Blog post

New Research Starting Soon: Threat Intel, SOC, etc

By Anton Chuvakin | May 11, 2016 | 2 Comments


Our EDR research is winding down, so we are about to start our next cycle, here is what we have in mind.

  • THREAT INTELLIGENCE TOPIC: An update to our “How to Collect, Refine, Utilize and Create Threat Intelligence” that compares types of threat intelligence data and outlines common TI usage patterns. We [Augusto and myself] are happy to take Vendor Briefings from the threat intel vendors, if there are any left :–)
  • Also, an update to our “Threat Assessment in the Age of the APT”, a paper on the threat assessment process makes use of threat intelligence in order to determine which threats are relevant to an organization. It may be dry, but it is useful for those that are making their security more threat-centric.
  • SECURITY OPERATIONS CENTER TOPIC: FInally, our pièce de résistance, a new paper on how to build a modern SOC. Seriously, we want to write a friggin’ SOC bible [yes, we think running a good today SOC requires some praying :–)] and focus on the 2016 SOC requirements, not 1998…. A lot of work is ahead for us on this one – and of course lots of fun blog posts!

So, our call to action:

  • Threat intelligence (TI) providers and/or threat intelligence platform (TIP) tool vendors, feel free to schedule a VB, BUT be ready for A LOT of questions on how your data and/or tools are used by real clients. Frankly, your dark web mojo is of no interest to us, UNLESS you can prove it is being actively used by [many] clients and you also explain how!
  • Anybody with recent SOC-building experience (vendor, consultant, enterprise, etc), we are happy to chat via whatever means comfortable to you. And, no, those who paid an MSSP and now live under an illusion of “having a SOC” need not apply 🙂

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Mike Loginov says:

    Anton we are in the process of scoping a federated forward looking SOC that will also integrate with a CERT and other threat intel sources. Be interested to understand more of what you are seeking to achieve to see if any synergies? Regards. Mike

    • Thanks a lot for the comment. We are still formulating our questions and plans, so I’d be happy to share this [here or privately via email] when we have that.