Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes

| | EDR, endpoint, security
Our main EDR document (“Endpoint Detection and Response Architecture and Operations Practices”) was just updated by Jon Amato, and it looks much better now. The abstract states “’Increasing complexity and frequency of attacks elevate the need for detection of attacks and incident response, all at enterprise scale. Technical professionals can ... Read More

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for some time, perhaps for 2+ years. However, we deferred this debate and hid behind the fact that most organizations don’t ... Read More

On Operational Excellence

| | philosophy, security
So I spent much of last week reading a book about Second World War called “The Second World Wars: How the First Global Conflict Was Fought and Won.“ You do not have to be a history buff to like it, since it is both intellectually interesting and fun to read, ... Read More

Is Encryption an NTA / NIDS / NFT Apocalypse?

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called “N-BAD” [“a coincidence? I think not”] and was solely Layer-3/flow/netflow-based. Back then, it was considered either a niche ... Read More

Our “How to Operate and Evolve a SIEM Solution” Publishes

| | Announcement, security, SIEM
We just published the second part of our SIEM guidance, “How to Operate and Evolve a SIEM Solution.” Our readers may recognize some of the content from our world-famous “Security Information and Event Management Architecture and Operational Processes,” but for the second part more has changed, including the way we ... Read More

Let’s Go Fight IT for Logs? Agents? Taps?

This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network security monitoring (via NTA or, if you’d like, NDR), endpoint detection (via EDR) and overall about SOC. Even threat hunting ... Read More

2019 Planning Guide for Security and Risk Management

| | Announcement, security
Our team has released our annual security planning guide: “2019 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription) The abstract states: “Security teams find it difficult to keep up with change, especially ... Read More

NTA: The Big Step Theory

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection and response) research one mystery has to be resolved. What motivates some organizations to actually deploy NTA (usually ... Read More

Security Architecture Frameworks – Yay or Nay?

| | architecture, security
This post is about a topic that few of us ponder often: security architecture frameworks. We have some exciting research plans in this area, hence this blog series. Perhaps one can say that dumb people think of boxes, smart people think of processes, wise people think of architectures? OK, I ... Read More

Anonymous Guest Post: More Vendor Briefing Advice

| | Uncategorized
A little bird landed on my desk, and it had the below clutched in its little beak. The text looks like it was written by a fellow analyst: Dear Vendor: Thanks so much for your briefing today. You obviously put a lot of work into your slide deck. However, you ... Read More