YoVDO

Can You Roll Your Own SIEM

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Security Information and Event Management (SIEM) Courses Cost Analysis Courses Access Control Courses Cloud Security Courses Threat Modeling Courses Observability Courses Data Ingestion Courses

Course Description

Overview

Explore the feasibility and benefits of building a custom cloud-native Security Information and Event Management (SIEM) system in this 29-minute Black Hat conference talk. Learn about Two Sigma's journey to replace their expensive third-party SIEM solution, including considerations for threat modeling, feature parity, and data ingestion methods. Discover the operational wins, lessons learned, and cost savings achieved through this in-house approach. Gain insights into the overall effort required, resulting capabilities, and improved observability and flexibility of a custom SIEM solution.

Syllabus

Introduction
Considerations & Requirements
Threat Model
Build vs. Buy
Feature Parity
What We Needed
Batch Loads
Streaming Ingest
Scheduled Queries
Streaming Alerting
Data Access Controls
Operational Wins
Lessons Learned
Overall Effort
Resultant Capabilities
Cost Savings
Observability & Flexibility


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube