Dr. Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?”
Learn what Dr. Anton Chuvakin, Head of Security Solution Strategy at Google Cloud and former Gartner Research VP, has to say about questions like:
- When do you think the industry will understand what XDR entails?
- How do you define ‘XDR’ and what role does SIEM play here?
- Should a SIEM or EDR solution be managed by a third party?
- Does it pay to integrate known vulnerabilities into SIEM cases and rules?
- What role do you see SIEM playing in Zero Trust?
- How are folks making decisions on what data to centralize into their SIEM?
- What about running multiple different SIEMs, have you seen that work in practice?
- Where do you see UEBA fitting into the next generation SIEMS? Any specific use cases you think are key?
- What is your opinion on retention of data in your SIEM? How long should you retain and why?
- Should you pay for threat intelligence feeds for the SIEM?
- Should we use the kill chain framework or MITRE ATT&CK to develop use cases?
You can find the full SANS recording and slides here (free SANS account required).