Gartner Blog Network

Tag: 'siem' Blog Posts

from the Gartner Blog Network

Threat Detection Is A Multi-Stage Process

by Augusto Barros  |  December 4, 2017

We are currently working on our SOAR research, as Anton has extensively blogged about. SOAR tools have been used to help organizations  triage and respond to the deluge of alerts...

Read more »

Our SIEM Assessment paper update is out!

by Augusto Barros  |  October 15, 2017

The results of our "summer of SIEM" are starting to come up; our assessment document on SIEM (basically, a "what" and "why" paper, that sits besides our big "how" doc...

Read more »

SIEM, Detection & Response: Build or Buy?

by Augusto Barros  |  July 27, 2017

As Anton already blogged (many times) and twitted about, we are working to refresh some of our SIEM research and also on a new document about SaaS SIEM. This specific...

Read more »

SIEM Correlation is Overrated

by Augusto Barros  |  March 31, 2017

During our research about UEBA tools, we noticed that these tools are gaining ground on SIEM solutions, with some organizations opting to focus their monitoring efforts on UEBA instead of...

Read more »

SIEM Architecture and Operational Processes UPDATE!

by Augusto Barros  |  February 3, 2016

My favorite Gartner GTP research document has just been updated: Security Information and Event Management Architecture and Operational Processes Using security information and event management requires more than just buying...

Read more »

Base Rates And Security Monitoring Use Cases

by Augusto Barros  |  November 27, 2015

As we continue to work on our research about security monitoring use cases, a few interesting questions around the technology implementation and optimization arise. Any threat detection system designed to...

Read more »

Discovering New Monitoring Use Cases

by Augusto Barros  |  November 6, 2015

We've been thinking about the multiple processes around monitoring use cases for our next research project. This week, the focus was on the use case discovery process. So you have...

Read more »

SIEM Use Case Discovery

by Anton Chuvakin  |  November 5, 2015

Our journey to SIEM use cases begins at SIEM USE CASE DISCOVERY, a commonly overlooked [even by me :-)] step. Coincidentally, why didn’t I take it seriously sometimes? Because if...

Read more »

Research on Security Monitoring Use Cases Coming Up

by Augusto Barros  |  October 28, 2015

As Anton Chuvakin recently mentioned on his blog, we are starting some research on the work around security monitoring use cases: from the basic identification of candidates to prioritization, implementation,...

Read more »

Federated Security Monitoring

by Augusto Barros  |  September 30, 2015

In a very distant past, security monitoring used to be a very simple activity. A single guy would grab logs from the firewall, the IDS and maybe an authentication system...

Read more »