#72 - Logging In with SIEMs (with Anton Chuvakin)
CISO Tradecraft®
English - April 04, 2022 11:49 - 48 minutes - 66.6 MB - ★★★★★ - 46 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: #71 - Lessons Learned as a CISO (with Gary Hayslip)
Next Episode: #73 - Wonderful Winn Schwartau
On this episode of CISO Tradecraft, Anton Chuvakin talks about Logging, Security Information & Event Management (SIEM) tooling, and Cloud Security. Anton share’s fantastic points of view on:
How moving to the cloud is like moving to a space station (13:44)
How you may be one IAM mistake away from a breach (20:05)
How a SIEM is a logging based approach, whereas EDRs require agents at endpoints. This becomes really interesting when cloud solutions don’t have an endpoint to install an agent (26:53)
Why you don’t want an on premises SIEM (32:35)
The 3 AM Test - Should you wake someone up for this alert at 3 AM (39:24)