Gartner Blog Network

Category: 'siem-and-log-management' Blog Posts

from the Gartner Blog Network

The "working with an MSSP" Tome Is Here

by Augusto Barros  |  January 30, 2018

As Anton just posted, the new version of the famous "How to Work With an MSSP to Improve Security" has just been published. I'm very happy to become a co-author...

Read more »

Security Monitoring Use Cases, the UPDATE!

by Augusto Barros  |  January 17, 2018

Posting about updated documents is often boring, but this time I'm talking about my favorite Gartner document, as usual, co-authored with Anton: "How to Develop and Maintain Security Monitoring Use Cases"!...

Read more »

Threat Detection Is A Multi-Stage Process

by Augusto Barros  |  December 4, 2017

We are currently working on our SOAR research, as Anton has extensively blogged about. SOAR tools have been used to help organizations  triage and respond to the deluge of alerts...

Read more »

Our SIEM Assessment paper update is out!

by Augusto Barros  |  October 15, 2017

The results of our "summer of SIEM" are starting to come up; our assessment document on SIEM (basically, a "what" and "why" paper, that sits besides our big "how" doc...

Read more »

Speaking at the Gartner Security Summit Dubai

by Augusto Barros  |  October 15, 2017

I have a few sessions at the Gartner Security and Risk Management Summit in Dubai, October 16th and 17th. This is the wrap up of the Security Summit season for...

Read more »

SIEM, Detection & Response: Build or Buy?

by Augusto Barros  |  July 27, 2017

As Anton already blogged (many times) and twitted about, we are working to refresh some of our SIEM research and also on a new document about SaaS SIEM. This specific...

Read more »

SIEM Correlation is Overrated

by Augusto Barros  |  March 31, 2017

During our research about UEBA tools, we noticed that these tools are gaining ground on SIEM solutions, with some organizations opting to focus their monitoring efforts on UEBA instead of...

Read more »

So You Want To Build A SOC?

by Augusto Barros  |  October 17, 2016

Now you can! But should you do it? As anticipated here and here, our new paper about how to plan, design, operate and evolve a Security Operations Center is out! This...

Read more »

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on "how to build a SOC", we came into a conclusion that a modern SOC has some interesting differences from the old vanilla...

Read more »

Are Security Monitoring Alerts Becoming Obsolete?

by Augusto Barros  |  July 8, 2016

If I ask anyone working on a SOC about a high level description of their monitoring process, the answer will most likely look like this: "The SIEM generates an alert,...

Read more »