Podcasts about Siems

Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with ClickHouse as its backend, focusing on both parsed and raw logs. What's the core advantage of this approach, and how does it address the limitations of traditional SIEMs in handling scale?  Cribl, Bindplane and “security pipeline vendors” are all the rage. Won't it be logical to just include this into a modern SIEM? You're envisioning a 'Pipeline QL' that compiles to SQL, enabling 'detection in SQL.' This sounds like a significant shift, and perhaps not to the better? (Anton is horrified, for once) How does this approach affect detection engineering? With Sigma HQ support out-of-the-box, and the ability to convert SPL to Sigma, you're clearly aiming for interoperability. How crucial is this approach in your vision, and how do you see it benefiting the security community? What is SIEM in 2025 and beyond?  What's the endgame for security telemetry data? Is this truly SIEM 3.0, 4.0 or whatever-oh? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog tl;dr security newsletter Introducing a RunReveal Model Context Protocol Server! MCP: Building Your SecOps AI Ecosystem AI Runbooks for Google SecOps: Security Operations with Model Context Protocol  

Lerche, Sabine

Lerche, Sabine

Guest:  Travis Lanham, Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There's been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs. Can you explain what these disassembled SIEMs are all about? What are the expected upsides of detaching your SIEM interface and security capabilities from your data backend? Tell us about the early days of SecOps (nee Chronicle) and why we didn't go with this approach? What are the upsides of a tightly coupled datastore + security experience for a SIEM? Are there more risks or negatives of the decoupled/decentralized approach?  Complexity and the need to assemble “at home” are on the list, right? One of the 50 things Google knew to be true back in the day was that product innovation comes from technical innovation, what's the technical innovation driving decoupled SIEMs? So what about those security data lakes? Any insights? Resources: EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP184 One Week SIEM Migration: Fact or Fiction? Hacking Google video series Decoupled SIEM: Brilliant or …. Not :-) UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion So, Why Did I Join Chronicle Security? (2019)

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities. Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path. My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence? Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card. https://www.mycyberpath.com/ https://www.mycyberpath.com/auth/register In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-377

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities. Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path. My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence? Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card. https://www.mycyberpath.com/ https://www.mycyberpath.com/auth/register In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-377

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! Show Notes: https://securityweekly.com/esw-377

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss: market changes and terminology: security analytics, data lakes, SIEM what is SOAR's role in the current SIEM market? machine learning and generative AI's role strategies for implementing a SIEM common mistakes that still lead to SIEMs becoming shelfware and much more! Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned! This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! Show Notes: https://securityweekly.com/esw-377

https://lavercup.com/ 2025 geht es nach San Francisco! Werden die 4 Tennislover die Reise antreten? Was war gut und was war schlecht in der UBER Arena beim Laver Cup? Wo hat VC Enqvist übernachtet? Hat Roger sich nach seiner Karriere bei ausreichend Firmen beteiligt? Wer war auf dem Cube der Arena zu sehen? Wir wissen es auch nicht.

Europa gewinnt Laver Cup 2024 https://lavercup.com/ 2025 geht es nach San Francisco! Werden die 4 Tennislover die Reise antreten? Was war gut und was war schlecht in der UBER Arena beim Laver Cup? Wo hat VC Enqvist übernachtet? Hat Roger sich nach seiner Karriere bei ausreichend Firmen beteiligt? Wer war auf dem Cube der Arena zu sehen? Wir wissen es auch nicht. Du möchtest deinen Podcast auch kostenlos hosten und damit Geld verdienen? Dann schaue auf www.kostenlos-hosten.de und informiere dich. Dort erhältst du alle Informationen zu unseren kostenlosen Podcast-Hosting-Angeboten. kostenlos-hosten.de ist ein Produkt der Podcastbude.Gern unterstützen wir dich bei deiner Podcast-Produktion.

