EP44 Evolving a SIEM for the Future While Learning from the Past

Guest: Mike Orosz, a Chief Information and Product Security Officer @ Vertiv Topics: What are your views on modern SIEM?  What should it do and what should it be? Should it even be called SIEM?  Is SaaS/cloud-native SIEM the only way to go? Can anybody build a SIEM in the cloud by installing the regular SIEM on IaaS? What are the top challenges for organizations deploying and operationalizing SIEM today? What are some hidden or commonly forgotten costs for a SIEM deployment? Is open source the answer to SIEM? SIEM today should deliver on detection, hunting and investigation use cases, so what does it mean in terms of practical data retention? Resources: "On “Output-driven” SIEM" "Fake Cloud: Now There Are Two Hands in Your Pocket"