Blog post

My Next Research Area: Incident Response

By Anton Chuvakin | May 23, 2013 | 2 Comments

securityincident response

It is with GREAT excitement that I am pre-announcing my next area of research focus – security incident response.

In brief, here is what I have in mind for the next few months:

  • Host and Malware Forensics Tools and Practices (title tentative), an assessment of the endpoint investigation tool scene (to complement my just-finished report on network forensics)
  • Incident Response in the Age of APT (title tentative), a guidance to doing incident response (from tools to teams!) in the modern era of industrial cyber-crime, APT and also cloud/virtual/mobile environments.

Some of the vendors I am speaking with or planning to speak are Crowdstrike, Mandiant,  Guidance Software, Carbon Black, some anti-malware/EPP vendors (who actually think  rather than milk). And of course, as with all Gartner GTP research, I am planning to have lots of conversations with enterprise CIRTs, other end users and whatever others sources of current IR wisdom…

Possibly related posts:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Kobi says:

    Hi Anton

    would be happy to talk and introduce, we are doing mobile forensics in motion in a managed service model


  • Thanks for the message.

    SInce you are a vendor/service provider, please request a briefing via