Gartner Blog Network

Tag: 'security-monitoring' Blog Posts

from the Gartner Blog Network

The "working with an MSSP" Tome Is Here

by Augusto Barros  |  January 30, 2018

As Anton just posted, the new version of the famous "How to Work With an MSSP to Improve Security" has just been published. I'm very happy to become a co-author...

Read more »

Security Monitoring Use Cases, the UPDATE!

by Augusto Barros  |  January 17, 2018

Posting about updated documents is often boring, but this time I'm talking about my favorite Gartner document, as usual, co-authored with Anton: "How to Develop and Maintain Security Monitoring Use Cases"!...

Read more »

SIEM Correlation is Overrated

by Augusto Barros  |  March 31, 2017

During our research about UEBA tools, we noticed that these tools are gaining ground on SIEM solutions, with some organizations opting to focus their monitoring efforts on UEBA instead of...

Read more »

So You Want To Build A SOC?

by Augusto Barros  |  October 17, 2016

Now you can! But should you do it? As anticipated here and here, our new paper about how to plan, design, operate and evolve a Security Operations Center is out! This...

Read more »

Are Security Monitoring Alerts Becoming Obsolete?

by Augusto Barros  |  July 8, 2016

If I ask anyone working on a SOC about a high level description of their monitoring process, the answer will most likely look like this: "The SIEM generates an alert,...

Read more »

Yes, Give Deception a Chance!

by Augusto Barros  |  January 14, 2016

So, Anton finally brought the deception subject up on his blog, leaving a small bait for me at the end of his post. Ok, that's a great subject to return...

Read more »

Research on Security Monitoring Use Cases Coming Up

by Augusto Barros  |  October 28, 2015

As Anton Chuvakin recently mentioned on his blog, we are starting some research on the work around security monitoring use cases: from the basic identification of candidates to prioritization, implementation,...

Read more »

Federated Security Monitoring

by Augusto Barros  |  September 30, 2015

In a very distant past, security monitoring used to be a very simple activity. A single guy would grab logs from the firewall, the IDS and maybe an authentication system...

Read more »

Security Analytics: Projects vs Boxes (Build vs Buy)?

by Anton Chuvakin  |  February 3, 2015

This is going to be a sad one. This is going to include lines like “Even if you only spend $1m on security data scientists per year, you can …”...

Read more »

Alert-driven vs Exploration-driven Security Analysis

by Anton Chuvakin  |  May 20, 2013

Is alert-driven security workflow “dead”?! It is most certainly not. However, it is being challenged at some enlightened organizations that deploy SIEM, network forensics or other analytics technologies (notice how...

Read more »