Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
תוכן מסופק על ידי Anton Chuvakin. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Anton Chuvakin או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect
MP3•בית הפרקים
Manage episode 494394114 series 2892548
תוכן מסופק על ידי Anton Chuvakin. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Anton Chuvakin או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Guest:
- Svetla Yankova, Founder and CEO, Citreno
Topics:
- Why do so many organizations still collect logs yet don’t detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?
- What are the hardest parts about getting the right context into a SOC analyst’s face when they’re triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above?
- What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they’re buying?
- Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015?
- Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do?
- Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?
- Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?
Resources:
- EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
- EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
- EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
- EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
- “RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check” blog
- Citreno, The Backstory
- “Parenting Teens With Love And Logic” book (as a management book)
- “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)
248 פרקים
MP3•בית הפרקים
Manage episode 494394114 series 2892548
תוכן מסופק על ידי Anton Chuvakin. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Anton Chuvakin או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Guest:
- Svetla Yankova, Founder and CEO, Citreno
Topics:
- Why do so many organizations still collect logs yet don’t detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?
- What are the hardest parts about getting the right context into a SOC analyst’s face when they’re triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above?
- What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they’re buying?
- Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015?
- Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do?
- Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?
- Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?
Resources:
- EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
- EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
- EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
- EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
- “RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check” blog
- Citreno, The Backstory
- “Parenting Teens With Love And Logic” book (as a management book)
- “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)
248 פרקים
All episodes
×ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.