It is with GREAT excitement that I am pre-announcing my next area of research focus – security incident response.
In brief, here is what I have in mind for the next few months:
- Host and Malware Forensics Tools and Practices (title tentative), an assessment of the endpoint investigation tool scene (to complement my just-finished report on network forensics)
- Incident Response in the Age of APT (title tentative), a guidance to doing incident response (from tools to teams!) in the modern era of industrial cyber-crime, APT and also cloud/virtual/mobile environments.
Some of the vendors I am speaking with or planning to speak are Crowdstrike, Mandiant, Guidance Software, Carbon Black, some anti-malware/EPP vendors (who actually think rather than milk). And of course, as with all Gartner GTP research, I am planning to have lots of conversations with enterprise CIRTs, other end users and whatever others sources of current IR wisdom…
Possibly related posts:
-
My Coverage Areas Reminder
-
Alert-driven vs Exploration-driven Security Analysis
-
Speaking at Gartner Catalyst Conference 2013 (some early research results on incident response will be presented there)
Comments are closed
2 Comments
Hi Anton
would be happy to talk and introduce, we are doing mobile forensics in motion in a managed service model
kobi
Thanks for the message.
SInce you are a vendor/service provider, please request a briefing via http://www.gartner.com/it/about/vbriefings_faq.jsp