Gartner Blog Network

Baby’s First Threat Assessment?

by Anton Chuvakin  |  March 14, 2018  |  1 Comment

Upon reading my previous post, a few of you have wisely pointed out: … but detection of WHAT? How can you talk about the best starter tool for threat detection without any concept of the subject of said detection?

OK, fine! 🙂 I made assumptions and you know what they say about people who “ass-u-me.” Specifically, I assumed the detection of commodity threats that plague everybody (not unique and targeted ones): all this ransomware and “cryptominingware” stuff, other popular malware, popular web hacking, phishing, popular DDoS and popular other intrusions (POS hacks if you have POS, etc). Note that the context for this discussion is organizations who have barely evolved from “security = firewalls + anti-virus + SSL” stance!

Essentially, this is the case where “reading Verizon DBIR to learn about threats in general” is your lighweight threat assessment process.

While everybody tosses the term APT around (do they still?), nation-state and advanced, let’s do the opposite: what threats do you consider to be BASIC and COMMODITY? What threats nobody should ignore? What are today’s non-advanced threats?

Perhaps these:

  • Commodity malware including ransomware
  • Basic web hacking (if you have web presence)
  • Credential theft/abuse
  • Phishing
  • Basic volumetric DDoS
  • Others?

(note that the above list is not taxonomically pure, since it mixes up attack methods, threats and incident types, but perhaps this is OK for the audience of this effort)

Still too hard for the audience in question?

Blog posts related to this project:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: detection  monitoring  security  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on Baby’s First Threat Assessment?

  1. […] This workshop will go through a structured approach to find out” (based on the future paper and these posts) <- this is NOT advanced, but focuses on usable […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.