Gartner Blog Network

Augusto Barros
Research VP
3 years at Gartner
21 years IT Industry

Augusto Barros is Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

The new (old) SIEM papers are out!

by Augusto Barros  |  November 13, 2018

As Anton already mentioned here and here, our update of the big SIEM paper was turned into two new papers: How to Architect and Deploy a SIEM Solution SIEM is expected to remain a mainstay of security monitoring, but many organizations are challenged with deploying the technology. This guidance framework provides a structured approach for […]

Read more »

Endpoint Has Won, Why Bother With NTA?

by Augusto Barros  |  October 3, 2018

One of my favorite blog posts from Anton is the one about the “SOC nuclear triad”. As he describes, SOCs should use logs, endpoint and network data on their threat detection and response efforts. But we also know that organizations don’t have infinite resources and will often have to decide about which tool to deploy […]

Read more »

The “How To Build a SOC” Paper Update is OUT!

by Augusto Barros  |  September 7, 2018

Anton and I have been probing the social media for some time about the trends related to SOC and incident response teams. All that work finally made its way into our “How to Plan, Design, Operate and Evolve a SOC” paper. It is the same paper we published a couple of years ago, but updated […]

Read more »

Gartner Security and Risk Management Summit Brazil – 2018

by Augusto Barros  |  July 31, 2018

The Gartner Security Summit Brazil is fast approaching and I’m happy to be part of it again. This time it’s even more special, for many reasons. This is my first year as the chairman of the conference. It’s very rewarding to be work on the content that will be delivered,  selecting analysts and external speakers. I’m […]

Read more »

Is Your SOC your CSIRT?

by Augusto Barros  |  June 27, 2018

As we move forward on updating our SOC research, Anton and I are back to the discussion about the existence of two separate entities in organizations, the SOC and CSIRT. This has been the “standard model” we’ve based some of our research on. It looks more or less like this: – Security Operations Center: Runs […]

Read more »

Threat Simulation Open Source Projects

by Augusto Barros  |  April 17, 2018

It’s crazy how many (free!) OSS projects are popping up for threat and attack simulation! We are working on research about Breach and Attack Simulation (BAS) tools, and we’ll certainly mention these projects, buy I thought it would be valuable to provide a list of links on the blog as well. Here are all the […]

Read more »

Big data And AI Craziness Is Ruining Security Innovation

by Augusto Barros  |  April 11, 2018

I don’t care if you use Hadoop or grep+Perl scripts. If you can demonstrate enough performance to do what you claim you can do, that’s what matters to me from a backend point of view. Now, can you show me that your tool does what it should do better than your competitors? There is a […]

Read more »

The Virtual Patch Analyst

by Augusto Barros  |  March 7, 2018

Is there a need, or place for a “virtual patch analyst”? If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest our clients to consider is preparing for mitigation actions, when the immediate vulnerability remediation is not possible. We often see organizations scrambling to do it […]

Read more »

It’s Not (Only) That The Basics Are Hard…

by Augusto Barros  |  February 26, 2018

While working on our research for testing security practices, and also about BAS tools, I’ve noticed that a common question about adding more testing is “why not putting some real effort in doing the basics instead of yet another security test?”. After all, there is no point in looking for holes when you don’t even […]

Read more »

SOAR paper is out!

by Augusto Barros  |  February 22, 2018

Anton beat me this time on blogging about our new research, but I’ll do it anyway Our document about Security Orchestration, Automation and Response (SOAR) tools includes some interesting findings. Anton provided some quotes on his post, but I’ll mention some of my favorites too: SIEM tools are often used to aggregate multiple sources of […]

Read more »