Guest:

• Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng

Topics:

• Are we really coming  to "access to security data" and away from "centralizing the data"?
• How to detect without the same storage for all logs?
• Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon?
• Tell us about the issues with log pipelines in the past?
• What about enrichment? Why do it in a pipeline, and not in a SIEM?
• We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer?
• Do you have a piece of advice for people who want to do more than save on their SIEM costs?

Resources:

• EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
• EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures
• EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
• Axoflow podcast and Anton on it
• "Decoupled SIEM: Where I Think We Are Now?" blog
• "Decoupled SIEM: Brilliant or Stupid?" blog
• "Output-driven SIEM — 13 years later" blog