EP184 One Week SIEM Migration: Fact or Fiction?

Guest: Manan Doshi, Senior Security Engineer  @ Etsy  Questions:  In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them? Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go?  Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures? How did you handle detection content during migration? Was AI involved? How did you test for this: “Which platform will best enable our engineering team to build what we need?” Tell us more about the Detection as Code pipeline you use? “Completed SIEM migration in a single week!” Is this for real?  Resources: Google Cloud Security Summit (August 20, 2024) and “Etsy and the art of SIEM Migration” presentation “Ancillary Justice” book StreamAlert SIEM migration blog (spicy version / vanilla version / long detailed version) Can We Have “Detection as Code”? Google SecOps EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?  

Om Podcasten

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.