EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

Update: 2024-11-04

Description

Guest:

Travis Lanham, Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud

Topics:

There’s been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs. Can you explain what these disassembled SIEMs are all about?
What are the expected upsides of detaching your SIEM interface and security capabilities from your data backend?
Tell us about the early days of SecOps (nee Chronicle) and why we didn’t go with this approach?
What are the upsides of a tightly coupled datastore + security experience for a SIEM?
Are there more risks or negatives of the decoupled/decentralized approach? Complexity and the need to assemble “at home” are on the list, right?
One of the 50 things Google knew to be true back in the day was that product innovation comes from technical innovation, what’s the technical innovation driving decoupled SIEMs?
So what about those security data lakes? Any insights?

Resources:

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons

2024-11-1127:22

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

2024-11-0429:34

EP196 AI+TI: What Happens When Two Intelligences Meet?

2024-10-2828:08

EP195 Containers vs. VMs: The Security Showdown!

2024-10-2141:16

EP194 Deep Dive into ADR - Application Detection and Response

2024-10-1430:55

EP193 Inherited a Cloud? Now What? How Do I Secure It?

2024-10-0730:41

EP192 Confidential + AI: Can AI Keep a Secret?

2024-09-3033:04

EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!

2024-09-2323:36

EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures

2024-09-1630:00

EP189 How Google Does Security Programs at Scale: CISO Insights

2024-09-0930:23

EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security

2024-09-0229:28

EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution

2024-08-2629:41

EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim

2024-08-1927:18

EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You

2024-08-1224:27

EP184 One Week SIEM Migration: Fact or Fiction?

2024-08-0524:45

EP183 Cloud Security Journeys: Improve, Evolve, Transform with Cloud Customers

2024-07-2930:15

EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy?

2024-07-2228:20

EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams

2024-07-1530:32

EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center

2024-07-0828:09

EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response

2024-07-0123:28

00:00

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

#box-pro-ellipsis-173144088034826{-webkit-line-clamp:2;}EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

Anton A Chuvakin

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective