{"version":"1.0.0","segments":[{"speaker":"mnemonic","startTime":4.019,"endTime":7.679,"body":"From our headquarters"},{"speaker":"mnemonic","startTime":4.019,"endTime":7.679,"body":"in Oslo, Norway, and on behalf"},{"speaker":"mnemonic","startTime":7.679,"endTime":12.869,"body":"of our host Robby Peralta."},{"speaker":"mnemonic","startTime":7.679,"endTime":12.869,"body":"Welcome to the mnemonic security"},{"speaker":"mnemonic","startTime":12.869,"endTime":13.739,"body":"podcast."},{"speaker":"Robby Peralta","startTime":15.34,"endTime":17.74,"body":"Security"},{"speaker":"Robby Peralta","startTime":15.34,"endTime":17.74,"body":"information and event management"},{"speaker":"Robby Peralta","startTime":17.77,"endTime":21.04,"body":"-  SIEM. It doesn't ring any"},{"speaker":"Robby Peralta","startTime":17.77,"endTime":21.04,"body":"bells to most of the world's"},{"speaker":"Robby Peralta","startTime":21.04,"endTime":25.15,"body":"population. But for others,"},{"speaker":"Robby Peralta","startTime":21.04,"endTime":25.15,"body":"well, imagine hearing a bell go"},{"speaker":"Robby Peralta","startTime":25.15,"endTime":28.9,"body":"off 300 times a day and let me"},{"speaker":"Robby Peralta","startTime":25.15,"endTime":28.9,"body":"know how you feel. Anyways,"},{"speaker":"Robby Peralta","startTime":29.23,"endTime":31.6,"body":"those of us familiar with this"},{"speaker":"Robby Peralta","startTime":29.23,"endTime":31.6,"body":"bell are aware that it was made"},{"speaker":"Robby Peralta","startTime":31.6,"endTime":35.23,"body":"to detect potential security"},{"speaker":"Robby Peralta","startTime":31.6,"endTime":35.23,"body":"incidents. Those same people are"},{"speaker":"Robby Peralta","startTime":35.23,"endTime":37.93,"body":"also aware that this detection"},{"speaker":"Robby Peralta","startTime":35.23,"endTime":37.93,"body":"is harder than the sales guys"},{"speaker":"Robby Peralta","startTime":37.93,"endTime":41.56,"body":"make it out to be, as it"},{"speaker":"Robby Peralta","startTime":37.93,"endTime":41.56,"body":"requires lots of people, data"},{"speaker":"Robby Peralta","startTime":41.65,"endTime":46.51,"body":"and triage. Does this mean our"},{"speaker":"Robby Peralta","startTime":41.65,"endTime":46.51,"body":"beloved SIEM is dead? Who better"},{"speaker":"Robby Peralta","startTime":46.51,"endTime":49.48,"body":"to ask the former Vice President"},{"speaker":"Robby Peralta","startTime":46.51,"endTime":49.48,"body":"and distinguished analyst at"},{"speaker":"Robby Peralta","startTime":49.48,"endTime":52.69,"body":"Gartner who is now the head of"},{"speaker":"Robby Peralta","startTime":49.48,"endTime":52.69,"body":"solution strategy for Google"},{"speaker":"Robby Peralta","startTime":52.69,"endTime":56.71,"body":"Chronicle Dr. Anton Chuvakin,"},{"speaker":"Robby Peralta","startTime":52.69,"endTime":56.71,"body":"welcome to the podcast."},{"speaker":"Anton Chuvakin","startTime":57.51,"endTime":59.31,"body":"Thank you very"},{"speaker":"Anton Chuvakin","startTime":57.51,"endTime":59.31,"body":"much. Thanks for inviting me."},{"speaker":"Robby Peralta","startTime":59.69,"endTime":61.58,"body":"It's a great"},{"speaker":"Robby Peralta","startTime":59.69,"endTime":61.58,"body":"honor having you here today with"},{"speaker":"Robby Peralta","startTime":61.58,"endTime":64.76,"body":"us. I wouldn't go as far to call"},{"speaker":"Robby Peralta","startTime":61.58,"endTime":64.76,"body":"you a god, but you're definitely"},{"speaker":"Robby Peralta","startTime":64.76,"endTime":65.99,"body":"a security guru."},{"speaker":"Anton Chuvakin","startTime":67.07,"endTime":69.32,"body":"Oh, God, no, I"},{"speaker":"Anton Chuvakin","startTime":67.07,"endTime":69.32,"body":"made so much fun of people"},{"speaker":"Anton Chuvakin","startTime":69.32,"endTime":71.39,"body":"calling themselves security"},{"speaker":"Anton Chuvakin","startTime":69.32,"endTime":71.39,"body":"gurus. And now you're doing it"},{"speaker":"Anton Chuvakin","startTime":71.42,"endTime":71.69,"body":"to me"},{"speaker":"Robby Peralta","startTime":73.55,"endTime":76.79,"body":"Okay, we'll go"},{"speaker":"Robby Peralta","startTime":73.55,"endTime":76.79,"body":"with god then, a security god, I"},{"speaker":"Robby Peralta","startTime":76.79,"endTime":80.39,"body":"was stalking you a bit on"},{"speaker":"Robby Peralta","startTime":76.79,"endTime":80.39,"body":"LinkedIn, very impressive 20"},{"speaker":"Robby Peralta","startTime":80.39,"endTime":83.27,"body":"year long resume in security"},{"speaker":"Robby Peralta","startTime":80.39,"endTime":83.27,"body":"monitoring area, where you've"},{"speaker":"Robby Peralta","startTime":83.27,"endTime":85.64,"body":"had the pleasure of calling us"},{"speaker":"Robby Peralta","startTime":83.27,"endTime":85.64,"body":"everything from a chief"},{"speaker":"Robby Peralta","startTime":85.64,"endTime":89.0,"body":"strategist, chief logging"},{"speaker":"Robby Peralta","startTime":85.64,"endTime":89.0,"body":"evangelist. We need more of"},{"speaker":"Robby Peralta","startTime":89.0,"endTime":92.18,"body":"those actually, we still need a"},{"speaker":"Robby Peralta","startTime":89.0,"endTime":92.18,"body":"lot more. And my favorite and"},{"speaker":"Robby Peralta","startTime":92.18,"endTime":94.55,"body":"most interesting in my opinion,"},{"speaker":"Robby Peralta","startTime":92.18,"endTime":94.55,"body":"is the Vice President of"},{"speaker":"Robby Peralta","startTime":94.55,"endTime":95.78,"body":"Research for Gartner."},{"speaker":"Anton Chuvakin","startTime":97.85,"endTime":99.71,"body":"Distinguished"},{"speaker":"Anton Chuvakin","startTime":97.85,"endTime":99.71,"body":"analyst, I met made it all the"},{"speaker":"Anton Chuvakin","startTime":99.71,"endTime":102.65,"body":"way to VP distinguished analyst,"},{"speaker":"Anton Chuvakin","startTime":99.71,"endTime":102.65,"body":"which is like a top rank for an"},{"speaker":"Anton Chuvakin","startTime":102.65,"endTime":103.49,"body":"analyst of Gartner."},{"speaker":"Robby Peralta","startTime":104.05,"endTime":106.21,"body":"Awesome, awesome."},{"speaker":"Robby Peralta","startTime":104.05,"endTime":106.21,"body":"And so just to stop you right"},{"speaker":"Robby Peralta","startTime":106.21,"endTime":109.45,"body":"there, what does that entail?"},{"speaker":"Robby Peralta","startTime":106.21,"endTime":109.45,"body":"mnemonic has dealings with"},{"speaker":"Robby Peralta","startTime":109.45,"endTime":112.87,"body":"Gardner, and I imagine you"},{"speaker":"Robby Peralta","startTime":109.45,"endTime":112.87,"body":"traveling around and meeting all"},{"speaker":"Robby Peralta","startTime":112.87,"endTime":115.03,"body":"the the coolest cybersecurity"},{"speaker":"Robby Peralta","startTime":112.87,"endTime":115.03,"body":"companies and figuring out how"},{"speaker":"Robby Peralta","startTime":115.03,"endTime":116.53,"body":"they're doing stuff, is that"},{"speaker":"Robby Peralta","startTime":115.03,"endTime":116.53,"body":"sort of how it was?"},{"speaker":"Anton Chuvakin","startTime":117.2,"endTime":119.72,"body":"Well, not only"},{"speaker":"Anton Chuvakin","startTime":117.2,"endTime":119.72,"body":"that, that's one half the other"},{"speaker":"Anton Chuvakin","startTime":119.72,"endTime":122.66,"body":"half is, of course, to give"},{"speaker":"Anton Chuvakin","startTime":119.72,"endTime":122.66,"body":"advice to other other companies"},{"speaker":"Anton Chuvakin","startTime":122.66,"endTime":126.5,"body":"and right research, right. So if"},{"speaker":"Anton Chuvakin","startTime":122.66,"endTime":126.5,"body":"people don't know it, maybe"},{"speaker":"Anton Chuvakin","startTime":126.5,"endTime":129.95,"body":"people don't realize it. But a"},{"speaker":"Anton Chuvakin","startTime":126.5,"endTime":129.95,"body":"lot of the analysts from work is"},{"speaker":"Anton Chuvakin","startTime":129.95,"endTime":132.95,"body":"learning from clients so that we"},{"speaker":"Anton Chuvakin","startTime":129.95,"endTime":132.95,"body":"can then teach other clients"},{"speaker":"Anton Chuvakin","startTime":132.98,"endTime":136.37,"body":"very little, very little stuff"},{"speaker":"Anton Chuvakin","startTime":132.98,"endTime":136.37,"body":"is kind of made up because"},{"speaker":"Anton Chuvakin","startTime":136.37,"endTime":139.04,"body":"frankly, analysts don't make"},{"speaker":"Anton Chuvakin","startTime":136.37,"endTime":139.04,"body":"anything up, we typically"},{"speaker":"Anton Chuvakin","startTime":139.04,"endTime":141.89,"body":"synthesize from what we see. So"},{"speaker":"Anton Chuvakin","startTime":139.04,"endTime":141.89,"body":"it's kind of funny that the job"},{"speaker":"Anton Chuvakin","startTime":141.89,"endTime":146.06,"body":"is called the analyst. But you"},{"speaker":"Anton Chuvakin","startTime":141.89,"endTime":146.06,"body":"really mostly are a synthesizer,"},{"speaker":"Anton Chuvakin","startTime":146.06,"endTime":149.72,"body":"I guess, because we mostly come"},{"speaker":"Anton Chuvakin","startTime":146.06,"endTime":149.72,"body":"see patterns and kind of export"},{"speaker":"Anton Chuvakin","startTime":149.72,"endTime":152.75,"body":"them to other clients. It's kind"},{"speaker":"Anton Chuvakin","startTime":149.72,"endTime":152.75,"body":"of maybe I wouldn't say it's a"},{"speaker":"Anton Chuvakin","startTime":152.75,"endTime":157.22,"body":"dirty secret, but it's a secret."