SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsFor many years, security professionals have advocated the approach of collecting logs from all the places where they’re generated and centralizing them into one or only a few places.
But now, we have much more data and many more sources of security telemetry, including from endpoints, networks, email, IAM, SaaS applications, and cloud assets in multi-cloud infrastructures.
Does centralizing log data still make sense, or should we be thinking about decentralized approaches such as federated data storage or distributed data storage, leveraging security data lakes and other repositories?
The problem is that the centralized approach is becoming much harder as volumes and log source counts, types, and distributed nature go up.
For example, If you’re present in multiple public cloud providers, and present there at scale, it is very likely that you are NOT collecting logs into one place in one cloud. Various complexities, egress costs, and storage costs all play into this becoming a questionable decision for most organizations.
So, what are the pros and cons of each approach?
In this webinar led by Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud, we’ll explore key questions such as:
We’ll also review insights from the recent “Third Annual Report on the State of SIEM Detection Risk.” Based on a data-driven analysis of more than 4,000 rules across diverse SIEM platforms in production environments—including Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic—the report provides some interesting benchmark data about typical data ingestion metrics, MITRE ATT&CK coverage, and rule health in enterprise SOCs.
Dr. Anton Chuvakin is a security advisor in Google Cloud’s Office of the CISO, helping shape global cloud security strategy. A recognized expert in threat detection and SIEM, he previously served as a Gartner analyst and is credited with coining the term “EDR.” He’s also the author of several seminal books on security and co-hosts the Cloud Security Podcast by Google.
Learn morePhil is VP of Cyber Defense Strategy at Gem Security, the Cloud Detection & Response (CDR) company.
Learn more