Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Our “Solution Path for Implementing Threat Detection and Incident Response” Publishes

by Anton Chuvakin  |  January 22, 2019

As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially useful for organizations that are in the phase of “OMG WHAT TO DO WITH ALL THIS CYBER?” phase of their security journey (which, BTW, is […]

Read more »

Upcoming Webinar: Modern Network Threat Detection and Response

by Anton Chuvakin  |  January 21, 2019

Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time: EST: 11:00 a.m. | PDT: 8:00 a.m. | GMT: 16:00 Register: here Description: Join us for this complimentary security and risk webinar, as Gartner expert […]

Read more »

All My Research Published in 2018

by Anton Chuvakin  |  January 16, 2019

To make it easy for the readers to find my research, here is the list of everything I published in 2018 [most co-authored with Augusto Barros and recently also with illustrious Anna Belak]. Gartner GTP access is required for most of the papers below. As a reminder, GTP papers cannot be reprinted by the vendors, […]

Read more »

My Top 7 Popular Gartner Blog Posts for December 2018

by Anton Chuvakin  |  January 1, 2019

Most popular blog posts from my Gartner blog during the past month were: Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) – for some reason, this paper keeps sitting on top of the list, for months. Popular SIEM Starter Use Cases (SIEM research) and 2018 Popular SIEM Starter Use Cases (SIEM research) Deception […]

Read more »

Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes

by Anton Chuvakin  |  December 14, 2018

Our main EDR document (“Endpoint Detection and Response Architecture and Operations Practices”) was just updated by Jon Amato, and it looks much better now. The abstract states “’Increasing complexity and frequency of attacks elevate the need for detection of attacks and incident response, all at enterprise scale. Technical professionals can use endpoint detection and response […]

Read more »

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

by Anton Chuvakin  |  December 7, 2018

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for some time, perhaps for 2+ years. However, we deferred this debate and hid behind the fact that most organizations don’t really compare broad security approaches […]

Read more »

My Top 7 Popular Gartner Blog Posts for November 2018

by Anton Chuvakin  |  December 3, 2018

Most popular blog posts from my Gartner blog during the past month are: Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) – for some reason, this paper keeps sitting on top of the list, for months. Popular SIEM Starter Use Cases (SIEM research) and 2018 Popular SIEM Starter Use Cases (SIEM research) Let’s […]

Read more »

On Operational Excellence

by Anton Chuvakin  |  November 28, 2018

So I spent much of last week reading a book about Second World War called “The Second World Wars: How the First Global Conflict Was Fought and Won.“ You do not have to be a history buff to like it, since it is both intellectually interesting and fun to read, most of the time. The […]

Read more »

Is Encryption an NTA / NIDS / NFT Apocalypse?

by Anton Chuvakin  |  November 16, 2018

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called “N-BAD” [“a coincidence? I think not”] and was solely Layer-3/flow/netflow-based. Back then, it was considered either a niche security technology or a luxury […]

Read more »

Our “How to Operate and Evolve a SIEM Solution” Publishes

by Anton Chuvakin  |  November 7, 2018

We just published the second part of our SIEM guidance, “How to Operate and Evolve a SIEM Solution.” Our readers may recognize some of the content from our world-famous “Security Information and Event Management Architecture and Operational Processes,” but for the second part more has changed, including the way we organized SIEM operation guidance. The […]

Read more »