},{"speaker":"Anton Chuvakin","startTime":152.75,"endTime":157.22,"body":"It's not a well kept secret that"},{"speaker":"Anton Chuvakin","startTime":157.34,"endTime":160.04,"body":"that's likely what the end of"},{"speaker":"Anton Chuvakin","startTime":157.34,"endTime":160.04,"body":"the job entails. So I used to"},{"speaker":"Anton Chuvakin","startTime":160.04,"endTime":163.55,"body":"learn from how people do things,"},{"speaker":"Anton Chuvakin","startTime":160.04,"endTime":163.55,"body":"and then kind of like processes"},{"speaker":"Anton Chuvakin","startTime":163.55,"endTime":166.55,"body":"and the research and the"},{"speaker":"Anton Chuvakin","startTime":163.55,"endTime":166.55,"body":"guidance. And then we help many"},{"speaker":"Anton Chuvakin","startTime":166.55,"endTime":168.68,"body":"other companies and"},{"speaker":"Anton Chuvakin","startTime":166.55,"endTime":168.68,"body":"organizations deal with their"},{"speaker":"Anton Chuvakin","startTime":168.68,"endTime":169.79,"body":"security operation problems."},{"speaker":"Robby Peralta","startTime":170.52,"endTime":172.89,"body":"Hmm. Awesome."},{"speaker":"Robby Peralta","startTime":170.52,"endTime":172.89,"body":"Well, that sounds like a very"},{"speaker":"Robby Peralta","startTime":172.89,"endTime":173.46,"body":"fun job."},{"speaker":"Anton Chuvakin","startTime":174.12,"endTime":175.56,"body":"It was a very"},{"speaker":"Anton Chuvakin","startTime":174.12,"endTime":175.56,"body":"fun job. Yes."},{"speaker":"Robby Peralta","startTime":175.95,"endTime":177.78,"body":"So if you look"},{"speaker":"Robby Peralta","startTime":175.95,"endTime":177.78,"body":"back at those 20 years, how did"},{"speaker":"Robby Peralta","startTime":177.78,"endTime":180.42,"body":"we get to where we are today,"},{"speaker":"Robby Peralta","startTime":177.78,"endTime":180.42,"body":"then? I know it's a very broad"},{"speaker":"Robby Peralta","startTime":180.42,"endTime":180.81,"body":"question,"},{"speaker":"Anton Chuvakin","startTime":183.09,"endTime":186.27,"body":"Well, my first"},{"speaker":"Anton Chuvakin","startTime":183.09,"endTime":186.27,"body":"encounter with my first close"},{"speaker":"Anton Chuvakin","startTime":186.27,"endTime":188.34,"body":"encounter with security"},{"speaker":"Anton Chuvakin","startTime":186.27,"endTime":188.34,"body":"monitoring technologies, like"},{"speaker":"Anton Chuvakin","startTime":188.34,"endTime":193.5,"body":"SIEM was in fact in 2002. And"},{"speaker":"Anton Chuvakin","startTime":188.34,"endTime":193.5,"body":"it's really slightly scary that"},{"speaker":"Anton Chuvakin","startTime":193.5,"endTime":198.48,"body":"some of the stuff we deal with"},{"speaker":"Anton Chuvakin","startTime":193.5,"endTime":198.48,"body":"today in 2020, is sort of very"},{"speaker":"Anton Chuvakin","startTime":198.48,"endTime":202.89,"body":"reminiscent of the stuff that"},{"speaker":"Anton Chuvakin","startTime":198.48,"endTime":202.89,"body":"I've seen back in 2002. So let"},{"speaker":"Anton Chuvakin","startTime":202.89,"endTime":206.07,"body":"me first state say that I'm not"},{"speaker":"Anton Chuvakin","startTime":202.89,"endTime":206.07,"body":"one of those curmudgeons, who"},{"speaker":"Anton Chuvakin","startTime":206.07,"endTime":208.89,"body":"basically says, oh, clouds, like"},{"speaker":"Anton Chuvakin","startTime":206.07,"endTime":208.89,"body":"a mainframe, there's nothing"},{"speaker":"Anton Chuvakin","startTime":208.89,"endTime":212.82,"body":"new. I'm not talking about that."},{"speaker":"Anton Chuvakin","startTime":208.89,"endTime":212.82,"body":"I'm talking about the problems."},{"speaker":"Anton Chuvakin","startTime":213.15,"endTime":215.7,"body":"technologies have changed."},{"speaker":"Anton Chuvakin","startTime":213.15,"endTime":215.7,"body":"There's no debate about that we"},{"speaker":"Anton Chuvakin","startTime":215.7,"endTime":218.64,"body":"had, you know, we had thought we"},{"speaker":"Anton Chuvakin","startTime":215.7,"endTime":218.64,"body":"have cloud computing, we have"},{"speaker":"Anton Chuvakin","startTime":218.64,"endTime":221.79,"body":"distributed, we have more Well,"},{"speaker":"Anton Chuvakin","startTime":218.64,"endTime":221.79,"body":"we have lots, lots and lots of"},{"speaker":"Anton Chuvakin","startTime":221.79,"endTime":227.52,"body":"other tech. So tech changed, but"},{"speaker":"Anton Chuvakin","startTime":221.79,"endTime":227.52,"body":"some of the problems we face are"},{"speaker":"Anton Chuvakin","startTime":227.52,"endTime":232.32,"body":"kind of not changed. And so I"},{"speaker":"Anton Chuvakin","startTime":227.52,"endTime":232.32,"body":"remember many, probably around"},{"speaker":"Anton Chuvakin","startTime":232.32,"endTime":235.23,"body":"2002, I was actually writing the"},{"speaker":"Anton Chuvakin","startTime":232.32,"endTime":235.23,"body":"correlation rule for a sim"},{"speaker":"Anton Chuvakin","startTime":235.23,"endTime":238.02,"body":"project that I've worked for"},{"speaker":"Anton Chuvakin","startTime":235.23,"endTime":238.02,"body":"back in the day. And one of the"},{"speaker":"Anton Chuvakin","startTime":238.02,"endTime":241.47,"body":"things was like, people are"},{"speaker":"Anton Chuvakin","startTime":238.02,"endTime":241.47,"body":"using default passwords and"},{"speaker":"Anton Chuvakin","startTime":241.47,"endTime":246.12,"body":"people doing password guessing."},{"speaker":"Anton Chuvakin","startTime":241.47,"endTime":246.12,"body":"So it was a very popular and the"},{"speaker":"Anton Chuvakin","startTime":246.15,"endTime":249.87,"body":"very, you know, common Attack,"},{"speaker":"Anton Chuvakin","startTime":246.15,"endTime":249.87,"body":"attack type, password guessing"},{"speaker":"Anton Chuvakin","startTime":249.87,"endTime":253.74,"body":"or using the default password."},{"speaker":"Anton Chuvakin","startTime":249.87,"endTime":253.74,"body":"So 2002, we naively thought it"},{"speaker":"Anton Chuvakin","startTime":253.74,"endTime":257.58,"body":"would be solved very soon,"},{"speaker":"Anton Chuvakin","startTime":253.74,"endTime":257.58,"body":"either by multifactor, or by,"},{"speaker":"Anton Chuvakin","startTime":257.61,"endTime":260.04,"body":"you know, some kind of"},{"speaker":"Anton Chuvakin","startTime":257.61,"endTime":260.04,"body":"futuristic technology or just by"},{"speaker":"Anton Chuvakin","startTime":260.04,"endTime":264.0,"body":"people become indebted with"},{"speaker":"Anton Chuvakin","startTime":260.04,"endTime":264.0,"body":"Bosler? I don't know. But, you"},{"speaker":"Anton Chuvakin","startTime":264.0,"endTime":268.71,"body":"know, I'm looking at the current"},{"speaker":"Anton Chuvakin","startTime":264.0,"endTime":268.71,"body":"detection content right today."},{"speaker":"Anton Chuvakin","startTime":269.04,"endTime":271.77,"body":"And the other they're definitely"},{"speaker":"Anton Chuvakin","startTime":269.04,"endTime":271.77,"body":"password guessing rules. And"},{"speaker":"Anton Chuvakin","startTime":271.77,"endTime":275.94,"body":"there definitely rules for"},{"speaker":"Anton Chuvakin","startTime":271.77,"endTime":275.94,"body":"default passwords or standard"},{"speaker":"Anton Chuvakin","startTime":275.94,"endTime":279.18,"body":"passwords. So it's kind of"},{"speaker":"Anton Chuvakin","startTime":275.94,"endTime":279.18,"body":"peculiar. Maybe I'm picking the"},{"speaker":"Anton Chuvakin","startTime":279.18,"endTime":283.74,"body":"one area where the old stuff"},{"speaker":"Anton Chuvakin","startTime":279.18,"endTime":283.74,"body":"never got resolved. But after"},{"speaker":"Anton Chuvakin","startTime":283.74,"endTime":286.29,"body":"being a gardener, I became kind"},{"speaker":"Anton Chuvakin","startTime":283.74,"endTime":286.29,"body":"of uniquely attuned to the fact"},{"speaker":"Anton Chuvakin","startTime":286.29,"endTime":290.28,"body":"that a lot of our problems are"},{"speaker":"Anton Chuvakin","startTime":286.29,"endTime":290.28,"body":"pretty much just same problems"},{"speaker":"Anton Chuvakin","startTime":290.28,"endTime":293.91,"body":"we had for many, many years."},{"speaker":"Anton Chuvakin","startTime":290.28,"endTime":293.91,"body":"Sure, there are new problems."},{"speaker":"Anton Chuvakin","startTime":294.09,"endTime":297.45,"body":"But when I've tried to visualize"},{"speaker":"Anton Chuvakin","startTime":294.09,"endTime":297.45,"body":"how things have gone for those"},{"speaker":"Anton Chuvakin","startTime":297.45,"endTime":301.14,"body":"years, we sort of have a pile of"},{"speaker":"Anton Chuvakin","startTime":297.45,"endTime":301.14,"body":"problems. But you probably get"},{"speaker":"Anton Chuvakin","startTime":301.17,"endTime":304.59,"body":"thrown on top. I've used to"},{"speaker":"Anton Chuvakin","startTime":301.17,"endTime":304.59,"body":"challenge people sometimes. And"},{"speaker":"Anton Chuvakin","startTime":304.59,"endTime":308.43,"body":"by telling them, hey, name one"},{"speaker":"Anton Chuvakin","startTime":304.59,"endTime":308.43,"body":"security problem that was"},{"speaker":"Anton Chuvakin","startTime":308.43,"endTime":312.57,"body":"solved, like salt, salt God. And"},{"speaker":"Anton Chuvakin","startTime":308.43,"endTime":312.57,"body":"people obviously give me like"},{"speaker":"Anton Chuvakin","startTime":312.57,"endTime":317.85,"body":"some kind of a smartest, funny"},{"speaker":"Anton Chuvakin","startTime":312.57,"endTime":317.85,"body":"answers like Windows 3.1."