Cloud SIEM - What Happened and What's Next?

Explore the evolution and future of Cloud SIEM in this 56-minute conference talk from BruCON 0x0B. Delve into the successful fusion of cloud-native SIEM and AI, examining its impact on cybersecurity operations and risk management. Learn how this technology enables real-time threat discovery and mitigation at a compelling cost for both CFOs and CISOs. Discover the potential for preemptively identifying and neutralizing attacks before they escalate into viable threats. Investigate the changing roles of "Threat Hunters" and security analysts as incident identification and response become API-driven. Examine how SecDevOps will embrace cloud SIEM and lead threat response efforts. Explore the balance between AI capabilities and in-house expertise, and understand the newfound ROI for enterprise security. Gain insights into cloud-native threat hunting, attack timelines, User & Event Behavioral Analytics (UEBA), and AI-powered threat intelligence. Consider the evolving landscape of machine intelligence in security and its implications for the future of cybersecurity operations.

Cloud SIEM: What happened and what's next? Gunter Ollmann
A 20 Year Journey
Cloud Native SIEM
Overwhelmed with Data
Cutting-edge Today
Raw Events to High Fidelity Incidents
Changes in Hunter Thinking
Reactive Investigation vs Preemptive Hunting
Prioritizing Haystacks
Cloud-native Threat Hunting
Attack Timelines
User & Event Behavioral Analytics (UEBA)
Al-powered Threat Intelligence
(Auto) Threat Hunting
(Auto) Mitigation
Cloud Effects on Hunting
Cloud Effects on Response
Ditching Human Constraints
The Threat Hunter Role
Technology Constraints
Constraining Al in Security
Replicate the Human Expert?
Change the medium...
Evolving Machine Intelligence
Conclusion
Belgian Style Hacking