Upcoming Webinar: Modern Network Threat Detection and Response
Here is my next Gartner webinar; this one is focused on network traffic use for detection and response. Title: Modern Network Threat Detection and Response Date: January 29, 2019 Time: EST: 11:00 a.m. | PDT: 8:00 a.m. | GMT: 16:00 Register: here Description: Join us for this complimentary security and ... Read More
All My Research Published in 2018
To make it easy for the readers to find my research, here is the list of everything I published in 2018 [most co-authored with Augusto Barros and recently also with illustrious Anna Belak]. Gartner GTP access is required for most of the papers below. As a reminder, GTP papers cannot ... Read More
Our 2018 Update for “Endpoint Detection and Response Architecture and Operations Practices” Publishes
Our main EDR document (“Endpoint Detection and Response Architecture and Operations Practices”) was just updated by Jon Amato, and it looks much better now. The abstract states “’Increasing complexity and frequency of attacks elevate the need for detection of attacks and incident response, all at enterprise scale. Technical professionals can ... Read More
Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?
This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for some time, perhaps for 2+ years. However, we deferred this debate and hid behind the fact that most organizations don’t ... Read More
On Operational Excellence
So I spent much of last week reading a book about Second World War called “The Second World Wars: How the First Global Conflict Was Fought and Won.“ You do not have to be a history buff to like it, since it is both intellectually interesting and fun to read, ... Read More
Is Encryption an NTA / NIDS / NFT Apocalypse?
Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called “N-BAD” [“a coincidence? I think not”] and was solely Layer-3/flow/netflow-based. Back then, it was considered either a niche ... Read More
Our “How to Operate and Evolve a SIEM Solution” Publishes
We just published the second part of our SIEM guidance, “How to Operate and Evolve a SIEM Solution.” Our readers may recognize some of the content from our world-famous “Security Information and Event Management Architecture and Operational Processes,” but for the second part more has changed, including the way we ... Read More
Let’s Go Fight IT for Logs? Agents? Taps?
This is a depressing post about security in the real world (what … another one?) In any case, we are having those enlightened debates about log analysis (via SIEM/UEBA), network security monitoring (via NTA or, if you’d like, NDR), endpoint detection (via EDR) and overall about SOC. Even threat hunting ... Read More
2019 Planning Guide for Security and Risk Management
Our team has released our annual security planning guide: “2019 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription) The abstract states: “Security teams find it difficult to keep up with change, especially ... Read More
NTA: The Big Step Theory
Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection and response) research one mystery has to be resolved. What motivates some organizations to actually deploy NTA (usually ... Read More