},{"speaker":"Anton Chuvakin","startTime":317.85,"endTime":322.35,"body":"Hacking by overflowing the"},{"speaker":"Anton Chuvakin","startTime":317.85,"endTime":322.35,"body":"network driver is solved. I'm"},{"speaker":"Anton Chuvakin","startTime":322.35,"endTime":326.58,"body":"like, probably. So when when I"},{"speaker":"Anton Chuvakin","startTime":322.35,"endTime":326.58,"body":"think about the security"},{"speaker":"Anton Chuvakin","startTime":326.58,"endTime":330.06,"body":"problems that got solved, you"},{"speaker":"Anton Chuvakin","startTime":326.58,"endTime":330.06,"body":"can pick something from, you"},{"speaker":"Anton Chuvakin","startTime":330.06,"endTime":332.64,"body":"know, hack in a particular"},{"speaker":"Anton Chuvakin","startTime":330.06,"endTime":332.64,"body":"technique of hacking a system"},{"speaker":"Anton Chuvakin","startTime":332.64,"endTime":335.79,"body":"that's no longer in use. I don't"},{"speaker":"Anton Chuvakin","startTime":332.64,"endTime":335.79,"body":"know, Windows 10.1. And but"},{"speaker":"Anton Chuvakin","startTime":335.79,"endTime":338.61,"body":"that's kind of a little bit of a"},{"speaker":"Anton Chuvakin","startTime":335.79,"endTime":338.61,"body":"cheating answer, just like, you"},{"speaker":"Anton Chuvakin","startTime":338.61,"endTime":341.73,"body":"know, maybe stealing typewriters"},{"speaker":"Anton Chuvakin","startTime":338.61,"endTime":341.73,"body":"in another very common crime"},{"speaker":"Anton Chuvakin","startTime":341.73,"endTime":344.58,"body":"nowadays, because nobody uses"},{"speaker":"Anton Chuvakin","startTime":341.73,"endTime":344.58,"body":"them. Sure. But like, if you"},{"speaker":"Anton Chuvakin","startTime":344.58,"endTime":347.67,"body":"think of a more systemic"},{"speaker":"Anton Chuvakin","startTime":344.58,"endTime":347.67,"body":"problem, it's really hard to"},{"speaker":"Anton Chuvakin","startTime":347.67,"endTime":352.77,"body":"name one that's just solved flat"},{"speaker":"Anton Chuvakin","startTime":347.67,"endTime":352.77,"body":"out. And, yeah, if you go, say,"},{"speaker":"Anton Chuvakin","startTime":352.77,"endTime":357.45,"body":"back to the 90s, and you try"},{"speaker":"Anton Chuvakin","startTime":352.77,"endTime":357.45,"body":"naming a type of an attack, or"},{"speaker":"Anton Chuvakin","startTime":357.45,"endTime":361.23,"body":"type of a threat that just like"},{"speaker":"Anton Chuvakin","startTime":357.45,"endTime":361.23,"body":"was, is that is not an existence"},{"speaker":"Anton Chuvakin","startTime":361.23,"endTime":365.97,"body":"today flat out? That's a hard"},{"speaker":"Anton Chuvakin","startTime":361.23,"endTime":365.97,"body":"question. And, frankly, I think"},{"speaker":"Anton Chuvakin","startTime":365.97,"endTime":368.34,"body":"you could name one. And maybe if"},{"speaker":"Anton Chuvakin","startTime":365.97,"endTime":368.34,"body":"I think really hard, they would"},{"speaker":"Anton Chuvakin","startTime":368.34,"endTime":371.52,"body":"name one. But the point is, it's"},{"speaker":"Anton Chuvakin","startTime":368.34,"endTime":371.52,"body":"a hard question to name a"},{"speaker":"Anton Chuvakin","startTime":371.52,"endTime":375.09,"body":"security problem is just flat"},{"speaker":"Anton Chuvakin","startTime":371.52,"endTime":375.09,"body":"out solved in 20 years, it is"},{"speaker":"Anton Chuvakin","startTime":375.39,"endTime":377.94,"body":"just gives you thought, right?"},{"speaker":"Anton Chuvakin","startTime":375.39,"endTime":377.94,"body":"It just gives you gives you a"},{"speaker":"Anton Chuvakin","startTime":377.94,"endTime":380.73,"body":"bit of a like, oh, what's going"},{"speaker":"Anton Chuvakin","startTime":377.94,"endTime":380.73,"body":"on here? Hmm."},{"speaker":"Robby Peralta","startTime":381.3,"endTime":383.7,"body":"So if I've looked"},{"speaker":"Robby Peralta","startTime":381.3,"endTime":383.7,"body":"at a bunch of reports and stuff,"},{"speaker":"Robby Peralta","startTime":383.7,"endTime":386.37,"body":"and I've seen like the evolution"},{"speaker":"Robby Peralta","startTime":383.7,"endTime":386.37,"body":"of security monitoring, and in"},{"speaker":"Robby Peralta","startTime":386.37,"endTime":389.97,"body":"2002 was like network traffic,"},{"speaker":"Robby Peralta","startTime":386.37,"endTime":389.97,"body":"and then you know, along the"},{"speaker":"Robby Peralta","startTime":389.97,"endTime":393.72,"body":"way, somewhere went into log"},{"speaker":"Robby Peralta","startTime":389.97,"endTime":393.72,"body":"management, SIEM and EDR. Now,"},{"speaker":"Robby Peralta","startTime":393.72,"endTime":397.68,"body":"it's cloud stuff, right? But one"},{"speaker":"Robby Peralta","startTime":393.72,"endTime":397.68,"body":"thing speaking of problems"},{"speaker":"Robby Peralta","startTime":397.68,"endTime":399.69,"body":"getting solved one thing that"},{"speaker":"Robby Peralta","startTime":397.68,"endTime":399.69,"body":"has not been solved yet is the"},{"speaker":"Robby Peralta","startTime":399.69,"endTime":403.08,"body":"whole SIEM, security"},{"speaker":"Robby Peralta","startTime":399.69,"endTime":403.08,"body":"information, event management"},{"speaker":"Robby Peralta","startTime":403.11,"endTime":406.89,"body":"sort of space. Yeah. So what are"},{"speaker":"Robby Peralta","startTime":403.11,"endTime":406.89,"body":"your thoughts around SIEM? Is it"},{"speaker":"Robby Peralta","startTime":406.89,"endTime":408.57,"body":"dead? Or is it alive?"},{"speaker":"Anton Chuvakin","startTime":409.47,"endTime":413.31,"body":"Okay, so this is"},{"speaker":"Anton Chuvakin","startTime":409.47,"endTime":413.31,"body":"that question. Is it dead? Okay,"},{"speaker":"Anton Chuvakin","startTime":413.31,"endTime":417.72,"body":"so short answer is not dead?"},{"speaker":"Anton Chuvakin","startTime":413.31,"endTime":417.72,"body":"It's a longer answer. A longer"},{"speaker":"Anton Chuvakin","startTime":417.72,"endTime":423.66,"body":"answer is this. I would say that"},{"speaker":"Anton Chuvakin","startTime":417.72,"endTime":423.66,"body":"when we started deploying, at"},{"speaker":"Anton Chuvakin","startTime":423.66,"endTime":425.7,"body":"the time, they were called"},{"speaker":"Anton Chuvakin","startTime":423.66,"endTime":425.7,"body":"either SIEM products with an I"},{"speaker":"Anton Chuvakin","startTime":425.73,"endTime":430.41,"body":"or SIEM products with an E. We"},{"speaker":"Anton Chuvakin","startTime":425.73,"endTime":430.41,"body":"started seeing even basically"},{"speaker":"Anton Chuvakin","startTime":430.41,"endTime":432.21,"body":"two types, and there was a"},{"speaker":"Anton Chuvakin","startTime":430.41,"endTime":432.21,"body":"debate which one's the right"},{"speaker":"Anton Chuvakin","startTime":432.21,"endTime":437.61,"body":"one, I'm talking maybe, maybe"},{"speaker":"Anton Chuvakin","startTime":432.21,"endTime":437.61,"body":"2000 to 2003 type timeframe. So"},{"speaker":"Anton Chuvakin","startTime":438.03,"endTime":441.54,"body":"at the time, the mission for sim"},{"speaker":"Anton Chuvakin","startTime":438.03,"endTime":441.54,"body":"was at this time was clear for"},{"speaker":"Anton Chuvakin","startTime":441.54,"endTime":446.07,"body":"Sam and Sam for both. And so"},{"speaker":"Anton Chuvakin","startTime":441.54,"endTime":446.07,"body":"later on, I think Gartner in"},{"speaker":"Anton Chuvakin","startTime":446.13,"endTime":450.15,"body":"around 2004, my timing may be a"},{"speaker":"Anton Chuvakin","startTime":446.13,"endTime":450.15,"body":"little off a year, basically"},{"speaker":"Anton Chuvakin","startTime":450.15,"endTime":454.74,"body":"combined Siemens sim into one"},{"speaker":"Anton Chuvakin","startTime":450.15,"endTime":454.74,"body":"and called it si em. So the four"},{"speaker":"Anton Chuvakin","startTime":454.74,"endTime":458.43,"body":"letter acronym was born, why the"},{"speaker":"Anton Chuvakin","startTime":454.74,"endTime":458.43,"body":"product existed back then was"},{"speaker":"Anton Chuvakin","startTime":458.43,"endTime":461.67,"body":"clear. But over the years kind"},{"speaker":"Anton Chuvakin","startTime":458.43,"endTime":461.67,"body":"of changed slightly. For"},{"speaker":"Anton Chuvakin","startTime":461.67,"endTime":465.72,"body":"example, today, you sometimes"},{"speaker":"Anton Chuvakin","startTime":461.67,"endTime":465.72,"body":"see modern security monitoring"},{"speaker":"Anton Chuvakin","startTime":465.72,"endTime":468.24,"body":"vendors, I don't know some"},{"speaker":"Anton Chuvakin","startTime":465.72,"endTime":468.24,"body":"analytics vendors basically say,"},{"speaker":"Anton Chuvakin","startTime":468.39,"endTime":473.13,"body":"oh, Sam is for compliance. But"},{"speaker":"Anton Chuvakin","startTime":468.39,"endTime":473.13,"body":"I, I'm a guy who lived through"},{"speaker":"Anton Chuvakin","startTime":473.13,"endTime":475.77,"body":"the years of sim before"},{"speaker":"Anton Chuvakin","startTime":473.13,"endTime":475.77,"body":"compliance, and I could tell you"},{"speaker":"Anton Chuvakin","startTime":475.77,"endTime":479.4,"body":"for sure that Sam was born Well,"},{"speaker":"Anton Chuvakin","startTime":475.77,"endTime":479.4,"body":"before compliance, some of the"},{"speaker":"Anton Chuvakin","startTime":479.4,"endTime":487.53,"body":"US regulations, PCI 2006 2007,"},{"speaker":"Anton Chuvakin","startTime":479.4,"endTime":487.53,"body":"Sarbanes Oxley, nobody remembers"},{"speaker":"Anton Chuvakin","startTime":487.53,"endTime":491.58,"body":"now 2002, a bunch of"},{"speaker":"Anton Chuvakin","startTime":487.53,"endTime":491.58,"body":"international regulations are"},{"speaker":"Anton Chuvakin","startTime":491.58,"endTime":494.7,"body":"all much later. So the point is"},{"speaker":"Anton Chuvakin","startTime":491.58,"endTime":494.7,"body":"that sim as a technology was"},{"speaker":"Anton Chuvakin","startTime":494.7,"endTime":499.02,"body":"born before compliance, and you"},{"speaker":"Anton Chuvakin","startTime":494.7,"endTime":499.02,"body":"cannot say I will compliance,"},{"speaker":"Anton Chuvakin","startTime":499.32,"endTime":501.57,"body":"because frankly, it was designed"},{"speaker":"Anton Chuvakin","startTime":499.32,"endTime":501.57,"body":"to build originally when"},{"speaker":"Anton Chuvakin","startTime":501.57,"endTime":504.24,"body":"compliance didn't really exist"},{"speaker":"Anton Chuvakin","startTime":501.57,"endTime":504.24,"body":"or that much, a little bit in"},{"speaker":"Anton Chuvakin","startTime":504.24,"endTime":508.65,"body":"some industries. But later on,"},{"speaker":"Anton Chuvakin","startTime":504.24,"endTime":508.65,"body":"it did become associated with"},{"speaker":"Anton Chuvakin","startTime":508.65,"endTime":513.99,"body":"compliance and no debate here."