Blog post

Back to SIEM Research!

By Anton Chuvakin | May 02, 2014 | 2 Comments


Now that my threat intelligence research project is wrapping up, I am going to be spending my summer in SIEM!

Here is what I have in mind for the next few months:

  1. An architectural blueprint (a new type of GTP document) on SIEM that will depict one good way of architecting Security Information and Event Management across a large organization
  2. A detailed list of SIEM tool evaluation criteria, a document that I always wanted to create in order to cover – to a painful level of detail – a set of technical features and capabilities that an enterprise-capable SIEM should have (it would be a little reminiscent of our SIEM RFP toolkit, but with stronger focus on product – rather than vendor – requirements)
  3. Updates to my past SIEM documents [see below], one on operational practices (with its own SIEM success guidance framework!) and one on the technology landscape.

Just as a reference, my published Gartner research on SIEM includes (GTP access required):

Select recent blog posts related to SIEM:

Comments are closed


  • Joe Bonnell says:

    Welcome back Anton. We’ve missed you here! Feel free to reach out if we can be of assistance.

  • @Joe

    Sure, another call on SOC operational practices would come handy!