EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures

Guest: Josh Liburdi, Staff Security Engineer, Brex Topics: What is this “security data fabric”?  Can you explain the technology? Is there a market for this? Is this same as security data pipelines? Why is this really needed? Won’t your SIEM vendor do it? Who should adopt it? Or, as Tim says, what gets better once you deploy it? Is reducing cost a big part of the security data fabric story? Does the data quality improve with the use of security data fabric tooling? For organizations considering a security data fabric solution, what key factors should they prioritize in their evaluation and selection process? What is the connection between this and federated security data search? What is the likely future for this technology? Resources: BSidesSF 2024 - Reinventing ETL for Detection and Response Teams (Josh Liburdi) “How to Build Your Own Security Data Pipeline (and why you shouldn’t!)” blog “Decoupled SIEM: Brilliant or Stupid?” blog “Security Correlation Then and Now: A Sad Truth About SIEM” blog (my #1 popular post BTW) “Log Centralization: The End Is Nigh?”  blog “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “Navigating the data current: Exploring Cribl.Cloud analytics and customer insights” report OCSF