},{"speaker":"Anton Chuvakin","startTime":508.65,"endTime":513.99,"body":"So around maybe 2000 789, a lot"},{"speaker":"Anton Chuvakin","startTime":514.02,"endTime":518.85,"body":"of my work in this area, I was"},{"speaker":"Anton Chuvakin","startTime":514.02,"endTime":518.85,"body":"doing log management at the"},{"speaker":"Anton Chuvakin","startTime":518.85,"endTime":522.3,"body":"vendor back then, was connected"},{"speaker":"Anton Chuvakin","startTime":518.85,"endTime":522.3,"body":"to compliance, whether it's PCI,"},{"speaker":"Anton Chuvakin","startTime":522.3,"endTime":525.09,"body":"whether it's HIPAA, whether it's"},{"speaker":"Anton Chuvakin","startTime":522.3,"endTime":525.09,"body":"a bunch of, you know, us and non"},{"speaker":"Anton Chuvakin","startTime":525.09,"endTime":528.75,"body":"us standards, even ISO 27,"},{"speaker":"Anton Chuvakin","startTime":525.09,"endTime":528.75,"body":"double 01, all this exciting"},{"speaker":"Anton Chuvakin","startTime":528.75,"endTime":532.98,"body":"stuff was compliance, but that"},{"speaker":"Anton Chuvakin","startTime":528.75,"endTime":532.98,"body":"after that era, we kind of went,"},{"speaker":"Anton Chuvakin","startTime":533.67,"endTime":537.36,"body":"again, back to threats. I"},{"speaker":"Anton Chuvakin","startTime":533.67,"endTime":537.36,"body":"shouldn't say back to the roots,"},{"speaker":"Anton Chuvakin","startTime":537.36,"endTime":541.05,"body":"but I would say back to sim as a"},{"speaker":"Anton Chuvakin","startTime":537.36,"endTime":541.05,"body":"monitoring console threat"},{"speaker":"Anton Chuvakin","startTime":541.05,"endTime":544.11,"body":"detection, console,"},{"speaker":"Anton Chuvakin","startTime":541.05,"endTime":544.11,"body":"investigation, support console,"},{"speaker":"Anton Chuvakin","startTime":544.5,"endTime":546.84,"body":"I learned centralization, of"},{"speaker":"Anton Chuvakin","startTime":544.5,"endTime":546.84,"body":"course, and a little bit of rock"},{"speaker":"Anton Chuvakin","startTime":546.84,"endTime":550.71,"body":"flow, which is now growing. So"},{"speaker":"Anton Chuvakin","startTime":546.84,"endTime":550.71,"body":"to me, I don't want to write a"},{"speaker":"Anton Chuvakin","startTime":550.71,"endTime":552.9,"body":"book about the history of sim"},{"speaker":"Anton Chuvakin","startTime":550.71,"endTime":552.9,"body":"because there's not really that"},{"speaker":"Anton Chuvakin","startTime":552.9,"endTime":557.28,"body":"many clients for it. But but"},{"speaker":"Anton Chuvakin","startTime":552.9,"endTime":557.28,"body":"it's every evolution does teach"},{"speaker":"Anton Chuvakin","startTime":557.28,"endTime":560.94,"body":"us something that it's a"},{"speaker":"Anton Chuvakin","startTime":557.28,"endTime":560.94,"body":"technology that had a chance to"},{"speaker":"Anton Chuvakin","startTime":560.94,"endTime":565.65,"body":"adapt multiple times. And it's a"},{"speaker":"Anton Chuvakin","startTime":560.94,"endTime":565.65,"body":"technology that went through"},{"speaker":"Anton Chuvakin","startTime":565.65,"endTime":569.19,"body":"some years where its reputation"},{"speaker":"Anton Chuvakin","startTime":565.65,"endTime":569.19,"body":"was quite bad. No debate here."},{"speaker":"Anton Chuvakin","startTime":569.19,"endTime":573.0,"body":"Yeah. Okay. reputation for"},{"speaker":"Anton Chuvakin","startTime":569.19,"endTime":573.0,"body":"complexity. And I've written"},{"speaker":"Anton Chuvakin","startTime":573.0,"endTime":577.29,"body":"enough both before Gartner at my"},{"speaker":"Anton Chuvakin","startTime":573.0,"endTime":577.29,"body":"old blog, and at Gartner and"},{"speaker":"Anton Chuvakin","startTime":577.29,"endTime":580.44,"body":"enough to Gardner about how some"},{"speaker":"Anton Chuvakin","startTime":577.29,"endTime":580.44,"body":"of the challenges really aren't"},{"speaker":"Anton Chuvakin","startTime":580.44,"endTime":583.08,"body":"about sim technology being done"},{"speaker":"Anton Chuvakin","startTime":580.44,"endTime":583.08,"body":"wrong, but they're about the"},{"speaker":"Anton Chuvakin","startTime":583.08,"endTime":586.56,"body":"mission being hard. If your"},{"speaker":"Anton Chuvakin","startTime":583.08,"endTime":586.56,"body":"mission is to detect threats,"},{"speaker":"Anton Chuvakin","startTime":586.59,"endTime":590.07,"body":"centralized alerts, support"},{"speaker":"Anton Chuvakin","startTime":586.59,"endTime":590.07,"body":"investigations. I mean, it's a"},{"speaker":"Anton Chuvakin","startTime":590.07,"endTime":591.48,"body":"hard mission, right? A"},{"speaker":"Robby Peralta","startTime":591.54,"endTime":592.83,"body":"lot of things."},{"speaker":"Robby Peralta","startTime":591.54,"endTime":592.83,"body":"Yeah."},{"speaker":"Anton Chuvakin","startTime":592.98,"endTime":596.25,"body":"Right. A lot of"},{"speaker":"Anton Chuvakin","startTime":592.98,"endTime":596.25,"body":"things and also, unlike, say,"},{"speaker":"Anton Chuvakin","startTime":596.28,"endTime":600.42,"body":"operational challenges, you"},{"speaker":"Anton Chuvakin","startTime":596.28,"endTime":600.42,"body":"know, back many, many, many Many"},{"speaker":"Anton Chuvakin","startTime":600.42,"endTime":605.19,"body":"years ago, people were trying to"},{"speaker":"Anton Chuvakin","startTime":600.42,"endTime":605.19,"body":"equate sim with like a massive"},{"speaker":"Anton Chuvakin","startTime":605.19,"endTime":607.62,"body":"network management systems. But"},{"speaker":"Anton Chuvakin","startTime":605.19,"endTime":607.62,"body":"for security, there's like a"},{"speaker":"Anton Chuvakin","startTime":607.62,"endTime":611.16,"body":"golden metaphor in 2002 was"},{"speaker":"Anton Chuvakin","startTime":607.62,"endTime":611.16,"body":"like, I would say was just like"},{"speaker":"Anton Chuvakin","startTime":611.16,"endTime":615.03,"body":"HP OpenView. But what security,"},{"speaker":"Anton Chuvakin","startTime":611.16,"endTime":615.03,"body":"which today sounds like a fairly"},{"speaker":"Anton Chuvakin","startTime":615.06,"endTime":619.77,"body":"new metaphor, but the point is"},{"speaker":"Anton Chuvakin","startTime":615.06,"endTime":619.77,"body":"that this was the original some"},{"speaker":"Anton Chuvakin","startTime":619.77,"endTime":622.56,"body":"of the original thinking was"},{"speaker":"Anton Chuvakin","startTime":619.77,"endTime":622.56,"body":"that, but the network monitoring"},{"speaker":"Anton Chuvakin","startTime":622.56,"endTime":628.11,"body":"mission is much simpler than a"},{"speaker":"Anton Chuvakin","startTime":622.56,"endTime":628.11,"body":"security 110 mission. So that's"},{"speaker":"Anton Chuvakin","startTime":628.11,"endTime":630.9,"body":"why I would kind of attribute"},{"speaker":"Anton Chuvakin","startTime":628.11,"endTime":630.9,"body":"some of the challenges with Sam,"},{"speaker":"Anton Chuvakin","startTime":631.17,"endTime":634.59,"body":"not to the fact that technology"},{"speaker":"Anton Chuvakin","startTime":631.17,"endTime":634.59,"body":"is broken and done wrong. But it"},{"speaker":"Anton Chuvakin","startTime":634.59,"endTime":637.74,"body":"with that with the fact that"},{"speaker":"Anton Chuvakin","startTime":634.59,"endTime":637.74,"body":"it's a broad growing and get an"},{"speaker":"Anton Chuvakin","startTime":637.74,"endTime":638.85,"body":"ever evolving mission."},{"speaker":"Robby Peralta","startTime":638.91,"endTime":641.19,"body":"I mean, it's hard"},{"speaker":"Robby Peralta","startTime":638.91,"endTime":641.19,"body":"to do, it's a hard thing to do."},{"speaker":"Robby Peralta","startTime":641.34,"endTime":643.35,"body":"And that reminds me of an"},{"speaker":"Robby Peralta","startTime":641.34,"endTime":643.35,"body":"article he recently wrote,"},{"speaker":"Robby Peralta","startTime":643.35,"endTime":647.37,"body":"right? Why detection is so hard."},{"speaker":"Robby Peralta","startTime":643.35,"endTime":647.37,"body":"And you mentioned people data"},{"speaker":"Robby Peralta","startTime":647.37,"endTime":650.76,"body":"triage. And I want to start with"},{"speaker":"Robby Peralta","startTime":647.37,"endTime":650.76,"body":"the people part, because there's"},{"speaker":"Robby Peralta","startTime":650.76,"endTime":654.69,"body":"so many aspects of the why it's"},{"speaker":"Robby Peralta","startTime":650.76,"endTime":654.69,"body":"difficult in regards to people"},{"speaker":"Robby Peralta","startTime":654.87,"endTime":655.77,"body":"explain that a little more."},{"speaker":"Anton Chuvakin","startTime":656.639,"endTime":661.439,"body":"So, I would say"},{"speaker":"Anton Chuvakin","startTime":656.639,"endTime":661.439,"body":"that, this, this blog post, why"},{"speaker":"Anton Chuvakin","startTime":661.439,"endTime":664.349,"body":"detection is hard, was kind of"},{"speaker":"Anton Chuvakin","startTime":661.439,"endTime":664.349,"body":"born out of me trying to put"},{"speaker":"Anton Chuvakin","startTime":664.349,"endTime":667.379,"body":"together a slide for a different"},{"speaker":"Anton Chuvakin","startTime":664.349,"endTime":667.379,"body":"presentation, about detection as"},{"speaker":"Anton Chuvakin","startTime":667.379,"endTime":670.799,"body":"well. And again, I thought,"},{"speaker":"Anton Chuvakin","startTime":667.379,"endTime":670.799,"body":"actually, why is it so hard? Why"},{"speaker":"Anton Chuvakin","startTime":670.829,"endTime":673.949,"body":"Why are Why are we facing so"},{"speaker":"Anton Chuvakin","startTime":670.829,"endTime":673.949,"body":"many years of like, challenges,"},{"speaker":"Anton Chuvakin","startTime":673.949,"endTime":678.719,"body":"and debating, and all that, and"},{"speaker":"Anton Chuvakin","startTime":673.949,"endTime":678.719,"body":"so on, it also reminded me of a"},{"speaker":"Anton Chuvakin","startTime":678.719,"endTime":681.239,"body":"blog post I've written in my"},{"speaker":"Anton Chuvakin","startTime":678.719,"endTime":681.239,"body":"garden, the days in my early"},{"speaker":"Anton Chuvakin","startTime":681.239,"endTime":685.979,"body":"gardener days, which was titled"},{"speaker":"Anton Chuvakin","startTime":681.239,"endTime":685.979,"body":"something like, why organization"},{"speaker":"Anton Chuvakin","startTime":685.979,"endTime":689.189,"body":"like buying security boxes, or"},{"speaker":"Anton Chuvakin","startTime":685.979,"endTime":689.189,"body":"something like why people like"},{"speaker":"Anton Chuvakin","startTime":689.219,"endTime":694.379,"body":"to buy boxes, appliances. And"},{"speaker":"Anton Chuvakin","startTime":689.219,"endTime":694.379,"body":"the point is that enough"},{"speaker":"Anton Chuvakin","startTime":694.379,"endTime":697.919,"body":"organizations today kind of"},{"speaker":"Anton Chuvakin","startTime":694.379,"endTime":697.919,"body":"still see security as we need to"},{"speaker":"Anton Chuvakin","startTime":697.919,"endTime":702.839,"body":"buy security to. And obviously,"},{"speaker":"Anton Chuvakin","startTime":697.919,"endTime":702.839,"body":"people who are enlightened, and"},{"speaker":"Anton Chuvakin","startTime":702.839,"endTime":705.449,"body":"people who vote for you know,"},{"speaker":"Anton Chuvakin","startTime":702.839,"endTime":705.449,"body":"managed service providers would"},{"speaker":"Anton Chuvakin","startTime":705.449,"endTime":709.949,"body":"kind of laugh at that. But that"},{"speaker":"Anton Chuvakin","startTime":705.449,"endTime":709.949,"body":"was true. Many years ago, that"},{"speaker":"Anton Chuvakin","startTime":709.949,"endTime":713.819,"body":"was true when I wrote the blog"},{"speaker":"Anton Chuvakin","startTime":709.949,"endTime":713.819,"body":"post around 2012. And, frankly,"},{"speaker":"Anton Chuvakin","startTime":713.819,"endTime":717.479,"body":"it's still true now, at many"},{"speaker":"Anton Chuvakin","startTime":713.819,"endTime":717.479,"body":"organizations, where they say,"},{"speaker":"Anton Chuvakin","startTime":717.659,"endTime":720.749,"body":"Hey, we have this security"},{"speaker":"Anton Chuvakin","startTime":717.659,"endTime":720.749,"body":"monitoring problem, we should"},{"speaker":"Anton Chuvakin","startTime":720.749,"endTime":726.509,"body":"buy security monitoring tool."},{"speaker":"Anton Chuvakin","startTime":720.749,"endTime":726.509,"body":"And so the fact that monetary"},{"speaker":"Anton Chuvakin","startTime":726.509,"endTime":729.689,"body":"signals or detection signals"},{"speaker":"Anton Chuvakin","startTime":726.509,"endTime":729.689,"body":"would go to some kind of a human"},{"speaker":"Anton Chuvakin","startTime":729.689,"endTime":732.479,"body":"and that human has to make a"},{"speaker":"Anton Chuvakin","startTime":729.689,"endTime":732.479,"body":"call, and has to do something"},{"speaker":"Anton Chuvakin","startTime":732.479,"endTime":735.299,"body":"has to investigators to call"},{"speaker":"Anton Chuvakin","startTime":732.479,"endTime":735.299,"body":"somebody possibly do offline"},{"speaker":"Anton Chuvakin","startTime":735.329,"endTime":741.119,"body":"tasks, kind of slips from their"},{"speaker":"Anton Chuvakin","startTime":735.329,"endTime":741.119,"body":"minds, like they are not really,"},{"speaker":"Anton Chuvakin","startTime":741.389,"endTime":744.299,"body":"I mean, I can't say they're not"},{"speaker":"Anton Chuvakin","startTime":741.389,"endTime":744.299,"body":"aware of it, they're sort of not"},{"speaker":"Anton Chuvakin","startTime":744.299,"endTime":748.169,"body":"focusing on that. So they sort"},{"speaker":"Anton Chuvakin","startTime":744.299,"endTime":748.169,"body":"of assume that detection is kind"},{"speaker":"Anton Chuvakin","startTime":748.169,"endTime":751.889,"body":"of a binary detection tool"},{"speaker":"Anton Chuvakin","startTime":748.169,"endTime":751.889,"body":"problem. And that's what ruins"},{"speaker":"Anton Chuvakin","startTime":751.889,"endTime":755.279,"body":"this for now, because it's not,"},{"speaker":"Anton Chuvakin","startTime":751.889,"endTime":755.279,"body":"ultimately detection is"},{"speaker":"Anton Chuvakin","startTime":755.729,"endTime":760.229,"body":"uncovering something that is"},{"speaker":"Anton Chuvakin","startTime":755.729,"endTime":760.229,"body":"trying to hide. And it's not"},{"speaker":"Anton Chuvakin","startTime":760.229,"endTime":764.219,"body":"really about buying a better"},{"speaker":"Anton Chuvakin","startTime":760.229,"endTime":764.219,"body":"tool, it's kind of by supporting"},{"speaker":"Anton Chuvakin","startTime":764.219,"endTime":767.609,"body":"the detection personnel in the"},{"speaker":"Anton Chuvakin","startTime":764.219,"endTime":767.609,"body":"right way well, with tools to So"},{"speaker":"Anton Chuvakin","startTime":767.609,"endTime":771.779,"body":"to me, this is surprisingly"},{"speaker":"Anton Chuvakin","startTime":767.609,"endTime":771.779,"body":"hard, because you think that in"},{"speaker":"Anton Chuvakin","startTime":771.779,"endTime":778.889,"body":"25 years, all security leaders"},{"speaker":"Anton Chuvakin","startTime":771.779,"endTime":778.889,"body":"will kind of know it. But my off"},{"speaker":"Anton Chuvakin","startTime":778.889,"endTime":782.789,"body":"the record explanation here is"},{"speaker":"Anton Chuvakin","startTime":778.889,"endTime":782.789,"body":"that enough people become"},{"speaker":"Anton Chuvakin","startTime":782.789,"endTime":788.039,"body":"security leaders after being IT"},{"speaker":"Anton Chuvakin","startTime":782.789,"endTime":788.039,"body":"leaders, rather than by going"},{"speaker":"Anton Chuvakin","startTime":788.039,"endTime":792.779,"body":"through a career in security,"},{"speaker":"Anton Chuvakin","startTime":788.039,"endTime":792.779,"body":"maybe, and they bring that type"},{"speaker":"Anton Chuvakin","startTime":792.779,"endTime":797.579,"body":"of IT operations thinking into"},{"speaker":"Anton Chuvakin","startTime":792.779,"endTime":797.579,"body":"security. And they say, Oh,"},{"speaker":"Anton Chuvakin","startTime":797.579,"endTime":799.739,"body":"well, we need network"},{"speaker":"Anton Chuvakin","startTime":797.579,"endTime":799.739,"body":"management, we're going to find"},{"speaker":"Anton Chuvakin","startTime":799.739,"endTime":802.469,"body":"different management tool, we"},{"speaker":"Anton Chuvakin","startTime":799.739,"endTime":802.469,"body":"need this, we're going to buy a"},{"speaker":"Anton Chuvakin","startTime":802.469,"endTime":805.049,"body":"tool, we need threat detection,"},{"speaker":"Anton Chuvakin","startTime":802.469,"endTime":805.049,"body":"we're going to buy a threat"},{"speaker":"Anton Chuvakin","startTime":805.049,"endTime":808.049,"body":"detection tool, but that's"},{"speaker":"Anton Chuvakin","startTime":805.049,"endTime":808.049,"body":"what's throwing this way. So"},{"speaker":"Anton Chuvakin","startTime":808.049,"endTime":811.139,"body":"this is why one of the I think"},{"speaker":"Anton Chuvakin","startTime":808.049,"endTime":811.139,"body":"it's a number two challenge I"},{"speaker":"Anton Chuvakin","startTime":811.139,"endTime":815.519,"body":"listed is that this is still"},{"speaker":"Anton Chuvakin","startTime":811.139,"endTime":815.519,"body":"isn't quite appreciated by"},{"speaker":"Anton Chuvakin","startTime":815.519,"endTime":817.979,"body":"enough of the mainstream"},{"speaker":"Anton Chuvakin","startTime":815.519,"endTime":817.979,"body":"companies. So again, don't get"},{"speaker":"Anton Chuvakin","startTime":817.979,"endTime":821.339,"body":"me wrong, anybody anywhere near"},{"speaker":"Anton Chuvakin","startTime":817.979,"endTime":821.339,"body":"enlightened, I don't know, top"},{"speaker":"Anton Chuvakin","startTime":821.339,"endTime":825.659,"body":"10% of the pyramid top 30% the"},{"speaker":"Anton Chuvakin","startTime":821.339,"endTime":825.659,"body":"pyramid totally get for years."},{"speaker":"Anton Chuvakin","startTime":825.869,"endTime":829.199,"body":"But then you start looking at"},{"speaker":"Anton Chuvakin","startTime":825.869,"endTime":829.199,"body":"more mainstream companies. And"},{"speaker":"Anton Chuvakin","startTime":829.199,"endTime":832.769,"body":"it's still like, our detection."