Gartner Blog Network

Category: 'threat-intelligence' Blog Posts

from the Gartner Blog Network

Threat Detection Is A Multi-Stage Process

by Augusto Barros  |  December 4, 2017

We are currently working on our SOAR research, as Anton has extensively blogged about. SOAR tools have been used to help organizations  triage and respond to the deluge of alerts...

Read more »

All My Research Published in 2016

by Anton Chuvakin  |  December 22, 2016

To make it easy for my readers to find my research, here is the list of everything I published in 2016 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

How to Grow to Strategic Threat Intel Consumption?

by Anton Chuvakin  |  August 24, 2016

Here is a bitchingly hard question: how to get organizations to move up the maturity scale of using threat intelligence (TI), from blindly [ok, not always blindly] dropping indicator feeds...

Read more »

Arriving at a Modern SOC Model

by Augusto Barros  |  August 8, 2016

While writing our new (and exciting) research on "how to build a SOC", we came into a conclusion that a modern SOC has some interesting differences from the old vanilla...

Read more »

Can I Detect Advanced Threats With Just Flows/IPFIX?

by Anton Chuvakin  |  July 21, 2016

Source IP. Destination IP. Source port. Destination port. Network protocol. Connection time. A bit more context data. Is this enough to detect “an advanced threat”? Before you jump to conclusions,...

Read more »

About The Tri-Team Model of SOC, CIRT, "Threat Something"

by Anton Chuvakin  |  July 7, 2016

From the clients with THE MOST mature security operations, we learn the so-called “tri-team” model for detection and response: SOC – primarily monitoring and threat detection in near real-time, and...

Read more »

What's Like to Use Non-MRTI Threat Intelligence

by Augusto Barros  |  July 6, 2016

We often hear clients asking about threat intelligence related processes: how to collect, refine and utilize it (by the way, this document is being updated; let us know if you...

Read more »

Baby’s First Threat Intel Usage Questions

by Anton Chuvakin  |  June 28, 2016

Every time I think I already wrote the most basic blog post on threat intelligence usage, somebody comes and asks for an even more basic one… Now, many of you...

Read more »

How a Lower Maturity Security Organization Can Use Threat Intel?

by Anton Chuvakin  |  May 16, 2016

As we mentioned, we are starting a refresh effort for our threat intelligence paper [Gartner GTP access required]. One thing we may add is more detailed guidance on the usage...

Read more »

Threat Intelligence and Operational Agility

by Anton Chuvakin  |  August 13, 2015

I sometimes say that “threat intel doesn’t help people who don’t help themselves.” Here is one particular example: if you buy the best threat intelligence possible - mixed strategic and...

Read more »