Gartner Blog Network

Tag: 'siem' Blog Posts

from the Gartner Blog Network

SIEM, Detection & Response: Build or Buy?

by Augusto Barros  |  July 27, 2017

As Anton already blogged (many times) and twitted about, we are working to refresh some of our SIEM research and also on a new document about SaaS SIEM. This specific...

Read more »

SIEM Correlation is Overrated

by Augusto Barros  |  March 31, 2017

During our research about UEBA tools, we noticed that these tools are gaining ground on SIEM solutions, with some organizations opting to focus their monitoring efforts on UEBA instead of...

Read more »

SIEM Architecture and Operational Processes UPDATE!

by Augusto Barros  |  February 3, 2016

My favorite Gartner GTP research document has just been updated: Security Information and Event Management Architecture and Operational Processes Using security information and event management requires more than just buying...

Read more »

Base Rates And Security Monitoring Use Cases

by Augusto Barros  |  November 27, 2015

As we continue to work on our research about security monitoring use cases, a few interesting questions around the technology implementation and optimization arise. Any threat detection system designed to...

Read more »

Discovering New Monitoring Use Cases

by Augusto Barros  |  November 6, 2015

We've been thinking about the multiple processes around monitoring use cases for our next research project. This week, the focus was on the use case discovery process. So you have...

Read more »

SIEM Use Case Discovery

by Anton Chuvakin  |  November 5, 2015

Our journey to SIEM use cases begins at SIEM USE CASE DISCOVERY, a commonly overlooked [even by me :-)] step. Coincidentally, why didn’t I take it seriously sometimes? Because if...

Read more »

Research on Security Monitoring Use Cases Coming Up

by Augusto Barros  |  October 28, 2015

As Anton Chuvakin recently mentioned on his blog, we are starting some research on the work around security monitoring use cases: from the basic identification of candidates to prioritization, implementation,...

Read more »

Federated Security Monitoring

by Augusto Barros  |  September 30, 2015

In a very distant past, security monitoring used to be a very simple activity. A single guy would grab logs from the firewall, the IDS and maybe an authentication system...

Read more »

Air Gaps And Security Infrastructure

by Augusto Barros  |  September 8, 2015

I've been seeing many organizations with highly segregated ("air gapped") networks lately. An interesting effect of this design pattern is the need to replicate security infrastructure or to design those...

Read more »

Requirements For SIEM as a Service

by Augusto Barros  |  August 7, 2015

Earlier Today I was discussing with Anton the different requirements for SIEM and MSS, eventually talking about SIEM SaaS too (by the way, he has a very good blog post...

Read more »