EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
Échec de l'ajout au panier.
Veuillez réessayer plus tard
Échec de l'ajout à la liste d'envies.
Veuillez réessayer plus tard
Échec de la suppression de la liste d’envies.
Veuillez réessayer plus tard
Échec du suivi du balado
Ne plus suivre le balado a échoué
EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
-
Narrateur(s):
-
Auteur(s):
À propos de cet audio
Guest:
- Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng
Topics:
- Are we really coming to "access to security data" and away from "centralizing the data"?
- How to detect without the same storage for all logs?
- Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon?
- Tell us about the issues with log pipelines in the past?
- What about enrichment? Why do it in a pipeline, and not in a SIEM?
- We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer?
- Do you have a piece of advice for people who want to do more than save on their SIEM costs?
Resources:
- EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
- EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures
- EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
- Axoflow podcast and Anton on it
- "Decoupled SIEM: Where I Think We Are Now?" blog
- "Decoupled SIEM: Brilliant or Stupid?" blog
- "Output-driven SIEM — 13 years later" blog
Pas encore de commentaire