Europa gewinnt Laver Cup 2024 https://lavercup.com/ 2025 geht es nach San Francisco! Werden die 4 Tennislover die Reise antreten? Was war gut und was war schlecht in der UBER Arena beim Laver Cup? Wo hat VC Enqvist übernachtet? Hat Roger sich nach seiner Karriere bei ausreichend Firmen beteiligt? Wer war auf dem Cube der Arena zu sehen? Wir wissen es auch nicht. Du möchtest deinen Podcast auch kostenlos hosten und damit Geld verdienen? Dann schaue auf www.kostenlos-hosten.de und informiere dich. Dort erhältst du alle Informationen zu unseren kostenlosen Podcast-Hosting-Angeboten. kostenlos-hosten.de ist ein Produkt der Podcastbude.Gern unterstützen wir dich bei deiner Podcast-Produktion.

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374

I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: Threat Locker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-374

I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: Threat Locker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-374

Jen has a fascination with perfume and specifically the history of perfume and is the perfumer behind Immortal Perfumes, a micro-perfumery specializing in historically inspired scents. Her creations have been featured in New York Magazine, The Los Angeles Times, and Seattle Met among others.Jen researches and writes about historical figures and their fragrances for her popular TikTok channel. She also writes fiction and has been published in several anthologies.Nelson and Alexandra had a wonderful and insightful conversation with Jen about the Perfumer Adolf Saalfeld, a German-born Jew, who boarded the Titanic with plans to sell his fragrances in New York City. In his rush to leave the ship as it sank, he left samples of his scents behind. In 2001, salvage experts recovered 62 perfume vials from the case, some of which still contained the original scent.Jen's shop IMMORTAL PERFUMES in Seattle ~1752 NW Market Street #4176, Seattle, WA 98107, United StatesWebsite is ~ www.immortalperfumes.comInsta and TikTok @immortalperfumesSeason One of Titanic Talk now available on Patreonbit.ly/TitanicTalkPatreonGo to www.shipofdreamsfilm.com and subscribe to our newsletter and for links and details of 2024 screenings in UK, Australia and New Zealand.TITANIC TALK Official Merchandise now on sale HERET-shirts, hoodies, baseball caps and mugs - the perfect gift for your favourite TitaniacFor more information on where to watchSHIP OF DREAMS: TITANIC MOVIE DIARIES go toshipofdreamsfilm.comShip of Dreams on FacebookShip of Dreams on TikTokWatch TITANIC TALK on YouTube go to ~TITANIC TALK YouTubeInstagram @titanic_talk_podcastFacebookFollow NelsonInstagram @nelsonaspenTwitter @nelsonaspenFollow Alexandra Instagram ...

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. This week, in the enterprise security news, over half a billion in funding, as everyone gets their pre-Blackhat announcements out! Mimecast picks up Code42 Will Cato Networks IPO? Canarytokens update We still have some crowdstrike fallout to discuss CISO responses to SEC rules Making things secure without security tools tips for going SOCLess denial of service robots All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-370

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations. We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry. This week, in the enterprise security news, over half a billion in funding, as everyone gets their pre-Blackhat announcements out! Mimecast picks up Code42 Will Cato Networks IPO? Canarytokens update We still have some crowdstrike fallout to discuss CISO responses to SEC rules Making things secure without security tools tips for going SOCLess denial of service robots All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-370

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". Show Notes: https://securityweekly.com/esw-370

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access? Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work. We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger". Show Notes: https://securityweekly.com/esw-370

In the world of business cybersecurity, the powerful technology known as “Security Information and Event Management” is sometimes thwarted by the most unexpected actors—the very people setting it up.Security Information and Event Management—or SIEM—is a term used to describe data-collecting products that businesses rely on to make sense of everything going on inside their network, in the hopes of catching and stopping cyberattacks. SIEM systems can log events and information across an entire organization and its networks. When properly set up, SIEMs can collect activity data from work-issued devices, vital servers, and even the software that an organization rolls out to its workforce. The purpose of all this collection is to catch what might easily be missed.For instance, SIEMs can collect information about repeated login attempts occurring at 2:00 am from a set of login credentials that belong to an employee who doesn't typically start their day until 8:00 am. SIEMs can also collect whether the login credentials of an employee with typically low access privileges are being used to attempt to log into security systems far beyond their job scope. SIEMs must also take in the data from an Endpoint Detection and Response (EDR) tool, and they can hoover up nearly anything that a security team wants—from printer logs, to firewall logs, to individual uses of PowerShell.But just because a SIEM can collect something, doesn't necessarily mean that it should.Log activity for an organization of 1,000 employees is tremendous, and the collection of frequent activity could bog down a SIEM with noise, slow down a security team with useless data, and rack up serious expenses for a company.Today, on the Lock and Code podcast with host David Ruiz, we speak with Microsoft cloud solution architect Jess Dodson about how companies and organizations can set up, manage, and maintain their SIEMs, along with what advertising pitfalls to avoid when doing their shopping. Plus, Dodson warns about one of the simplest mistakes in trying to save budget—setting up arbitrary data caps on collection that could leave an organization blind.“A small SMB organization … were trying to save costs, so they went and looked at what they were collecting and they found their biggest ingestion point,” Dodson said. “And what their biggest ingestion point was was their Windows security events, and then they looked further and looked for the event IDs that were costing them the most, and so they got rid of those.”Dodson continued:“Problem was the ones they got rid of were their Log On/Log Off events, which I think most people would agree is kind of important from a security perspective.”Tune in today to listen to the full conversation.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.Show notes and credits:Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: “Good...

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What's broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI Devo replaces traditional SIEMs with a real-time security data platform. Devo's integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time. Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark. NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn't blue team training should be free or less expensive as well? Is this the firewall that's preventing us from having all those cyber experts we so desperately need? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How do we convince the C-suite? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts? We know we want to take action based on our data, so how do we get there? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

Guests:Mick Douglas, Founder and Managing Partner at InfoSec Innovations [@ISInnovations]On LinkedIn | https://linkedin.com/in/mick-douglasOn Twitter | https://twitter.com/bettersafetynetDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruz____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining Cybersecurity podcast, Sean Martin is joined by Mick Douglas and Dinis Cruz to delve into a debatable topic: The role and effectiveness of Language Model (LLM) AI in Security Incident and Event Management (SIEM) systems.Mick, with a rich history in cybersecurity, contends that while AI has its place, he doesn't believe it belongs in the SIEM itself. In contrast, Dinis cites the potential of AI to make SIEMs more productive by cleaning up data, reducing noise, and improving signal value. They discuss the issues of handling vast data sets, the potential for AI to help identify and manage anomalies, and how to create learning environments within SIEM. However, concerns were also raised regarding false positives, trust issues with AI and the significant computational costs to implement and maintain these AI systems.Key Questions Explored:Does AI belong in SIEM systems?What potential does AI bring to SIEM?What are the potential issues with implementing and maintaining AI in SIEM?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guests:Mick Douglas, Founder and Managing Partner at InfoSec Innovations [@ISInnovations]On LinkedIn | https://linkedin.com/in/mick-douglasOn Twitter | https://twitter.com/bettersafetynetDinis Cruz, Chief Scientist at Glasswall [@GlasswallCDR] and CISO at Holland & Barrett [@Holland_Barrett]On LinkedIn | https://www.linkedin.com/in/diniscruz/On Twitter | https://twitter.com/DinisCruz____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining Cybersecurity podcast, Sean Martin is joined by Mick Douglas and Dinis Cruz to delve into a debatable topic: The role and effectiveness of Language Model (LLM) AI in Security Incident and Event Management (SIEM) systems.Mick, with a rich history in cybersecurity, contends that while AI has its place, he doesn't believe it belongs in the SIEM itself. In contrast, Dinis cites the potential of AI to make SIEMs more productive by cleaning up data, reducing noise, and improving signal value. They discuss the issues of handling vast data sets, the potential for AI to help identify and manage anomalies, and how to create learning environments within SIEM. However, concerns were also raised regarding false positives, trust issues with AI and the significant computational costs to implement and maintain these AI systems.Key Questions Explored:Does AI belong in SIEM systems?What potential does AI bring to SIEM?What are the potential issues with implementing and maintaining AI in SIEM?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

