Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Psychoanalyzing Security Cloud Fears

by Anton Chuvakin  |  March 20, 2019

Here is a funny one: why so many security professionals (and leaders) still hate the cloud? OK, OK, I get it, many of you want to respond to this with...

Read more »

Webinar Q&A from Modern Network Threat Detection and Response

by Anton Chuvakin  |  February 11, 2019

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity....

Read more »

Our "Solution Path for Implementing Threat Detection and Incident Response" Publishes

by Anton Chuvakin  |  January 22, 2019

As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially...

Read more »

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

by Anton Chuvakin  |  December 7, 2018

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for...

Read more »

Is Encryption an NTA / NIDS / NFT Apocalypse?

by Anton Chuvakin  |  November 16, 2018

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it...

Read more »

NTA: The Big Step Theory

by Anton Chuvakin  |  October 25, 2018

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for...

Read more »

Network Anomaly Detection Track Record in Real Life?

by Anton Chuvakin  |  October 15, 2018

As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be...

Read more »

Our 2018 Update to "How to Plan, Design, Operate and Evolve a SOC" Publishes

by Anton Chuvakin  |  September 17, 2018

As Augusto already announced awhile ago, we have updated our “how to SOC” paper for 2018. His post even includes our main guidance visual (!), made that much more awesome...

Read more »

2018 Popular SIEM Starter Use Cases

by Anton Chuvakin  |  July 20, 2018

One of the most popular posts (example) on my blog is “Popular SIEM Starter Use Cases.” However, this post is from 2014, and is, in fact, partially based on my...

Read more »

SOAR-native SOC, Can This Work?

by Anton Chuvakin  |  July 13, 2018

This post is part of our current SOC research, but it also touches on our past SOAR research. Here is the thing: when we looked at SOAR technology, we mostly...

Read more »