EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
Update: 2025-11-03
Description
Guest:
- Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng
Topics:
- Are we really coming to "access to security data" and away from "centralizing the data"?
- How to detect without the same storage for all logs?
- Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon?
- Tell us about the issues with log pipelines in the past?
- What about enrichment? Why do it in a pipeline, and not in a SIEM?
- We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer?
- Do you have a piece of advice for people who want to do more than save on their SIEM costs?
Resources:
- EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
- EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures
- EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
- Axoflow podcast and Anton on it
- "Decoupled SIEM: Where I Think We Are Now?" blog
- "Decoupled SIEM: Brilliant or Stupid?" blog
- "Output-driven SIEM — 13 years later" blog
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
