Gartner Blog Network

Category: 'detection' Blog Posts

from the Gartner Blog Network

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

by Anton Chuvakin  |  December 7, 2018

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for...

Read more »

Is Encryption an NTA / NIDS / NFT Apocalypse?

by Anton Chuvakin  |  November 16, 2018

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it...

Read more »

Let’s Go Fight IT for Logs? Agents? Taps?

by Anton Chuvakin  |  November 1, 2018

This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network...

Read more »

NTA: The Big Step Theory

by Anton Chuvakin  |  October 25, 2018

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for...

Read more »

Network Anomaly Detection Track Record in Real Life?

by Anton Chuvakin  |  October 15, 2018

As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be...

Read more »

Our 2018 Update to "How to Plan, Design, Operate and Evolve a SOC" Publishes

by Anton Chuvakin  |  September 17, 2018

As Augusto already announced awhile ago, we have updated our “how to SOC” paper for 2018. His post even includes our main guidance visual (!), made that much more awesome...

Read more »

SIEM Alternatives? What Are They? Do They Exist?

by Anton Chuvakin  |  June 14, 2018

As we are preparing for a project to update our famed SIEM and SOC guidance documents, let’s have a quick discussion of so-called “SIEM alternatives.” If you recall my funny...

Read more »

Next Research: SOC, SIEM, and Again Overall Detection and Response

by Anton Chuvakin  |  May 21, 2018

We worked too damn hard developing these papers (and one more to come out on this topic), so we will be focusing on updates to our key existing papers next...

Read more »

Baby’s First Threat Assessment?

by Anton Chuvakin  |  March 14, 2018

Upon reading my previous post, a few of you have wisely pointed out: … but detection of WHAT? How can you talk about the best starter tool for threat detection...

Read more »

New Research: How to Actually Test Security?

by Anton Chuvakin  |  December 26, 2017

As I alluded here, we [Augusto and me] will be starting an epic new research project on testing security [BTW, should we codename it “Testing Security”, Augusto? :-)] First, a...

Read more »