Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Why We Value Inquiry Visibility Over … Well … Over Everything Else?

by Anton Chuvakin  |  July 13, 2018

This fun discussion on industry analyst craft reminded me of an unfinished post I had sitting in my draft folder … for a year. And now it is finished! When we create research and decide to include or mention vendors [uh-oh, careful with the topic, Anton :-)], we don’t do it at random or for […]

Read more »

SOAR-native SOC, Can This Work?

by Anton Chuvakin  |  July 13, 2018

This post is part of our current SOC research, but it also touches on our past SOAR research. Here is the thing: when we looked at SOAR technology, we mostly saw more mature SOCs adopting the tech. This is primarily based on the fact that they “tried the SOC thing” already and know what their […]

Read more »

Our Team Is Hiring: THREE New Positions Open – North America and Europe

by Anton Chuvakin  |  July 12, 2018

As Gartner GTP client inquiry volumes grow, our team needs to expand again. We now have THREE positions open (one long-running replacement hire and two expansion hires). So … our team at Gartner for Technical Professionals (GTP) is HIRING! If you already read my tips in the past, go and apply at the links below: […]

Read more »

What Is “SIEM+” Or “Can We Have A Cyber Defense Platform?”

by Anton Chuvakin  |  July 6, 2018

Contrary to what some “analytics” or “AI” vendors will have us believe, SIEM in 2018 is not the SIEM of our grandfathers. In 2002, when I was first initiated into the dark arts of SIEM, it was very different (it was called either SIM or SEM back in the B.C. era – that is, Before […]

Read more »

2012 Redux: What Is Application Security Monitoring?

by Anton Chuvakin  |  July 5, 2018

Now, when you hear a phrase “application security monitoring”, what picture comes to mind? For me, nothing does… As I said in February 2012, “the industry has not yet figured out what application security monitoring (ASM) is.” Hey, guess what? We still haven’t! And half a decade has passed. This discussion starting point is obvious: […]

Read more »

My Top 7 Popular Gartner Blog Posts for June 2018

by Anton Chuvakin  |  July 2, 2018

Most popular blog posts from my Gartner blog during the past month are: Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) <- read and rate the paper or the posts linked therein; comments are also much appreciated Is Security Just Too Damn Hard? Is Product+Service The Future? (philosophical) SIEM Use Cases – And […]

Read more »

Hybrid SOC Scenarios

by Anton Chuvakin  |  June 29, 2018

One more important angle we are exploring in our SOC paper update is about so-called “hybrid SOCs.” In our SOC materials, this admittedly nebulous term refers to a SOC that uses a substantial (as I warned … “nebulous”) amount of external services and/or uses them for critical functions (so an external coffee delivery service does […]

Read more »

Can You Do a SIEM-less SOC?

by Anton Chuvakin  |  June 26, 2018

Along the lines of this post where we discussed the concept of “SIEM alternatives”, let’s discuss this in the context of a modern SOC. Will I ever do or recommend a SIEM-less SOC? — As you can guess from the above, my answer is ‘it depends on what you mean by “SIEM.”’ So: #1 Will […]

Read more »

Is Security Just Too Damn Hard? Is Product+Service The Future?

by Anton Chuvakin  |  June 21, 2018

OK, I got a catchy headline, now what? This is another philosophical post about the fate of our beloved domain of cyber. Specifically, we all remember Dan Geer’s classic quote “Internet security is quite possibly the most intellectually challenging profession on the planet” and most of us doing security read it optimistically (as in “oh […]

Read more »

Highlights from Verizon DBIR 2018

by Anton Chuvakin  |  June 15, 2018

Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not only my favorites below: “Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential exposure—of data to an […]

Read more »