Gartner Blog Network

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Speaking at Gartner Security Summit Europe 2017

by Anton Chuvakin  |  September 11, 2017

Gartner Security & Risk Management Summit Europe / UK 2017 is coming soon and here is my traditional blog post summarizing my speaking at this upcoming event (London, UK, still Europe, September 18-19, 2017). “Tutorial: How to Build Your Own Security Analytics Capability” – Select enterprises have embarked on the journey toward building their own […]

Read more »

Security Analytics: Platform First or Content First?

by Anton Chuvakin  |  September 6, 2017

Other security bloggers write posts of general interest to the community (like posts on why “security ROI” is shit which reminds me of my 2007 post on the same topic or posts on how MalwareTech is doing), but I am sticking to esoteric detection engineering and security operations stuff because… I dunno…. it is just […]

Read more »

My Top 7 Popular Gartner Blog Posts for August 2017

by Anton Chuvakin  |  September 5, 2017

Most popular blog posts from my Gartner blog during the past month are: Is SIEM The Best Threat Detection Technology, Ever? (SIEM research) SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) Let’s Define “SIEM”! (SIEM […]

Read more »

Let’s Define “SIEM”!

by Anton Chuvakin  |  August 14, 2017

Shockingly, I am going to do another “is this 2005?” kind of post, now that I riled everybody up with my previous one. Let’s … DEFINE SIEM! But let’s define modern, today’s, circa 2017 SIEM since there is still confusion out there, it “siems”, especially in the area of “what is a SIEM”?” vs “what […]

Read more »

Is SIEM The Best Threat Detection Technology, Ever?

by Anton Chuvakin  |  August 7, 2017

That’d be a “NO” – those of my readers who are “anti-SIEM” can calm down now :–) Well…. let me explain and perhaps you will see that the answer evolves closer to “sort of” or “in some sense, perhaps” My recent exchanges on Twitter led me to believe that a percentage of my peers (some […]

Read more »

My Top 7 Popular Gartner Blog Posts for July 2017

by Anton Chuvakin  |  August 2, 2017

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) Our “Comparison of Endpoint Detection and Response Technologies and Solutions” Paper Publishes (EDR research) […]

Read more »

SIEM or Log Management?

by Anton Chuvakin  |  July 26, 2017

Welcome to 2002! Let’s discuss a timely topic … and, no, its not Y2K – that one is fortunately over. The topic is: SIEM vs log management. Yes, really! In 2017. This. Is. Still. A thing. Naturally, those of you avid blog readers from 2010 will immediately remember that I touched this topic many, many […]

Read more »

Action Item: SaaS SIEM Users Sought!

by Anton Chuvakin  |  July 19, 2017

As we already mentioned, one of the papers we are writing this quarter would be about (in part) SIEM delivered via a Software-as-a-service (SaaS) model. Let’s call it “SaaS SIEM.” If you recall, my long-time position was that such a thing didn’t really exist. As late as 2015, I mentioned this very fact. Well, it […]

Read more »

Flashback 2014: SIEM Deployment Blueprint Visual

by Anton Chuvakin  |  July 17, 2017

Back in 2014, we tried to create a SIEM “one-pager” that we published as “Blueprint for Designing a SIEM Deployment.” The essence of this short note was a picture that represented a typical SIEM deployment and also attempted to depict a typical SIEM implementation process (via the stage numbers that denote one of the possible […]

Read more »

Speaking at Gartner Security Summit Australia 2017

by Anton Chuvakin  |  July 14, 2017

Gartner Security & Risk Management Summit Australia / APAC 2017 is coming soon and here is my traditional blog post summarizing my speaking at this upcoming event (Sydney, Australia, August 21-22, 2017). “How to Deploy and Operationalize User and Entity Behavior Analytics (UEBA) Tools” – “UEBA can successfully detect malicious and suspicious activity that otherwise […]

Read more »