It is with GREAT excitement that I am pre-announcing my next area of research focus – security incident response.
In brief, here is what I have in mind for the next few months:
- Host and Malware Forensics Tools and Practices (title tentative), an assessment of the endpoint investigation tool scene (to complement my just-finished report on network forensics)
- Incident Response in the Age of APT (title tentative), a guidance to doing incident response (from tools to teams!) in the modern era of industrial cyber-crime, APT and also cloud/virtual/mobile environments.
Some of the vendors I am speaking with or planning to speak are Crowdstrike, Mandiant, Guidance Software, Carbon Black, some anti-malware/EPP vendors (who actually think rather than milk). And of course, as with all Gartner GTP research, I am planning to have lots of conversations with enterprise CIRTs, other end users and whatever others sources of current IR wisdom…
Possibly related posts:
Speaking at Gartner Catalyst Conference 2013 (some early research results on incident response will be presented there)
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.