Gartner Blog Network

Category: 'insights-and-philosophical' Blog Posts

from the Gartner Blog Network

Endpoint Has Won, Why Bother With NTA?

by Augusto Barros  |  October 3, 2018

One of my favorite blog posts from Anton is the one about the "SOC nuclear triad". As he describes, SOCs should use logs, endpoint and network data on their threat...

Read more »

Is Your SOC your CSIRT?

by Augusto Barros  |  June 27, 2018

As we move forward on updating our SOC research, Anton and I are back to the discussion about the existence of two separate entities in organizations, the SOC and CSIRT....

Read more »

Big data And AI Craziness Is Ruining Security Innovation

by Augusto Barros  |  April 11, 2018

I don't care if you use Hadoop or grep+Perl scripts. If you can demonstrate enough performance to do what you claim you can do, that's what matters to me from...

Read more »

It's Not (Only) That The Basics Are Hard...

by Augusto Barros  |  February 26, 2018

While working on our research for testing security practices, and also about BAS tools, I've noticed that a common question about adding more testing is "why not putting some real...

Read more »

Automation - Why Only Now?

by Augusto Barros  |  January 12, 2018

As we ramp up our research on SOAR and start looking at some interesting tools for automated security testing, something crossed my mind: Why are we only seeing security operations...

Read more »

SIEM, Detection & Response: Build or Buy?

by Augusto Barros  |  July 27, 2017

As Anton already blogged (many times) and twitted about, we are working to refresh some of our SIEM research and also on a new document about SaaS SIEM. This specific...

Read more »

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on "how to build a SOC", we came into a conclusion that a modern SOC has some interesting differences from the old vanilla...

Read more »

RSA Conference 2016 observations

by Augusto Barros  |  March 16, 2016

It's a bit late to write about what I saw at RSA this year (it's almost time for the Gartner Security & Risk Management Summit!), but I've finally defeated procrastination...

Read more »

The D in EDR

by Augusto Barros  |  February 9, 2016

The research on EDR tools and practices renders some very interesting discussions on tools capabilities. While many EDR vendors will focus on their fast searching and automated IOC checking capabilities,...

Read more »

Yes, Give Deception a Chance!

by Augusto Barros  |  January 14, 2016

So, Anton finally brought the deception subject up on his blog, leaving a small bait for me at the end of his post. Ok, that's a great subject to return...

Read more »