] dropping indicator feeds...

Read more »

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on "how to build a SOC", we came into a conclusion that a modern SOC has some interesting differences from the old vanilla...

Read more »

Can I Detect Advanced Threats With Just Flows/IPFIX?

by Anton Chuvakin  |  July 21, 2016

Source IP. Destination IP. Source port. Destination port. Network protocol. Connection time. A bit more context data. Is this enough to detect “an advanced threat”? Before you jump to conclusions,...

Read more »

About The Tri-Team Model of SOC, CIRT, "Threat Something"

by Anton Chuvakin  |  July 7, 2016

From the clients with THE MOST mature security operations, we learn the so-called “tri-team” model for detection and response: SOC – primarily monitoring and threat detection in near real-time, and...

Read more »

What's Like to Use Non-MRTI Threat Intelligence

by Augusto Barros  |  July 6, 2016

We often hear clients asking about threat intelligence related processes: how to collect, refine and utilize it (by the way, this document is being updated; let us know if you...

Read more »

Baby’s First Threat Intel Usage Questions

by Anton Chuvakin  |  June 28, 2016

Every time I think I already wrote the most basic blog post on threat intelligence usage, somebody comes and asks for an even more basic one… Now, many of you...

Read more »

How a Lower Maturity Security Organization Can Use Threat Intel?

by Anton Chuvakin  |  May 16, 2016

As we mentioned, we are starting a refresh effort for our threat intelligence paper [Gartner GTP access required]. One thing we may add is more detailed guidance on the usage...

Read more »

Threat Intelligence and Operational Agility

by Anton Chuvakin  |  August 13, 2015

I sometimes say that “threat intel doesn’t help people who don’t help themselves.” Here is one particular example: if you buy the best threat intelligence possible - mixed strategic and...

Read more »

Speaking at Gartner Security & Risk Management Summit 2015

by Anton Chuvakin  |  April 7, 2015

Gartner Security & Risk Management Summit 2015 is coming soon [well, for some definition of "soon" :-)]! Here is my traditional blog post summarizing my speaking at this event (Washington,...

Read more »