Blog post

Our New Paper on Security Monitoring Use Cases Publishes

By Anton Chuvakin | February 17, 2016 | 1 Comment

SIEMsecuritymonitoringannouncement

It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:

“Use cases are in the core of security monitoring activities. A structured process to identify, prioritize, implement and maintain use cases allows organizations to align monitoring efforts to security strategy, choose the best solutions and maximize the value obtained from security monitoring tools.”

This work covers BOTH a process to handle SIEM use case content [and other security monitoring use cases] and a library of common use cases for different technologies. For more value, it can be read together with “Selecting Security Monitoring Approaches by Using the Attack Chain Model” [GTP access also required]

Some fun quotes follow below:

  • “Organizations need a process to identify, prioritize, implement and maintain security monitoring use cases (UCs). […] These processes cannot be too complex because security monitoring requires fast and constant changes to align with evolving threats.”
  • “Organizations perform security monitoring by implementing security monitoring use cases. […] Choosing which of these [tools] to use is a daunting task in large part because significant overlap exists in these solutions and also because their individual and combined monitoring effectiveness is difficult to measure.”
  • “A broken use-case discovery process means you will solve only easy and specific problems (like “see if anybody connects to our payment card database at night”). To overcome this, use this guidance to create your process.”

Enjoy the paper! And congrats to Augusto for an awesome idea to create this research!

P.S. Augusto’s blog post on the topic is here.

Related blog posts annoucing research publication:

Comments are closed

1 Comment

  • Nadia says:

    How can I get the Membership of Gartner in order to be able to read the Articles?

    Thank you