Season 1 · Episode 184
EP184 One Week SIEM Migration: Fact or Fiction?
Cloud Security Podcast by Google · Anton A Chuvakin
August 5, 202424m 45s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guest:
- Manan Doshi, Senior Security Engineer @ Etsy
Questions:
- In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them?
- Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go?
- Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures?
- How did you handle detection content during migration? Was AI involved?
- How did you test for this: "Which platform will best enable our engineering team to build what we need?"
- Tell us more about the Detection as Code pipeline you use?
- "Completed SIEM migration in a single week!" Is this for real?
Resources:
- Google Cloud Security Summit (August 20, 2024) and "Etsy and the art of SIEM Migration" presentation
- "Ancillary Justice" book
- StreamAlert
- SIEM migration blog (spicy version / vanilla version / long detailed version)
- Can We Have "Detection as Code"?
- Google SecOps
- EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?