2018 Popular SIEM Starter Use Cases

One of the most popular posts (example) on my blog is “Popular SIEM Starter Use Cases.” However, this post is from 2014, and is, in fact, partially based on my earlier experiences doing SIEM consulting in 2009-2011. In other words, it is kinda old. Perhaps surprising to some, our data ... Read More

Why We Value Inquiry Visibility Over … Well … Over Everything Else?

| | philosophy
This fun discussion on industry analyst craft reminded me of an unfinished post I had sitting in my draft folder … for a year. And now it is finished! When we create research and decide to include or mention vendors [uh-oh, careful with the topic, Anton :-)], we don’t do ... Read More

SOAR-native SOC, Can This Work?

| | Monitoring, security, SOAR, SOC
This post is part of our current SOC research, but it also touches on our past SOAR research. Here is the thing: when we looked at SOAR technology, we mostly saw more mature SOCs adopting the tech. This is primarily based on the fact that they “tried the SOC thing” ... Read More

Our Team Is Hiring: THREE New Positions Open – North America and Europe

As Gartner GTP client inquiry volumes grow, our team needs to expand again. We now have THREE positions open (one long-running replacement hire and two expansion hires). So … our team at Gartner for Technical Professionals (GTP) is HIRING! If you already read my tips in the past, go and ... Read More

What Is “SIEM+” Or “Can We Have A Cyber Defense Platform?”

Contrary to what some “analytics” or “AI” vendors will have us believe, SIEM in 2018 is not the SIEM of our grandfathers. In 2002, when I was first initiated into the dark arts of SIEM, it was very different (it was called either SIM or SEM back in the B.C ... Read More

2012 Redux: What Is Application Security Monitoring?

Now, when you hear a phrase “application security monitoring”, what picture comes to mind? For me, nothing does… As I said in February 2012, “the industry has not yet figured out what application security monitoring (ASM) is.” Hey, guess what? We still haven’t! And half a decade has passed. This ... Read More

Hybrid SOC Scenarios

| | MSSP, security, SOC
One more important angle we are exploring in our SOC paper update is about so-called “hybrid SOCs.” In our SOC materials, this admittedly nebulous term refers to a SOC that uses a substantial (as I warned … “nebulous”) amount of external services and/or uses them for critical functions (so an ... Read More

Can You Do a SIEM-less SOC?

| | MSSP, security, SIEM, SOAR, SOC
Along the lines of this post where we discussed the concept of “SIEM alternatives”, let’s discuss this in the context of a modern SOC. Will I ever do or recommend a SIEM-less SOC? — As you can guess from the above, my answer is ‘it depends on what you mean ... Read More

Is Security Just Too Damn Hard? Is Product+Service The Future?

| | Monitoring, MSSP, security
OK, I got a catchy headline, now what? This is another philosophical post about the fate of our beloved domain of cyber. Specifically, we all remember Dan Geer’s classic quote “Internet security is quite possibly the most intellectually challenging profession on the planet” and most of us doing security read ... Read More

Highlights from Verizon DBIR 2018

| | security
Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not my favorites below: “Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential ... Read More