#72 - Logging In with SIEMs (with Anton Chuvakin) - podcast episode cover

#72 - Logging In with SIEMs (with Anton Chuvakin)

CISO Tradecraft®
Apr 04, 202248 minEp. 72
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

On this episode of CISO Tradecraft, Anton Chuvakin talks about Logging, Security Information & Event Management (SIEM) tooling, and Cloud Security.  Anton share’s fantastic points of view on:

  • How moving to the cloud is like moving to a space station (13:44)
  • How you may be one IAM mistake away from a breach (20:05)
  • How a SIEM is a logging based approach, whereas EDRs require agents at endpoints.  This becomes really interesting when cloud solutions don’t have an endpoint to install an agent (26:53)
  • Why you don’t want an on premises SIEM (32:35)
  • The 3 AM Test - Should you wake someone up for this alert at 3 AM (39:24)
For the best experience, listen in Metacast app for iOS or Android