Next Research: SOC, SIEM, and Again Overall Detection and Response

We worked too damn hard developing these papers (and one more to come out on this topic), so we will be focusing on updates to our key existing papers next quarter. “Hard work never killed anybody, but why take chances” is the slogan for the coming Summer

So, we are planning to update these papers of ours (that is by Augusto and me – and soon also by our yet-undisclosed new partner in crime):

• “Security Information and Event Management Architecture and Operational Processes” is our absolute favorite paper, our SIEM bible [or: “SIEM – the missing manual” for the atheists; “SIEM, the satanic bible” for those of darker magicks] and it needs a refresh. It also need to be split into 2 papers since it has grown to nearly 60 pages of juicy awesomeness, and so adding new juicy awesomeness has become untenable.
• “How to Plan, Design, Operate and Evolve a SOC” is from 2016, but we think we need to modernize this a bit as well, such as by adding more SOAR to it, and to address common hybrid SOC questions from clients.
• “Solution Path: Detecting and Responding to Attacks and Incidents” is a very, very old paper that was supposed to work like a roadmap to all the exciting stuff the team has written on detection and response. It will be rewritten to point to new content, and also to highlight some new practices such as threat hunting.

All papers require Gartner GTP subscription. Feel free to add comments about what you would like to see in these papers, such as by using our paper feedback form. Or leave comments below. Or tweet at Augusto and me.

*** This is a Security Bloggers Network syndicated blog from Anton Chuvakin authored by Anton Chuvakin. Read the original post at: https://blogs.gartner.com/anton-chuvakin/2018/05/21/next-research-soc-siem-and-again-overall-detection-and-response/