Now that my threat intelligence research project is wrapping up, I am going to be spending my summer in SIEM!
Here is what I have in mind for the next few months:
- An architectural blueprint (a new type of GTP document) on SIEM that will depict one good way of architecting Security Information and Event Management across a large organization
- A detailed list of SIEM tool evaluation criteria, a document that I always wanted to create in order to cover – to a painful level of detail – a set of technical features and capabilities that an enterprise-capable SIEM should have (it would be a little reminiscent of our SIEM RFP toolkit, but with stronger focus on product – rather than vendor – requirements)
- Updates to my past SIEM documents [see below], one on operational practices (with its own SIEM success guidance framework!) and one on the technology landscape.
Just as a reference, my published Gartner research on SIEM includes (GTP access required):
- “Security Information and Event Management Futures and Big Data Analytics for Security” (chock full of SIEM futures and REAL big data use cases for security analysis)
- “Security Information and Event Management Architecture and Operational Processes” (my favorite paper I’ve ever written on SIEM )
- “SIEM Market Trends, Solutions, Assessment and Select Product Profiles” (a bit dated, but still a fun read!)
Select recent blog posts related to SIEM:
Comments are closed
2 Comments
Welcome back Anton. We’ve missed you here! Feel free to reach out if we can be of assistance.
@Joe
Sure, another call on SOC operational practices would come handy!