Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Our “How to Operate and Evolve a SIEM Solution” Publishes

by Anton Chuvakin  |  November 7, 2018

We just published the second part of our SIEM guidance, “How to Operate and Evolve a SIEM Solution.” Our readers may recognize some of the content from our world-famous “Security Information and Event Management Architecture and Operational Processes,” but for the second part more has changed, including the way we organized SIEM operation guidance. The […]

Read more »

Let’s Go Fight IT for Logs? Agents? Taps?

by Anton Chuvakin  |  November 1, 2018

This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network security monitoring (via NTA or, if you’d like, NDR), endpoint detection (via EDR) and overall about SOC. Even threat hunting comes up. All very exciting! […]

Read more »

My Top 7 Popular Gartner Blog Posts for October 2018

by Anton Chuvakin  |  November 1, 2018

Most popular blog posts from my Gartner blog during the past month are: Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) – for some reason, this paper keeps sitting on top of the list, for months. Network Anomaly Detection Track Record in Real Life? (NTA research) Popular SIEM Starter Use Cases (SIEM research) […]

Read more »

2019 Planning Guide for Security and Risk Management

by Anton Chuvakin  |  October 30, 2018

Our team has released our annual security planning guide: “2019 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription) The abstract states: “Security teams find it difficult to keep up with change, especially because the vendor security solution […]

Read more »

NTA: The Big Step Theory

by Anton Chuvakin  |  October 25, 2018

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection and response) research one mystery has to be resolved. What motivates some organizations to actually deploy NTA (usually one particular NTA vendor technology […]

Read more »

Security Architecture Frameworks – Yay or Nay?

by Anton Chuvakin  |  October 24, 2018

This post is about a topic that few of us ponder often: security architecture frameworks. We have some exciting research plans in this area, hence this blog series. Perhaps one can say that dumb people think of boxes, smart people think of processes, wise people think of architectures? OK, I just made it up, so […]

Read more »

Anonymous Guest Post: More Vendor Briefing Advice

by Anton Chuvakin  |  October 22, 2018

A little bird landed on my desk, and it had the below clutched in its little beak. The text looks like it was written by a fellow analyst: Dear Vendor: Thanks so much for your briefing today. You obviously put a lot of work into your slide deck. However, you forgot that here in Gartner […]

Read more »

Our “How to Architect and Deploy a SIEM Solution” Publishes

by Anton Chuvakin  |  October 18, 2018

We just published our “How to Architect and Deploy a SIEM Solution” paper. Avid readers of our research will recognize that some of the content actually comes from our world-famous “Security Information and Event Management Architecture and Operational Processes.” It was updated a few times – last in 2016, and then has gotten too obese […]

Read more »

Network Anomaly Detection Track Record in Real Life?

by Anton Chuvakin  |  October 15, 2018

As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be sure (“OMG WE CAN DETECT PORTSCANS!!!”), but in total, they (IMHO) don’t quite measure up to SUCCESS of the approach. In light of this opinion, […]

Read more »

My Top 7 Popular Gartner Blog Posts for September 2018

by Anton Chuvakin  |  October 2, 2018

Most popular blog posts from my Gartner blog during the past month are: Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) 2018 Popular SIEM Starter […]

Read more »