Gartner Blog Network

Category: 'monitoring' Blog Posts

from the Gartner Blog Network

Should You Buy a Piece of SIEM?

by Anton Chuvakin  |  May 31, 2019

We lament that people love to buy single-purpose security tools and then complain about it, but what about buying components of tools? For example, will you buy a normalization engine...

Read more »

Secure The Wrong Path or Change The Path?

by Anton Chuvakin  |  May 24, 2019

How do I configure a firewall appliance in public IaaS? How do I install anti-virus inside a container? How do I filter calls to microservices via an appliance in my...

Read more »

Migrating from Your SIEM to a New One

by Anton Chuvakin  |  May 13, 2019

Many years ago, in 2011, I wrote this blog post on SIEM migration, called “How to Replace a SIEM?” I was a consultant at that time and I helped some...

Read more »

Rule Based Detection?

by Anton Chuvakin  |  April 30, 2019

One of the famous insults that security vendors use against competitors nowadays is “RULE – BASED.” In essence, if you want to insult your peers who, in your estimation, don’t...

Read more »

Psychoanalyzing Security Cloud Fears

by Anton Chuvakin  |  March 20, 2019

Here is a funny one: why so many security professionals (and leaders) still hate the cloud? OK, OK, I get it, many of you want to respond to this with...

Read more »

Webinar Q&A from Modern Network Threat Detection and Response

by Anton Chuvakin  |  February 11, 2019

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity....

Read more »

Our "Solution Path for Implementing Threat Detection and Incident Response" Publishes

by Anton Chuvakin  |  January 22, 2019

As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially...

Read more »

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

by Anton Chuvakin  |  December 7, 2018

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for...

Read more »

Is Encryption an NTA / NIDS / NFT Apocalypse?

by Anton Chuvakin  |  November 16, 2018

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it...

Read more »

NTA: The Big Step Theory

by Anton Chuvakin  |  October 25, 2018

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for...

Read more »