EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
Failed to add items
Sorry, we are unable to add the item because your shopping cart is already at capacity.
Add to basket failed.
Please try again later
Add to Wish List failed.
Please try again later
Remove from Wish List failed.
Please try again later
Follow podcast failed
Unfollow podcast failed
EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
-
Narrated by:
-
By:
About this listen
Guest:
- Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng
Topics:
- Are we really coming to "access to security data" and away from "centralizing the data"?
- How to detect without the same storage for all logs?
- Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon?
- Tell us about the issues with log pipelines in the past?
- What about enrichment? Why do it in a pipeline, and not in a SIEM?
- We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer?
- Do you have a piece of advice for people who want to do more than save on their SIEM costs?
Resources:
- EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
- EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures
- EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
- Axoflow podcast and Anton on it
- "Decoupled SIEM: Where I Think We Are Now?" blog
- "Decoupled SIEM: Brilliant or Stupid?" blog
- "Output-driven SIEM — 13 years later" blog
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.