It is with incredible excitement that we announce the publication of our new paper “How to Develop and Maintain Security Monitoring Use Cases” [Gartner GTP access requried]. The abstract states:
“Use cases are in the core of security monitoring activities. A structured process to identify, prioritize, implement and maintain use cases allows organizations to align monitoring efforts to security strategy, choose the best solutions and maximize the value obtained from security monitoring tools.”
This work covers BOTH a process to handle SIEM use case content [and other security monitoring use cases] and a library of common use cases for different technologies. For more value, it can be read together with “Selecting Security Monitoring Approaches by Using the Attack Chain Model” [GTP access also required]
Some fun quotes follow below:
- “Organizations need a process to identify, prioritize, implement and maintain security monitoring use cases (UCs). […] These processes cannot be too complex because security monitoring requires fast and constant changes to align with evolving threats.”
- “Organizations perform security monitoring by implementing security monitoring use cases. […] Choosing which of these [tools] to use is a daunting task in large part because significant overlap exists in these solutions and also because their individual and combined monitoring effectiveness is difficult to measure.”
- “A broken use-case discovery process means you will solve only easy and specific problems (like “see if anybody connects to our payment card database at night”). To overcome this, use this guidance to create your process.”
Enjoy the paper! And congrats to Augusto for an awesome idea to create this research!
P.S. Augusto’s blog post on the topic is here.
Related blog posts annoucing research publication:
- Our 2016 SIEM Papers Are Out!
- All My Research Published in 2015
- Our Vulnerability Assessment Vulnerability Management Research Publishes
- 2030: Have They Social Engineered Your AI?! [our Maverick piece published]
- My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes
- My “How to Monitor the Security of Public Cloud Resources” Publishes
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- All My Research Published in 2014
- All My Research Published in 2013
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed
How can I get the Membership of Gartner in order to be able to read the Articles?