Gartner Blog Network

Showing results for "0":

On Wild Security Maturity Overestimation

by Anton Chuvakin  |  November 13, 2017

Want to know what my absolute #1 insight that I learned working at Gartner for 6+ years is? No jokes, this is serious! Any guesses from the audience? In any case, this would be a huge number of organizations that are way, way, way worse in information security compared to your wildest, most pessimistic view […]

Read more »

SOAR and Ticketing: Friends, Frenemies or the Same thing?

by Anton Chuvakin  |  November 3, 2017

We continue our journey through SOAR mysteries with this one: what is the relationship between case management (aka ticketing) and SOAR? So far, we have encountered these views (overdramatized for added hilarity!): “Are you dumb? SOAR and security case management are essentially the same thing; you cannot have a SOAR tool without incident case management, […]

Read more »

My Top 7 Popular Gartner Blog Posts for October 2017

by Anton Chuvakin  |  November 2, 2017

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Popular SIEM Starter Use Cases (SIEM research) Detailed SIEM Use Case Example (SIEM research) Why Your Security Data Lake Project Will FAIL! (likely my most popular single Gartner […]

Read more »

Our 2017 SIEM Research Papers Publish

by Anton Chuvakin  |  October 31, 2017

Our Summer of SIEM is now fully over since all documents we developed have published. All documents below require Gartner GTP subscription. They are: “SIEM Technology Assessment” [2017 UPDATE] reviews the current SIEM technology landscape and makes a few predictions about this technology [and, no, it is NOT dead, if you have to ask]. “Evaluation […]

Read more »

SOAR and “Curve-jumping” in Security Operations

by Anton Chuvakin  |  October 20, 2017

Lets think about this together — can you really jump to the “next curve” in security, or do you have to travel the entire journey from the old ways to the cutting edge? This is a harder question than it appears and there are temptations on both sides of the argument. Also, there are false […]

Read more »

Your Security Operations Maturity – and Your MSSP

by Anton Chuvakin  |  October 17, 2017

Contrary to what some people think, using MSSP is not just for losers low-maturity organizations and SMBs. For sure, we do see a lot of MSSP usage by clients who “need some monitoring for compliance” or “have no team and no process, and want ‘security outsourced’” (the latter seems like a good indication for MSSP […]

Read more »

How To Test Your MSSP/MDR?

by Anton Chuvakin  |  October 11, 2017

As customary in our beloved domain of “cyber”, I will start with a depressing quote: “If you really knew how to test an MSSP properly, you likely didn’t need an MSSP.” (source: in this thread somewhere, if the author reads this, I am happy to ack by name) On a more serious note, clients must […]

Read more »

SOAR: Magic or Mundane?

by Anton Chuvakin  |  October 6, 2017

When we think of Security Orchestration, Automation and Response (SOAR) nowadays (and we do think a lot about SOAR), we primarily think of this: SOAR = security workflow + security orchestration + security automation [+ maybe knowledge management of playbooks and such] (and, yes, a longer post that explains the above terms is coming too) […]

Read more »

2018 Planning Guide for Security and Risk Management

by Anton Chuvakin  |  October 4, 2017

Our team has just released our annual security planning guide: “2018 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription…) The abstract states: “Although security has been a major challenge for digital business for many years, recent events […]

Read more »

My Top 7 Popular Gartner Blog Posts for September 2017

by Anton Chuvakin  |  October 2, 2017

Most popular blog posts from my Gartner blog during the past month are: SIEM Use Cases – And Other Security Monitoring Use Cases Too! (security monitoring research) Security Analytics: Platform First or Content First? (security analytics research) Popular SIEM Starter Use Cases (SIEM research) SOAR Research Coming … Brace for Impact!! (SOAR research) Detailed SIEM […]

Read more »