On this week's episode of the Detection at Scale podcast, Jack talks with Dr. Anton Chuvakin, Senior Security Staff at the Office of the CISO at Google Cloud. They dig deeper into the conversation taking place online around decoupled SIEMs, which both Jack and Anton wrote about. They discuss what a decoupled SIEM is, the evolution of data platforms and security capabilities, if decoupled SIEMs will work broadly with current customer demands, and if having backend data lakes is the best solution for fast, real-time querying. Topics discussed: What is a decoupled SIEM, and why the broader discussion around whether security data lakes will replace SIEMs prompted Anton's Medium post. How this conversation is being driven by the fact that we're coming to the "end of the runway" on previous storage choices. The arguments around why decoupling may not work broadly, simply because customers want integrated SIEMs. The evolution of data storage platforms and how successful past attempts at integrating security capabilities were. Why there's not a straightforward solution to storage — and why it's a challenge that's taking years to solve. Why having a data lake on the backend is the best solution to fast querying and real-time detection. A discussion around OCSF and the benefits of log normalization.  Resources Mention:  “Decoupled SIEM: Brilliant or Stupid?” by Anton Chuvakin “The Transition from Monolithic SIEMs to Data Lakes for Security Monitoring” by Jack Naglieri

This week we talk about the Siems family getting ready for Thanksgiving. The family believe they caught the flu as they are getting ill one by one, but once they make it to the hospital they are surprised at the diagnosis. We also talk about the failure and success of the Apollo 13. Three astronauts have a mission to get to the moon, but their oxygen gets compromised. Listen to how they survived now! Drink of the Week: Fall Blush

Guest: Allie Mellen, Senior Analyst at Forrester [@forrester]On Linkedin | https://www.linkedin.com/in/hackerxbella/On Twitter | https://twitter.com/hackerxbella____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn the fast-paced world of cybersecurity, market dynamics constantly evolve, driven by technological advancements, strategic partnerships, and acquisitions. One recent development that has captured the industry's attention is Cisco's intended acquisition of Splunk. This move promises to reshape the cybersecurity landscape and prompts us to explore the implications it holds for market competitiveness and security program effectiveness. In this conversation, Sean Martin and Allie Mellen take a journey into the intricacies of this acquisition, examining its impact on the dynamics of the cybersecurity space overall.Sean and Allie discuss some of the key drivers behind the acquisition, touching on the challenges Splunk has faced and the industry's need for more innovation in security operations. They dive into the challenges faced by security teams, particularly regarding SIEM cost management and a lack of innovation. They also touch on the importance of talent management, training beyond the tools, and improving the analyst experience to drive transformation efforts.The conversation expands to consider the broader market impact of the acquisition. They discuss the opportunities for other security analytics and SIEM vendors to position themselves as alternatives to Splunk. The emergence of the XDR market expanding deeper into the security response space is also explored, focusing on its potential to provide bundled offerings that replace some of the traditional SIEMs on the market.Sean and Allie also discuss the potential vision for SIEM and whether the shift towards XDR and endpoint-focused solutions limits the potential for a broader security operations scope. While XDR vendors aim to expand beyond endpoints, the discussion acknowledges the need for more comprehensive solutions like Splunk that remain ready to handle events and incidents that occur beyond the endpoint.They also have a discussion on potential future trends, such as federated search and access of data, and the interest in building a more comprehensive, sustainable IT operations platform.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Allie Mellen, Senior Analyst at Forrester [@forrester]On Linkedin | https://www.linkedin.com/in/hackerxbella/On Twitter | https://twitter.com/hackerxbella____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn the fast-paced world of cybersecurity, market dynamics constantly evolve, driven by technological advancements, strategic partnerships, and acquisitions. One recent development that has captured the industry's attention is Cisco's intended acquisition of Splunk. This move promises to reshape the cybersecurity landscape and prompts us to explore the implications it holds for market competitiveness and security program effectiveness. In this conversation, Sean Martin and Allie Mellen take a journey into the intricacies of this acquisition, examining its impact on the dynamics of the cybersecurity space overall.Sean and Allie discuss some of the key drivers behind the acquisition, touching on the challenges Splunk has faced and the industry's need for more innovation in security operations. They dive into the challenges faced by security teams, particularly regarding SIEM cost management and a lack of innovation. They also touch on the importance of talent management, training beyond the tools, and improving the analyst experience to drive transformation efforts.The conversation expands to consider the broader market impact of the acquisition. They discuss the opportunities for other security analytics and SIEM vendors to position themselves as alternatives to Splunk. The emergence of the XDR market expanding deeper into the security response space is also explored, focusing on its potential to provide bundled offerings that replace some of the traditional SIEMs on the market.Sean and Allie also discuss the potential vision for SIEM and whether the shift towards XDR and endpoint-focused solutions limits the potential for a broader security operations scope. While XDR vendors aim to expand beyond endpoints, the discussion acknowledges the need for more comprehensive solutions like Splunk that remain ready to handle events and incidents that occur beyond the endpoint.They also have a discussion on potential future trends, such as federated search and access of data, and the interest in building a more comprehensive, sustainable IT operations platform.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

We delve deep into the heart of the opioid crisis, focusing on the devastating impact of fentanyl. Our special guest, Melanie Yates, LMSW, a May 2023 graduate from the University of Maryland School of Social Work, shares her personal journey of loss and her relentless pursuit to make a difference. Melanie's efforts led to the passing of the Josh Siems Act, a groundbreaking legislation that mandates Maryland hospitals to test for fentanyl. October is National Substance Abuse Prevention Month, so please join us as we discuss the importance of substance abuse awareness, the challenges of navigating the political system, and the hope for a safer future. Warning: This episode discusses topics of addiction, overdose, and family loss.Listen to The UMB Pulse on Apple, Spotify, Amazon Music, and wherever you like to listen. The UMB Pulse is also now on YouTube.Visit our website at umaryland.edu/pulse or email us at umbpulse@umaryland.edu.

In today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords to give you a no-nonsense look at how these tools fit together, complement each other, or might even replace one another in specific use-cases. Selecting the right tool can be overwhelming, and we're here to guide you through the when, where, and how of leveraging these technologies effectively. Whether you're encountering overlapping features or unique challenges, we'll help you make a savvy, informed choice for your workloads. Tune in for a practical guide to navigating the complex landscape of cybersecurity tools.

This episode of the ADCG Privacy and Cybersecurity Podcast features Ken Westin, Field CISO for Panther Labs. Ken has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. We discuss how the lack of good application and data inventories impact incident response. When data is spread across data centers, clouds, and SaaS providers, it becomes difficult to track and trace an incident and understand its impact, but it becomes especially hard if the data involves confidential or proprietary business data that is not tracked by privacy officers or if it includes sensitive data that may involve regulators. The recent MOVEit breach, which involved software used to transfer sensitive data between servers, systems, and applications, provided rich lessons in the need for data asset inventories and SIEMs that can correlate data across providers and platforms.

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices   As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!     With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!   Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.  This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!   The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them!   Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them!     Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution.     This segment is sponsored by Critical Start.  Visit https://securityweekly.com/criticalstartbh to learn more about them!     Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly   Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw-328

In the Enterprise Security News, 1. Check Point buys Perimeter 81 to augment its cybersecurity 2. 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs 3. Hackers Rig Casino Card-Shuffling Machines for ‘Full Control' Cheating 4. ‘DoubleDrive' attack turns Microsoft OneDrive into ransomware 5. NYC bans TikTok on city-owned devices As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. She will discuss key findings from the “2023 AT&T Cybersecurity Insights™ Report: Focus on Healthcare” and provide insight into how to prepare for securing the healthcare edge ecosystem. With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. Security Weekly talks with Semperis CEO Mickey Bresman about the keys to a smooth and secure AD modernization strategy. Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir, purpose-built for security data use cases. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges.   The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform “shrinks the haystacks” so that organizations can better focus on delivering key business outcomes. Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! This segment is sponsored by Critical Start.  Visit https://securityweekly.com/criticalstartbh to learn more about them! This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  Show Notes: https://securityweekly.com/esw-328

As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!   With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!   Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328 

As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them!   With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them!   Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328 

