Guest:

• Josh Liburdi, Staff Security Engineer, Brex

Topics:

• What is this “security data fabric”? Can you explain the technology? Is there a market for this? Is this same as security data pipelines?
• Why is this really needed? Won’t your SIEM vendor do it?
• Who should adopt it? Or, as Tim says, what gets better once you deploy it?
• Is reducing cost a big part of the security data fabric story?
• Does the data quality improve with the use of security data fabric tooling?
• For organizations considering a security data fabric solution, what key factors should they prioritize in their evaluation and selection process?
• What is the connection between this and federated security data search?
• What is the likely future for this technology?

Resources:

• BSidesSF 2024 - Reinventing ETL for Detection and Response Teams (Josh Liburdi)
• “How to Build Your Own Security Data Pipeline (and why you shouldn’t!)” blog
• “Decoupled SIEM: Brilliant or Stupid?” blog
• “Security Correlation Then and Now: A Sad Truth About SIEM” blog (my #1 popular post BTW)
• “Log Centralization: The End Is Nigh?” blog
• “20 Years of SIEM: Celebrating My Dubious Anniversary” blog
• “Navigating the data current: Exploring Cribl.Cloud analytics and customer insights” report
• OCSF