From my Gartner Blog – The Deception Paper Update is Out!
Good thing about when Anton is away is I’m always able to jump and announce our new research ahead of him So, the update to our “Applying Deception Technologies and Techniques to Improve Threat Detection and Response” paper has finally been published. This is a minor update, but as with ... Read More
From my Gartner Blog – More on “AI for cybersecurity”
There is a very important point to understand about the vendors using ML for threat detection.Usually ML is used to identify known behavior, but with variable parameters. What does that mean? It means that many times we know what bad looks like, but not how exactly it looks like.For example, ... Read More
From my Gartner Blog – The new (old) SIEM papers are out!
As Anton already mentioned here and here, our update of the big SIEM paper was turned into two new papers:How to Architect and Deploy a SIEM SolutionSIEM is expected to remain a mainstay of security monitoring, but many organizations are challenged with deploying the technology. This guidance framework provides a ... Read More
From my Gartner Blog – Endpoint Has Won, Why Bother With NTA?
One of my favorite blog posts from Anton is the one about the “SOC nuclear triad”. As he describes, SOCs should use logs, endpoint and network data on their threat detection and response efforts. But we also know that organizations don’t have infinite resources and will often have to decide ... Read More
From my Gartner Blog – Gartner Security and Risk Management Summit Brazil – 2018
The Gartner Security Summit Brazil is fast approaching and I’m happy to be part of it again. This time it’s even more special, for many reasons.This is my first year as the chairman of the conference. It’s very rewarding to be work on the content that will be delivered, selecting ... Read More
From my Gartner Blog – Threat Simulation Open Source Projects
It’s crazy how many (free!) OSS projects are popping up for threat and attack simulation! We are working on research about Breach and Attack Simulation (BAS) tools, and we’ll certainly mention these projects, buy I thought it would be valuable to provide a list of links on the blog as ... Read More
From my Gartner Blog – Big data And AI Craziness Is Ruining Security Innovation
I don’t care if you use Hadoop or grep+Perl scripts. If you can demonstrate enough performance to do what you claim you can do, that’s what matters to me from a backend point of view. Now, can you show me that your tool does what it should do better than ... Read More
From my Gartner Blog – The Virtual Patch Analyst
Is there a need, or place for a “virtual patch analyst”?If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest our clients to consider is preparing for mitigation actions, when the immediate vulnerability remediation is not possible. We often see organizations ... Read More
From my Gartner Blog – It’s Not (Only) That The Basics Are Hard…
While working on our research for testing security practices, and also about BAS tools, I’ve noticed that a common question about adding more testing is “why not putting some real effort in doing the basics instead of yet another security test?”. After all, there is no point in looking for ... Read More
