Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Can You Do a SIEM-less SOC?

by Anton Chuvakin  |  June 26, 2018

Along the lines of this post where we discussed the concept of “SIEM alternatives”, let’s discuss this in the context of a modern SOC. Will I ever do or recommend a SIEM-less SOC? — As you can guess from the above, my answer is ‘it depends on what you mean by “SIEM.”’ So: #1 Will […]

Read more »

Is Security Just Too Damn Hard? Is Product+Service The Future?

by Anton Chuvakin  |  June 21, 2018

OK, I got a catchy headline, now what? This is another philosophical post about the fate of our beloved domain of cyber. Specifically, we all remember Dan Geer’s classic quote “Internet security is quite possibly the most intellectually challenging profession on the planet” and most of us doing security read it optimistically (as in “oh […]

Read more »

Highlights from Verizon DBIR 2018

by Anton Chuvakin  |  June 15, 2018

Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not only my favorites below: “Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential exposure—of data to an […]

Read more »

SIEM Alternatives? What Are They? Do They Exist?

by Anton Chuvakin  |  June 14, 2018

As we are preparing for a project to update our famed SIEM and SOC guidance documents, let’s have a quick discussion of so-called “SIEM alternatives.” If you recall my funny post “Is SIEM The Best Threat Detection Technology, Ever?”, I opined that “all told, log-centric monitoring is probably the best starting point for most [but […]

Read more »

Why This Paper? or Mysteries of Testing Security!

by Anton Chuvakin  |  June 12, 2018

Some of you have been wondering why we decided to embark on a project that resulted in our paper called “Threat-Oriented Approaches to Test Security in Production” [Gartner GTP access required]. For sure, the same research project also produced our world-famous BAS paper, but this one is a more traditional here-is-a-new-tech-and-how-to-use-it kinda document. The testing […]

Read more »

My Top 7 Popular Gartner Blog Posts for May 2018

by Anton Chuvakin  |  June 1, 2018

Most popular blog posts from my Gartner blog during the past month are: Our Security Orchestration and Automation (SOAR) Paper Publishes (SOAR research) <- read the paper or the blog posts linked therein (still soars at #1 spot!) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) My GDPR-Inspired Rant: […]

Read more »

New Paper Published: “How to Start Your Threat Detection and Response Practice”

by Anton Chuvakin  |  May 30, 2018

This is a very special paper that is very dear to my heart (and hopefully to Augusto’s as well). It is called “How to Start Your Threat Detection and Response Practice” (Gartner GTP access required). Note that this paper is NOT in any way “advanced.” So, if you run a SOC team of 12 people, […]

Read more »

My GDPR – Inspired Rant: Privacy, WTH!!!

by Anton Chuvakin  |  May 25, 2018

This has been brewing for years, and May 25 (aka “the GDPR Day”) is the perfect day for my epic privacy rant. So, WTH is privacy?! WTH is this obsession with privacy?! Look, I get secrecy or confidentiality. I do NOT want my health data in your hands. Is this privacy? Hell no. This is […]

Read more »

You Cannot Buy Security Operations Maturity But You Can … Ruin It

by Anton Chuvakin  |  May 22, 2018

In my day job, I ponder all sorts of strange stuff. For example, here is a philosophical one: can one buy security operations maturity? By the way, note that when I say “security operations maturity”, the hidden word here is “process” – so in reality I speak of “security operations process and, to a lesser […]

Read more »

Next Research: SOC, SIEM, and Again Overall Detection and Response

by Anton Chuvakin  |  May 21, 2018

We worked too damn hard developing these papers (and one more to come out on this topic), so we will be focusing on updates to our key existing papers next quarter. “Hard work never killed anybody, but why take chances” is the slogan for the coming Summer So, we are planning to update these papers […]

Read more »