Gartner Blog Network

Category: 'threat-detection' Blog Posts

from the Gartner Blog Network

More on “AI for cybersecurity”

by Augusto Barros  |  January 4, 2019

There is a very important point to understand about the vendors using ML for threat detection. Usually ML is used to identify known behavior, but with variable parameters. What does...

Read more »

Endpoint Has Won, Why Bother With NTA?

by Augusto Barros  |  October 3, 2018

One of my favorite blog posts from Anton is the one about the "SOC nuclear triad". As he describes, SOCs should use logs, endpoint and network data on their threat...

Read more »

Comments: 9

The "How To Build a SOC" Paper Update is OUT!

by Augusto Barros  |  September 7, 2018

Anton and I have been probing the social media for some time about the trends related to SOC and incident response teams. All that work finally made its way into...

Read more »

Comments: 5

Is Your SOC your CSIRT?

by Augusto Barros  |  June 27, 2018

As we move forward on updating our SOC research, Anton and I are back to the discussion about the existence of two separate entities in organizations, the SOC and CSIRT....

Read more »

Comments: 6

SOAR paper is out!

by Augusto Barros  |  February 22, 2018

Anton beat me this time on blogging about our new research, but I'll do it anyway :-) Our document about Security Orchestration, Automation and Response (SOAR) tools includes some interesting...

Read more »

The "working with an MSSP" Tome Is Here

by Augusto Barros  |  January 30, 2018

As Anton just posted, the new version of the famous "How to Work With an MSSP to Improve Security" has just been published. I'm very happy to become a co-author...

Read more »

Security Monitoring Use Cases, the UPDATE!

by Augusto Barros  |  January 17, 2018

Posting about updated documents is often boring, but this time I'm talking about my favorite Gartner document, as usual, co-authored with Anton: "How to Develop and Maintain Security Monitoring Use Cases"!...

Read more »

Comments: 5