Season 1 · Episode 250
EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?
Cloud Security Podcast by Google · Anton A Chuvakin
November 3, 202529m 21s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Guest:
- Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng
Topics:
- Are we really coming to "access to security data" and away from "centralizing the data"?
- How to detect without the same storage for all logs?
- Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon?
- Tell us about the issues with log pipelines in the past?
- What about enrichment? Why do it in a pipeline, and not in a SIEM?
- We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer?
- Do you have a piece of advice for people who want to do more than save on their SIEM costs?
Resources:
- EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
- EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures
- EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
- Axoflow podcast and Anton on it
- "Decoupled SIEM: Where I Think We Are Now?" blog
- "Decoupled SIEM: Brilliant or Stupid?" blog
- "Output-driven SIEM — 13 years later" blog