EP44 Evolving a SIEM for the Future While Learning from the Past

Guest:

• Mike Orosz, a Chief Information and Product Security Officer @ Vertiv

Topics:

• What are your views on modern SIEM?  What should it do and what should it be?

• Should it even be called SIEM? 

• Is SaaS/cloud-native SIEM the only way to go?

• Can anybody build a SIEM in the cloud by installing the regular SIEM on IaaS?

• What are the top challenges for organizations deploying and operationalizing SIEM today?

• What are some hidden or commonly forgotten costs for a SIEM deployment?

• Is open source the answer to SIEM?

• SIEM today should deliver on detection, hunting and investigation use cases, so what does it mean in terms of practical data retention?

Resources:

• "On “Output-driven” SIEM"
• "Fake Cloud: Now There Are Two Hands in Your Pocket"