Gartner Blog Network

Category: 'detection' Blog Posts

from the Gartner Blog Network

Rule Based Detection?

by Anton Chuvakin  |  April 30, 2019

One of the famous insults that security vendors use against competitors nowadays is “RULE – BASED.” In essence, if you want to insult your peers who, in your estimation, don’t...

Read more »

Our "Applying Network-Centric Approaches for Threat Detection and Response" Paper Publishes

by Anton Chuvakin  |  March 19, 2019

After many discussions and a bit of a re-write, our new paper “Applying Network-Centric Approaches for Threat Detection and Response” is finally ready (Gartner GTP access required). The abstract states...

Read more »

Our Updated "Applying Deception Technologies and Techniques to Improve Threat Detection and Response" (2019) Publishes

by Anton Chuvakin  |  February 22, 2019

Esteemed Mr Barros has beat me to it this time, but here is my re-re-announcement of our updated “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” (2019)...

Read more »

Tricky: Will UEBA and NTA Ever Merge?

by Anton Chuvakin  |  February 13, 2019

Here is an obvious, but not really obvious question: will UEBA and NTA ever merge? Admittedly, normal security people who don’t care about the changing tides of vendors and markets...

Read more »

Webinar Q&A from Modern Network Threat Detection and Response

by Anton Chuvakin  |  February 11, 2019

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity....

Read more »

Our "Solution Path for Implementing Threat Detection and Incident Response" Publishes

by Anton Chuvakin  |  January 22, 2019

As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially...

Read more »

Upcoming Webinar: Modern Network Threat Detection and Response

by Anton Chuvakin  |  January 21, 2019

Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time:...

Read more »

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

by Anton Chuvakin  |  December 7, 2018

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for...

Read more »

Is Encryption an NTA / NIDS / NFT Apocalypse?

by Anton Chuvakin  |  November 16, 2018

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it...

Read more »

Let’s Go Fight IT for Logs? Agents? Taps?

by Anton Chuvakin  |  November 1, 2018

This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network...

Read more »