Gartner Blog Network

Category: 'incident-response' Blog Posts

from the Gartner Blog Network

Planned: A Quick Paper on Threat Hunting - Ideas Sought

by Anton Chuvakin  |  March 1, 2017

As it happens, I will now work on a short and sweet paper on THREAT HUNTING. So far, I’ve have seen two types of materials on THREAT HUNTING (TH): Great...

Read more »

Comments: 24

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on "how to build a SOC", we came into a conclusion that a modern SOC has some interesting differences from the old vanilla...

Read more »

Comments: 6

Our first EDR paper is OUT!

by Augusto Barros  |  May 19, 2016

It's almost impossible to get ahead of Dr. Chuvakin on blog posts and announcing new research, but I'm lucky enough he is driving at this precise moment and not able...

Read more »

Comments: 2

How to Plan and Execute Modern Security Incident Response - NEW

by Augusto Barros  |  April 13, 2016

I had the opportunity to work with Anton on updating one of his best documents, "How to Plan and Execute Modern Security Incident Response", which was published today on

Read more »

Anton’s Favorite Threat Hunting Links

by Anton Chuvakin  |  March 21, 2016

Somebody asked me for best resources on THREAT HUNTING, and that reminded me that I wanted to write a linklist blog post on this very topic. Below are some of...

Read more »

Comments: 6

What Is Different About Security Incident Response Today?

by Anton Chuvakin  |  February 23, 2016

When I started our security IR research in 2013, one of the questions I sought to answer was “how is IR today different from the old days, when most of...

Read more »

Comments: 11

Incident Response Becomes Threat Response ... OR Does It: IR Research Commencing

by Anton Chuvakin  |  February 5, 2016

As planned, we are starting our research effort on EDR, but also one on security incident response (IR), a topic we last touched in 2013. Most likely, we will be...

Read more »

EDR Research Commencing: Call To Action!

by Anton Chuvakin  |  January 27, 2016

As we mentioned in this post, we are about the visit the land of EDR (formerly: ETDR) in order to update Gartner GTP EDR coverage and to create one new...

Read more »

Comments: 6

Where Does EDR End and "NG AV" Begin?

by Anton Chuvakin  |  December 3, 2015

What is the difference between Endpoint Detection and Response (EDR, previously named ETDR) and “NG anti-virus” (“NG AV” is not an official term)? Specifically, where EDR ends and AV begins?...

Read more »

Comments: 4