InfoSec might have a hoarding problem, but it's easy to understand why. It's almost impossible to know what logs you're doing to need, when you're going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren't aware of this. In this interview with Eric Capuano, we'll discuss both the practical and economic shortcomings of the traditional SIEM model. We'll discuss the challenges of various SIEM use cases. Most importantly, we'll discuss the new models actively replacing them. (No, they're not branded as next-gen SIEMs)   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-323 

On this week's episode of the Detection at Scale podcast, Jack talks with Anton Chuvakin, Security Advisor at the Office of the CISO at Google Cloud, and Timothy Peacock, Senior Product Manager at Google. Together, they discuss some of the needs and trends in cybersecurity today, including how to know what level of D&R your organization needs, the use cases for AI today, and how LLMs and SIEMs will handle data at scale. They also talk about the need for more creative solutions to misconfiguration management, three things security practitioners can do to improve cloud security, and why cybersecurity is the "most intellectually stimulating profession on the planet." Topics discussed: What attracted Anton and Timothy to cybersecurity, what makes them stay, and why the intersection of humans and technology make it the “most intellectually stimulating profession on the planet.” How organizations can evaluate the level of security they need, why it's crucial to know whether you need to go from zero to one, or five, or a hundred, and how organizations with no detection and response strategies can get started. What use cases there will be for AI in cybersecurity, and while it may be good at summarizing, explaining complexity, and classifying, it may not be ready to create usable code. Why security practitioners need to think more about whether SIEMs can support planetary scale, and whether decentralization is the solution.  The role LLMs will play in helping to manage large data sets, and how it may change the way organizations use MDRs. Why the industry needs new, creative ways to solve the ongoing problem of cloud misconfigurations in order to break vicious cycles through shared faith.  Three pieces of advice to improve cloud security, including knowing your security needs, practicing, and making friends so you know you're note alone.

This episode features a discussion on the Suncor cyber attack, the costs of the Indigo ransomware attack and the value of SIEMs

Here with us is Alison Siems representative of the Bob Marshal Wilderness Foundation.  Original Airdate January 20th 2023

After 2 decades of trying to make SIEMs work, security data lakes are a hot topic as they present an increasingly attractive alternative. The only hotter topic is ChatGPT and the game changing potential of AI. So in episode 52 of Security Voices, we mash the two together as Dave, Pathik Patel (Informatica), and Omer Singer (Snowflake) explore the many angles of security data lakes with an AI-assist from ChatGPT.From a functional definition to dishing on whether security data lakes signal the death of the SIEM, ChatGPT weighs in impressively early in the episode. Its later performance is much more suspect, seemingly gassing out under the pressure of harder (more poorly formed?) questions and likely a knee-buckling workload from millions of others testing the service simultaneously. The humans go on to discuss the real-time expectations for SIEMs vs. the “single source of truth” nature of security data lakes which lead to an exploration of product “suites” vs. specialized services and promise of the data lake to potentially unify them all.The week prior to the recording was the announcement of both the Open Cybersecurity Schema Framework (OCSF) standard alongside AWS' new Security Data Lake offering built on top of S3. We discuss the implications of AWS entering the space and what it means for already entrenched companies like Snowflake and Splunk. Pathik explains the significance of OCSF for security leaders and his projection of how important it will be for alleviating vendor lock-in and ultimately boosting our ability to provide strong security analytics.The practical realities of building and running a security data lake are clearly described from Pathik's experience at Informatica focusing on harmonizing and reporting on vulnerability data. He makes plain the amount of work involved– and the clear benefits of piggybacking off the company's existing data lake.The episode wraps with ChatGPT refusing to say anything further while Omer and Pathik take turns doing some end of year crystal ball gazing.

