#72 - Logging In with SIEMs (with Anton Chuvakin)

On this episode of CISO Tradecraft, Anton Chuvakin talks about Logging, Security Information & Event Management (SIEM) tooling, and Cloud Security.  Anton share’s fantastic points of view on:

• How moving to the cloud is like moving to a space station (13:44)
• How you may be one IAM mistake away from a breach (20:05)
• How a SIEM is a logging based approach, whereas EDRs require agents at endpoints.  This becomes really interesting when cloud solutions don’t have an endpoint to install an agent (26:53)
• Why you don’t want an on premises SIEM (32:35)
• The 3 AM Test - Should you wake someone up for this alert at 3 AM (39:24)