In this episode of The New CISO, Steve is joined by Tyler Farrar, the CISO at Exabeam. With malware-free attacks becoming increasingly common, Tyler understands the best ways to bridge the effectiveness gap. With this in mind, he shares his SOC philosophy and the importance of threat detection. Listen to the episode to learn more about the act of prevention, the pillars of a SIEM product, and why attackers gravitate toward credential techniques. Listen to Steve and Tyler discuss the steps to success in an age of constantly increasing data : Meet Tyler (2:06) Host Steve Moore introduces our guest today, his colleague, Tyler Farrar. Before working at Exabeam, Tyler was a customer. With his impressive background in the security field, Tyler explains Exabeam's perspective on "defender behavior" and balancing incident response and crisis management with prevention. The Focus On Prevention (5:50) Steve presses Tyler on how you should balance your methods to increase prevention. Tyler lists different preventative tools, such as firewalls, and stresses the importance of detecting suspicious activity early on. Tyler gives his take on how response becomes prevention in crisis management. Preventative tools can fail, so being able to detect suspicious behaviors is critical. Addressing The Gap (10:36) Addressing the gap in analytics, Tyler recognizes that there is a difference between what the security team needs and what the SIEM product delivers.  Every company faces an immense volume of data, an inefficient manual cyber process, and software that can fail to detect the attacker's behaviors. Tyler lists the solutions that can counteract these problems, including behavioral analytics. The Rise Of Malware-Free Attacks (14:32) Steve points out how 71% of cyber-attacks are credentialed and malware-free. Tyler explains that attackers use the compromised credentials approach because it is easy. CISOs can miss the mark because legacy software can be ineffective at detecting threats. New-Scale SIEM (20:43) According to Tyler, new-scale SIEMs would be able to securely ingest data from anywhere, parse through that information quickly, and then store that information and make it searchable. Tyler also explores his philosophy on how to design a SOC. One example of a productive SOC is conducting risk assessments throughout the organization to identify gaps and then acting on those results. Life Of The Analyst (28:52) Steve presses Tyler on how the experience of the investigation factors into meaningful work for the analyst.  Tyler stresses the importance of SOC leadership to make the team effective. A stressed SOC can lead to the loss of talented workers and affect the company's security. New Software Ahead  (33:16) Tyler discusses the products he is looking forward to on the horizon. Every CISO's goal is to keep their company safe. Being able to show all the threats and vulnerabilities in place would be hugely valuable, which is why Tyler is interested in Systems Navigator. SOC Philosophy (49:55) Tyler's top SOC philosophy is to be aligned with your adversaries and learn how they think in addition to your defenders. Understanding both perspectives can create a culture of empowerment and protect the organization from threats. Links mentioned: https://www.linkedin.com/in/tyler-j-farrar/ (LinkedIn)

Jack Naglieri is the CEO and Founder of. Panther Labs. Before starting Panther, Jack was a security engineer at Yahoo and Airbnb, where he learned first-hand how inefficient legacy SIEM platforms are at high-scale detection and response. He built Airbnb's open-source platform called StreamAlert to solve this problem before leaving to start Panther. In this episode Jack explains the issues of legacy SIEMs, the benefits of serverless architecture, and talks about leading Panther and the evolution of Panther's platform. https://panther.com/

As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines and years of practical experience in building agile security and compliance teams, and modern day Security Operation Centers. In this episode of Secure Talk, George talks about the importance of physical security, strategies for securing hybrid IT operations, trends with DevSecOps, best practices for identifying security talent, how security certifications can be used as a sales asset, SIEMs, logs, and more. www.sumologic.com

In this episode we speak to Marcus about how he uses his passion for data analysis to study watch trends in the watch industry. 

All links and images for this episode can be found on CISO Series Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Should certifications be a requirement on your job listings? Are the SIEMs failing or do the users not know how to configure them? Or is it both? Why do security professionals treat the term "zero trust" so negatively? How should vendors approach zero trust and how should the C-suite understand it?

Snake Oilers isn't our regular weekly podcast, it's a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We'll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company's cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool Google Cloud's Anton Chuvakin talks about cloud-based SIEMs like Chronicle Show notes AI Cybersecurity - Threat Detection & Response Platform | Vectra AI SecureStack - SecureStack Chronicle Security - Google's Cloud-Native SIEM Platform

Avination, what is going on and welcome back to episode 213 of the Pilot to Pilot podcast. Todays episode is with my wife DOCTOR Christina Siems! If you enjoy this podcast make sure to let us know and make sure you leave a review and check out Pilot's Coffee!