},{"speaker":"Anton Chuvakin","startTime":829.199,"endTime":832.769,"body":"Yeah, which is going to buy a"},{"speaker":"Anton Chuvakin","startTime":832.769,"endTime":835.619,"body":"detection tool we hear UVA is a"},{"speaker":"Anton Chuvakin","startTime":832.769,"endTime":835.619,"body":"good idea, they use machine"},{"speaker":"Anton Chuvakin","startTime":835.619,"endTime":838.799,"body":"learning, but it doesn't change"},{"speaker":"Anton Chuvakin","startTime":835.619,"endTime":838.799,"body":"the equation, it still makes"},{"speaker":"Anton Chuvakin","startTime":838.799,"endTime":842.369,"body":"signals signals just still have"},{"speaker":"Anton Chuvakin","startTime":838.799,"endTime":842.369,"body":"to go to humans. Hmm. And then"},{"speaker":"Anton Chuvakin","startTime":842.369,"endTime":845.759,"body":"the other challenge I noticed in"},{"speaker":"Anton Chuvakin","startTime":842.369,"endTime":845.759,"body":"this post is that in a lot of"},{"speaker":"Anton Chuvakin","startTime":845.759,"endTime":849.869,"body":"cases that terrain or there be"},{"speaker":"Anton Chuvakin","startTime":845.759,"endTime":849.869,"body":"the domain where we are the the"},{"speaker":"Anton Chuvakin","startTime":850.409,"endTime":855.059,"body":"IT infrastructure of a company"},{"speaker":"Anton Chuvakin","startTime":850.409,"endTime":855.059,"body":"is so messy is so unorganized"},{"speaker":"Anton Chuvakin","startTime":855.059,"endTime":859.529,"body":"ever changing layers of stuff"},{"speaker":"Anton Chuvakin","startTime":855.059,"endTime":859.529,"body":"from like mainframes to IoT"},{"speaker":"Anton Chuvakin","startTime":859.619,"endTime":864.329,"body":"piled on top that it's actually"},{"speaker":"Anton Chuvakin","startTime":859.619,"endTime":864.329,"body":"a really good place to hide, but"},{"speaker":"Anton Chuvakin","startTime":864.329,"endTime":868.409,"body":"it's a really bad place to seek"},{"speaker":"Anton Chuvakin","startTime":864.329,"endTime":868.409,"body":"sorry to use the kind of hide"},{"speaker":"Anton Chuvakin","startTime":868.409,"endTime":872.099,"body":"and seek metaphor here. So if"},{"speaker":"Anton Chuvakin","startTime":868.409,"endTime":872.099,"body":"you have you know, think of some"},{"speaker":"Anton Chuvakin","startTime":872.099,"endTime":875.039,"body":"kind of a, you know, post"},{"speaker":"Anton Chuvakin","startTime":872.099,"endTime":875.039,"body":"apocalyptic movie where there's"},{"speaker":"Anton Chuvakin","startTime":875.039,"endTime":878.999,"body":"like a abandoned factories like"},{"speaker":"Anton Chuvakin","startTime":875.039,"endTime":878.999,"body":"perfect cows, things, you know,"},{"speaker":"Anton Chuvakin","startTime":879.179,"endTime":882.899,"body":"you can hide there, but a lot of"},{"speaker":"Anton Chuvakin","startTime":879.179,"endTime":882.899,"body":"it environments to me remind me"},{"speaker":"Anton Chuvakin","startTime":882.899,"endTime":885.209,"body":"of that type of a post"},{"speaker":"Anton Chuvakin","startTime":882.899,"endTime":885.209,"body":"apocalyptic factory scene from"},{"speaker":"Anton Chuvakin","startTime":885.209,"endTime":887.759,"body":"some movie, a lot of stuff is"},{"speaker":"Anton Chuvakin","startTime":885.209,"endTime":887.759,"body":"broken, all the stuff is like"},{"speaker":"Anton Chuvakin","startTime":887.759,"endTime":891.869,"body":"propped by pull, something's"},{"speaker":"Anton Chuvakin","startTime":887.759,"endTime":891.869,"body":"wrong, something doesn't either"},{"speaker":"Anton Chuvakin","startTime":891.869,"endTime":896.369,"body":"some new shiny stuff left over,"},{"speaker":"Anton Chuvakin","startTime":891.869,"endTime":896.369,"body":"and it's just not a very good"},{"speaker":"Anton Chuvakin","startTime":896.369,"endTime":901.259,"body":"place to hide to look for an"},{"speaker":"Anton Chuvakin","startTime":896.369,"endTime":901.259,"body":"attacker and It made me mad,"},{"speaker":"Anton Chuvakin","startTime":901.259,"endTime":904.589,"body":"maybe my metaphor suck. But the"},{"speaker":"Anton Chuvakin","startTime":901.259,"endTime":904.589,"body":"point is, it is there it killed"},{"speaker":"Anton Chuvakin","startTime":904.589,"endTime":907.859,"body":"you can make places. And to find"},{"speaker":"Anton Chuvakin","startTime":904.589,"endTime":907.859,"body":"the company with a universally"},{"speaker":"Anton Chuvakin","startTime":907.859,"endTime":911.279,"body":"modern it is fairly rare. I"},{"speaker":"Anton Chuvakin","startTime":907.859,"endTime":911.279,"body":"mean, sure it companies that"},{"speaker":"Anton Chuvakin","startTime":911.309,"endTime":915.209,"body":"were born five years ago and"},{"speaker":"Anton Chuvakin","startTime":911.309,"endTime":915.209,"body":"grew quickly, they may have"},{"speaker":"Anton Chuvakin","startTime":915.359,"endTime":919.559,"body":"modernized it. But as somebody"},{"speaker":"Anton Chuvakin","startTime":915.359,"endTime":919.559,"body":"rightly pointed out, in a"},{"speaker":"Anton Chuvakin","startTime":919.559,"endTime":923.159,"body":"Twitter discussion, there is the"},{"speaker":"Anton Chuvakin","startTime":919.559,"endTime":923.159,"body":"technical depth of all stuff."},{"speaker":"Anton Chuvakin","startTime":923.279,"endTime":925.769,"body":"But there's also technical depth"},{"speaker":"Anton Chuvakin","startTime":923.279,"endTime":925.769,"body":"from new stuff being done"},{"speaker":"Anton Chuvakin","startTime":925.769,"endTime":928.349,"body":"without much thinking. So"},{"speaker":"Anton Chuvakin","startTime":925.769,"endTime":928.349,"body":"sometimes if you look at a"},{"speaker":"Anton Chuvakin","startTime":928.349,"endTime":932.219,"body":"modern company that grew"},{"speaker":"Anton Chuvakin","startTime":928.349,"endTime":932.219,"body":"quickly, they also have chaotic"},{"speaker":"Anton Chuvakin","startTime":932.219,"endTime":935.819,"body":"it, not because it's legacy, but"},{"speaker":"Anton Chuvakin","startTime":932.219,"endTime":935.819,"body":"because it was done quickly"},{"speaker":"Anton Chuvakin","startTime":935.819,"endTime":939.989,"body":"without much thinking even by"},{"speaker":"Anton Chuvakin","startTime":935.819,"endTime":939.989,"body":"the top notch people. So but"},{"speaker":"Anton Chuvakin","startTime":939.989,"endTime":943.829,"body":"seen an environment which is"},{"speaker":"Anton Chuvakin","startTime":939.989,"endTime":943.829,"body":"very organized, predictable,"},{"speaker":"Anton Chuvakin","startTime":943.829,"endTime":948.089,"body":"well managed modern, no legacy"},{"speaker":"Anton Chuvakin","startTime":943.829,"endTime":948.089,"body":"stuff. Sure. detection, there is"},{"speaker":"Anton Chuvakin","startTime":948.089,"endTime":951.989,"body":"easy. But how many of those do"},{"speaker":"Anton Chuvakin","startTime":948.089,"endTime":951.989,"body":"they know? Very little? Yeah,"},{"speaker":"Anton Chuvakin","startTime":952.229,"endTime":955.679,"body":"yeah, that's so that's a lot."},{"speaker":"Anton Chuvakin","startTime":952.229,"endTime":955.679,"body":"You know, a little that's a lot,"},{"speaker":"Robby Peralta","startTime":956.44,"endTime":958.18,"body":"Some of the"},{"speaker":"Robby Peralta","startTime":956.44,"endTime":958.18,"body":"things you mentioned in that, in"},{"speaker":"Robby Peralta","startTime":958.18,"endTime":960.22,"body":"that article, data and triage."},{"speaker":"Anton Chuvakin","startTime":960.929,"endTime":964.259,"body":"Data side is"},{"speaker":"Anton Chuvakin","startTime":960.929,"endTime":964.259,"body":"kind of more obvious. You"},{"speaker":"Anton Chuvakin","startTime":964.259,"endTime":966.269,"body":"mentioned for example,"},{"speaker":"Anton Chuvakin","startTime":964.259,"endTime":966.269,"body":"fascination with network"},{"speaker":"Anton Chuvakin","startTime":966.269,"endTime":968.999,"body":"monitoring and fascination with"},{"speaker":"Anton Chuvakin","startTime":966.269,"endTime":968.999,"body":"logs fascination with endpoint."},{"speaker":"Anton Chuvakin","startTime":969.269,"endTime":973.499,"body":"So I'm, I've built a model"},{"speaker":"Anton Chuvakin","startTime":969.269,"endTime":973.499,"body":"around 2015, I build a model"},{"speaker":"Anton Chuvakin","startTime":973.499,"endTime":976.019,"body":"that I called soft nuclear"},{"speaker":"Anton Chuvakin","startTime":973.499,"endTime":976.019,"body":"triad. And that later became"},{"speaker":"Anton Chuvakin","startTime":976.019,"endTime":979.979,"body":"kind of soft visibility triad."},{"speaker":"Anton Chuvakin","startTime":976.019,"endTime":979.979,"body":"And I kind of said, Hey, today,"},{"speaker":"Anton Chuvakin","startTime":979.979,"endTime":983.759,"body":"you probably need endpoint"},{"speaker":"Anton Chuvakin","startTime":979.979,"endTime":983.759,"body":"network and logs to have a good"},{"speaker":"Anton Chuvakin","startTime":983.759,"endTime":989.159,"body":"to have good coverage. And sure,"},{"speaker":"Anton Chuvakin","startTime":983.759,"endTime":989.159,"body":"they were years where NSM, or"},{"speaker":"Anton Chuvakin","startTime":989.159,"endTime":991.889,"body":"network monitoring or packet"},{"speaker":"Anton Chuvakin","startTime":989.159,"endTime":991.889,"body":"capture or flow capture was"},{"speaker":"Anton Chuvakin","startTime":991.889,"endTime":995.579,"body":"like, really the top top stuff,"},{"speaker":"Anton Chuvakin","startTime":991.889,"endTime":995.579,"body":"I don't know, a long time ago."},{"speaker":"Anton Chuvakin","startTime":996.029,"endTime":1000.259,"body":"And then of course, there was a"},{"speaker":"Anton Chuvakin","startTime":996.029,"endTime":1000.259,"body":"dearth of EDR 2015? Well, I kind"},{"speaker":"Anton Chuvakin","startTime":1000.259,"endTime":1003.949,"body":"of think that that the term so I"},{"speaker":"Anton Chuvakin","startTime":1000.259,"endTime":1003.949,"body":"know that that date, wow. And"},{"speaker":"Anton Chuvakin","startTime":1003.949,"endTime":1008.389,"body":"the force, there was a login"},{"speaker":"Anton Chuvakin","startTime":1003.949,"endTime":1008.389,"body":"login era before and after that,"},{"speaker":"Anton Chuvakin","startTime":1008.479,"endTime":1010.399,"body":"when people said, Hey, I'm going"},{"speaker":"Anton Chuvakin","startTime":1008.479,"endTime":1010.399,"body":"to buy a sale, I'm going to"},{"speaker":"Anton Chuvakin","startTime":1010.399,"endTime":1015.079,"body":"follow the logs in there, and I"},{"speaker":"Anton Chuvakin","startTime":1010.399,"endTime":1015.079,"body":"got it. But you don't really get"},{"speaker":"Anton Chuvakin","startTime":1015.079,"endTime":1017.719,"body":"it in this case, you sort of"},{"speaker":"Anton Chuvakin","startTime":1015.079,"endTime":1017.719,"body":"have to still look at traffic,"},{"speaker":"Anton Chuvakin","startTime":1017.719,"endTime":1020.629,"body":"you still have to look at the"},{"speaker":"Anton Chuvakin","startTime":1017.719,"endTime":1020.629,"body":"endpoint to have good coverage."},{"speaker":"Anton Chuvakin","startTime":1020.839,"endTime":1025.579,"body":"So to me, the reason I kind of"},{"speaker":"Anton Chuvakin","startTime":1020.839,"endTime":1025.579,"body":"pointed out data is that people"},{"speaker":"Anton Chuvakin","startTime":1025.579,"endTime":1028.099,"body":"would have limited data sources,"},{"speaker":"Anton Chuvakin","startTime":1025.579,"endTime":1028.099,"body":"and then it tried to do a good"},{"speaker":"Anton Chuvakin","startTime":1028.099,"endTime":1032.119,"body":"job with detection. And they can"},{"speaker":"Anton Chuvakin","startTime":1028.099,"endTime":1032.119,"body":"do the best possible job with"},{"speaker":"Anton Chuvakin","startTime":1032.119,"endTime":1035.089,"body":"detection. Given the data that"},{"speaker":"Anton Chuvakin","startTime":1032.119,"endTime":1035.089,"body":"they have, they may or may not"},{"speaker":"Anton Chuvakin","startTime":1035.089,"endTime":1039.979,"body":"succeed, and to truly have a"},{"speaker":"Anton Chuvakin","startTime":1035.089,"endTime":1039.979,"body":"high visibility or how it's"},{"speaker":"Anton Chuvakin","startTime":1039.979,"endTime":1042.259,"body":"trained to to say now"},{"speaker":"Anton Chuvakin","startTime":1039.979,"endTime":1042.259,"body":"observability in your"},{"speaker":"Anton Chuvakin","startTime":1042.259,"endTime":1044.929,"body":"environment, you do need"},{"speaker":"Anton Chuvakin","startTime":1042.259,"endTime":1044.929,"body":"application level stuff in your"},{"speaker":"Anton Chuvakin","startTime":1044.959,"endTime":1048.259,"body":"network and union endpoint, you"},{"speaker":"Anton Chuvakin","startTime":1044.959,"endTime":1048.259,"body":"need logs for sure. And then"},{"speaker":"Anton Chuvakin","startTime":1048.259,"endTime":1052.429,"body":"maybe you get together here the"},{"speaker":"Anton Chuvakin","startTime":1048.259,"endTime":1052.429,"body":"picture. That's why I mentioned"},{"speaker":"Anton Chuvakin","startTime":1052.429,"endTime":1056.299,"body":"data and triage is, is connected"},{"speaker":"Anton Chuvakin","startTime":1052.429,"endTime":1056.299,"body":"to the other point you probably"},{"speaker":"Anton Chuvakin","startTime":1056.299,"endTime":1059.179,"body":"want to make about the"},{"speaker":"Anton Chuvakin","startTime":1056.299,"endTime":1059.179,"body":"uncertainty and intent, many of"},{"speaker":"Anton Chuvakin","startTime":1059.179,"endTime":1062.479,"body":"the detection signals all the"},{"speaker":"Anton Chuvakin","startTime":1059.179,"endTime":1062.479,"body":"way back to traditional"},{"speaker":"Anton Chuvakin","startTime":1062.509,"endTime":1067.069,"body":"signature IDs, alerts to sim to"},{"speaker":"Anton Chuvakin","startTime":1062.509,"endTime":1067.069,"body":"modern machine learning based"},{"speaker":"Anton Chuvakin","startTime":1067.459,"endTime":1072.619,"body":"algorithms for detection. They"},{"speaker":"Anton Chuvakin","startTime":1067.459,"endTime":1072.619,"body":"give you an alert or a signal of"},{"speaker":"Anton Chuvakin","startTime":1072.619,"endTime":1076.639,"body":"different level of confidence or"},{"speaker":"Anton Chuvakin","startTime":1072.619,"endTime":1076.639,"body":"different levels of certainty."},{"speaker":"Anton Chuvakin","startTime":1077.059,"endTime":1080.479,"body":"And you know, who gets to decide"},{"speaker":"Anton Chuvakin","startTime":1077.059,"endTime":1080.479,"body":"what it means? Well, guess who a"},{"speaker":"Anton Chuvakin","startTime":1080.479,"endTime":1084.349,"body":"human again. So it's kind of"},{"speaker":"Anton Chuvakin","startTime":1080.479,"endTime":1084.349,"body":"cycles back to people, right?"},{"speaker":"Anton Chuvakin","startTime":1085.099,"endTime":1089.119,"body":"Sure, you may have supported"},{"speaker":"Anton Chuvakin","startTime":1085.099,"endTime":1089.119,"body":"tools for, say orchestration"},{"speaker":"Anton Chuvakin","startTime":1089.119,"endTime":1092.329,"body":"tools can go pull more source of"},{"speaker":"Anton Chuvakin","startTime":1089.119,"endTime":1092.329,"body":"data, hit query, the attack"},{"speaker":"Anton Chuvakin","startTime":1092.329,"endTime":1096.439,"body":"destination, can query threat"},{"speaker":"Anton Chuvakin","startTime":1092.329,"endTime":1096.439,"body":"Intel sources, and you would get"},{"speaker":"Anton Chuvakin","startTime":1096.439,"endTime":1101.269,"body":"a better picture. But you still"},{"speaker":"Anton Chuvakin","startTime":1096.439,"endTime":1101.269,"body":"need to kind of figure out what"},{"speaker":"Anton Chuvakin","startTime":1101.269,"endTime":1104.989,"body":"the picture tells you. Right?"},{"speaker":"Anton Chuvakin","startTime":1101.269,"endTime":1104.989,"body":"And so that alert triage,"},{"speaker":"Anton Chuvakin","startTime":1104.989,"endTime":1108.859,"body":"confirming alerts is also very"},{"speaker":"Anton Chuvakin","startTime":1104.989,"endTime":1108.859,"body":"often a challenge with people."},{"speaker":"Anton Chuvakin","startTime":1109.579,"endTime":1112.099,"body":"For a good number of years, I've"},{"speaker":"Anton Chuvakin","startTime":1109.579,"endTime":1112.099,"body":"been trying to create kind of a"},{"speaker":"Anton Chuvakin","startTime":1112.099,"endTime":1114.979,"body":"generic playbook for your"},{"speaker":"Anton Chuvakin","startTime":1112.099,"endTime":1114.979,"body":"triage, like how do you change"},{"speaker":"Anton Chuvakin","startTime":1114.979,"endTime":1118.639,"body":"it or as well, and frankly, it's"},{"speaker":"Anton Chuvakin","startTime":1114.979,"endTime":1118.639,"body":"not an easy task, it's probably"},{"speaker":"Anton Chuvakin","startTime":1118.639,"endTime":1123.169,"body":"a completely pointless task."},{"speaker":"Anton Chuvakin","startTime":1118.639,"endTime":1123.169,"body":"Because a lot of geography does"},{"speaker":"Anton Chuvakin","startTime":1123.169,"endTime":1128.179,"body":"vary by company, like you see an"},{"speaker":"Anton Chuvakin","startTime":1123.169,"endTime":1128.179,"body":"alert, you call somebody in it"},{"speaker":"Anton Chuvakin","startTime":1128.179,"endTime":1132.169,"body":"ops and say, Is this your system"},{"speaker":"Anton Chuvakin","startTime":1128.179,"endTime":1132.169,"body":"that's doing it? Like, you're"},{"speaker":"Anton Chuvakin","startTime":1132.169,"endTime":1134.689,"body":"doing triage, but you're doing"},{"speaker":"Anton Chuvakin","startTime":1132.169,"endTime":1134.689,"body":"triage, but calling the person"},{"speaker":"Anton Chuvakin","startTime":1134.689,"endTime":1137.539,"body":"who you know, who owns the"},{"speaker":"Anton Chuvakin","startTime":1134.689,"endTime":1137.539,"body":"system and who you know, is"},{"speaker":"Anton Chuvakin","startTime":1137.539,"endTime":1141.709,"body":"knowledgeable? Hmm, how do you"},{"speaker":"Anton Chuvakin","startTime":1137.539,"endTime":1141.709,"body":"playbook it? How do you stick in"},{"speaker":"Anton Chuvakin","startTime":1141.709,"endTime":1145.459,"body":"Atlanta who can say called john,"},{"speaker":"Anton Chuvakin","startTime":1141.709,"endTime":1145.459,"body":"on the third floor, he knows,"},{"speaker":"Anton Chuvakin","startTime":1145.639,"endTime":1149.239,"body":"like, that's very hard. But if I"},{"speaker":"Anton Chuvakin","startTime":1145.639,"endTime":1149.239,"body":"do what I just did, maybe my"},{"speaker":"Anton Chuvakin","startTime":1149.239,"endTime":1151.819,"body":"triage activities will take five"},{"speaker":"Anton Chuvakin","startTime":1149.239,"endTime":1151.819,"body":"minutes. But if I don't have the"},{"speaker":"Anton Chuvakin","startTime":1151.819,"endTime":1155.539,"body":"junk to call, maybe I spent two"},{"speaker":"Anton Chuvakin","startTime":1151.819,"endTime":1155.539,"body":"hours to get it out. So a lot of"},{"speaker":"Anton Chuvakin","startTime":1155.539,"endTime":1160.489,"body":"is hard to formalize. And it's"},{"speaker":"Anton Chuvakin","startTime":1155.539,"endTime":1160.489,"body":"so hard to then improve. Now,"},{"speaker":"Anton Chuvakin","startTime":1160.759,"endTime":1164.929,"body":"I've seen companies that really"},{"speaker":"Anton Chuvakin","startTime":1160.759,"endTime":1164.929,"body":"well organized activities, some"},{"speaker":"Anton Chuvakin","startTime":1164.929,"endTime":1169.729,"body":"of them are very rigid, I think"},{"speaker":"Anton Chuvakin","startTime":1164.929,"endTime":1169.729,"body":"60 - 70 Visio diagrams thi"},{"speaker":"Anton Chuvakin","startTime":1169.909,"endTime":1173.029,"body":"k, massive implementation"},{"speaker":"Anton Chuvakin","startTime":1169.909,"endTime":1173.029,"body":"of security orchestration too"},{"speaker":"Anton Chuvakin","startTime":1173.209,"endTime":1176.059,"body":"s, with lots of playbooks."},{"speaker":"Anton Chuvakin","startTime":1173.209,"endTime":1176.059,"body":"ut frankly, they're kind of"},{"speaker":"Anton Chuvakin","startTime":1176.059,"endTime":1181.339,"body":"an exception, right? Go"},{"speaker":"Anton Chuvakin","startTime":1176.059,"endTime":1181.339,"body":"d, predictable, while Good, go"},{"speaker":"Anton Chuvakin","startTime":1181.339,"endTime":1183.739,"body":"d, predictable and effecti"},{"speaker":"Anton Chuvakin","startTime":1181.339,"endTime":1183.739,"body":"e. Alert. triage is also"},{"speaker":"Anton Chuvakin","startTime":1183.739,"endTime":1187.789,"body":"ot common. But if you don't conf"},{"speaker":"Anton Chuvakin","startTime":1183.739,"endTime":1187.789,"body":"rm the signals, your detection"},{"speaker":"Anton Chuvakin","startTime":1187.789,"endTime":1190.849,"body":"is no good. Yeah, again, sor"},{"speaker":"Anton Chuvakin","startTime":1187.789,"endTime":1190.849,"body":"y. Sorry for the rant. I gues"},{"speaker":"Anton Chuvakin","startTime":1190.849,"endTime":1194.089,"body":"I can talk about this for ho"},{"speaker":"Anton Chuvakin","startTime":1190.849,"endTime":1194.089,"body":"rs because it's been kind of"},{"speaker":"Anton Chuvakin","startTime":1194.089,"endTime":1195.379,"body":"my long, long term fascinati"},{"speaker":"Robby Peralta","startTime":1195.47,"endTime":1197.39,"body":"That is why"},{"speaker":"Robby Peralta","startTime":1195.47,"endTime":1197.39,"body":"you're here. You're here to read"},{"speaker":"Robby Peralta","startTime":1197.66,"endTime":1200.6,"body":"exactly why I wanted you on"},{"speaker":"Robby Peralta","startTime":1197.66,"endTime":1200.6,"body":"here. What do you have I mean,"},{"speaker":"Robby Peralta","startTime":1200.63,"endTime":1205.01,"body":"now you just mentioned, you"},{"speaker":"Robby Peralta","startTime":1200.63,"endTime":1205.01,"body":"know, EDR sort of sore. And you"},{"speaker":"Robby Peralta","startTime":1205.01,"endTime":1207.8,"body":"know, cm in my mind that's kind"},{"speaker":"Robby Peralta","startTime":1205.01,"endTime":1207.8,"body":"of like all these things fit"},{"speaker":"Robby Peralta","startTime":1207.8,"endTime":1212.84,"body":"into cm. What is like? What's,"},{"speaker":"Robby Peralta","startTime":1207.8,"endTime":1212.84,"body":"you know? Where is where's sore?"},{"speaker":"Robby Peralta","startTime":1212.84,"endTime":1215.54,"body":"And cm and EDR? Is it this?"},{"speaker":"Robby Peralta","startTime":1212.84,"endTime":1215.54,"body":"Where is where are we today?"},{"speaker":"Robby Peralta","startTime":1215.57,"endTime":1215.96,"body":"Now?"},{"speaker":"Anton Chuvakin","startTime":1216.38,"endTime":1217.7,"body":"So that's"},{"speaker":"Anton Chuvakin","startTime":1216.38,"endTime":1217.7,"body":"actually a good question."},{"speaker":"Anton Chuvakin","startTime":1217.7,"endTime":1224.96,"body":"Because let's first time travel"},{"speaker":"Anton Chuvakin","startTime":1217.7,"endTime":1224.96,"body":"to. And I think 2012. And this"},{"speaker":"Anton Chuvakin","startTime":1224.96,"endTime":1229.4,"body":"would be like the heyday of sim"},{"speaker":"Anton Chuvakin","startTime":1224.96,"endTime":1229.4,"body":"as same as an attempted single"},{"speaker":"Anton Chuvakin","startTime":1229.4,"endTime":1231.8,"body":"pane of glass. Like, if you want"},{"speaker":"Anton Chuvakin","startTime":1229.4,"endTime":1231.8,"body":"to have a single pane of glass,"},{"speaker":"Anton Chuvakin","startTime":1231.8,"endTime":1234.17,"body":"if you're willing to try for it."},{"speaker":"Anton Chuvakin","startTime":1231.8,"endTime":1234.17,"body":"Whether you succeed or not"},{"speaker":"Anton Chuvakin","startTime":1234.17,"endTime":1239.3,"body":"separate story, you're doing"},{"speaker":"Anton Chuvakin","startTime":1234.17,"endTime":1239.3,"body":"sim? Hmm, ah, I would say today,"},{"speaker":"Anton Chuvakin","startTime":1239.33,"endTime":1243.74,"body":"I've noticed people with"},{"speaker":"Anton Chuvakin","startTime":1239.33,"endTime":1243.74,"body":"security operation centers where"},{"speaker":"Anton Chuvakin","startTime":1243.74,"endTime":1248.84,"body":"their main tool is a sore, which"},{"speaker":"Anton Chuvakin","startTime":1243.74,"endTime":1248.84,"body":"then queries a SIM, or log"},{"speaker":"Anton Chuvakin","startTime":1248.84,"endTime":1253.07,"body":"management repository. I've seen"},{"speaker":"Anton Chuvakin","startTime":1248.84,"endTime":1253.07,"body":"operation centers security"},{"speaker":"Anton Chuvakin","startTime":1253.07,"endTime":1256.94,"body":"operation centers with EDR are"},{"speaker":"Anton Chuvakin","startTime":1253.07,"endTime":1256.94,"body":"they sometimes we'll call it x"},{"speaker":"Anton Chuvakin","startTime":1256.94,"endTime":1261.71,"body":"dr to kind of show an expanded"},{"speaker":"Anton Chuvakin","startTime":1256.94,"endTime":1261.71,"body":"mandate from it from EDR, where"},{"speaker":"Anton Chuvakin","startTime":1261.71,"endTime":1266.12,"body":"the EDR is the central console."},{"speaker":"Anton Chuvakin","startTime":1261.71,"endTime":1266.12,"body":"Why say a sim or log storage is"},{"speaker":"Anton Chuvakin","startTime":1266.12,"endTime":1271.19,"body":"the exhilarate. So there is a"},{"speaker":"Anton Chuvakin","startTime":1266.12,"endTime":1271.19,"body":"bit more, a bit more fuzziness."},{"speaker":"Anton Chuvakin","startTime":1271.22,"endTime":1275.84,"body":"And a bit more choices, perhaps"},{"speaker":"Anton Chuvakin","startTime":1271.22,"endTime":1275.84,"body":"in this, like as SOC of 2012"},{"speaker":"Anton Chuvakin","startTime":1276.44,"endTime":1279.35,"body":"would be unquestionably"},{"speaker":"Anton Chuvakin","startTime":1276.44,"endTime":1279.35,"body":"organized around a sim sim would"},{"speaker":"Anton Chuvakin","startTime":1279.35,"endTime":1282.08,"body":"be your thing, sim would be a"},{"speaker":"Anton Chuvakin","startTime":1279.35,"endTime":1282.08,"body":"center of attention sim would be"},{"speaker":"Anton Chuvakin","startTime":1282.08,"endTime":1284.69,"body":"where you'd spend most of the"},{"speaker":"Anton Chuvakin","startTime":1282.08,"endTime":1284.69,"body":"time, not all the time, but most"},{"speaker":"Anton Chuvakin","startTime":1284.69,"endTime":1289.88,"body":"of the time. Today, I would say"},{"speaker":"Anton Chuvakin","startTime":1284.69,"endTime":1289.88,"body":"this is still true at many"},{"speaker":"Anton Chuvakin","startTime":1289.88,"endTime":1293.42,"body":"places. And it's not wrong if"},{"speaker":"Anton Chuvakin","startTime":1289.88,"endTime":1293.42,"body":"it's true. But I would say that"},{"speaker":"Anton Chuvakin","startTime":1293.42,"endTime":1297.68,"body":"there's there are more choices."},{"speaker":"Anton Chuvakin","startTime":1293.42,"endTime":1297.68,"body":"I've seen people with a pretty"},{"speaker":"Anton Chuvakin","startTime":1297.71,"endTime":1302.27,"body":"robust deployment of a good EDR"},{"speaker":"Anton Chuvakin","startTime":1297.71,"endTime":1302.27,"body":"tool, where EDR is their primary"},{"speaker":"Anton Chuvakin","startTime":1302.27,"endTime":1306.2,"body":"console, while the log manager"},{"speaker":"Anton Chuvakin","startTime":1302.27,"endTime":1306.2,"body":"or sim is their secondary, then"},{"speaker":"Anton Chuvakin","startTime":1306.2,"endTime":1310.85,"body":"it was not around, maybe even"},{"speaker":"Anton Chuvakin","startTime":1306.2,"endTime":1310.85,"body":"five years ago. I also see"},{"speaker":"Anton Chuvakin","startTime":1310.85,"endTime":1314.24,"body":"sometimes that a sore where they"},{"speaker":"Anton Chuvakin","startTime":1310.85,"endTime":1314.24,"body":"do the workflow when they do"},{"speaker":"Anton Chuvakin","startTime":1314.24,"endTime":1319.01,"body":"orchestration is their central,"},{"speaker":"Anton Chuvakin","startTime":1314.24,"endTime":1319.01,"body":"but log repository or a sim is"},{"speaker":"Anton Chuvakin","startTime":1319.01,"endTime":1322.22,"body":"basically what sort of queries"},{"speaker":"Anton Chuvakin","startTime":1319.01,"endTime":1322.22,"body":"so I would say that today's"},{"speaker":"Anton Chuvakin","startTime":1322.22,"endTime":1325.49,"body":"world in this regard is kind of"},{"speaker":"Anton Chuvakin","startTime":1322.22,"endTime":1325.49,"body":"a little bit more dispersed from"},{"speaker":"Anton Chuvakin","startTime":1325.49,"endTime":1329.45,"body":"sim sexuality. Like, you may"},{"speaker":"Anton Chuvakin","startTime":1325.49,"endTime":1329.45,"body":"have a sim centric sock, but I"},{"speaker":"Anton Chuvakin","startTime":1329.45,"endTime":1332.96,"body":"may have an EDR centric sock or"},{"speaker":"Anton Chuvakin","startTime":1329.45,"endTime":1332.96,"body":"x Dr. centric, so and you may be"},{"speaker":"Anton Chuvakin","startTime":1332.96,"endTime":1336.35,"body":"even in soar most of the time"},{"speaker":"Anton Chuvakin","startTime":1332.96,"endTime":1336.35,"body":"and soar with query Sim, you may"},{"speaker":"Anton Chuvakin","startTime":1336.35,"endTime":1339.62,"body":"never see a sim console or we'll"},{"speaker":"Anton Chuvakin","startTime":1336.35,"endTime":1339.62,"body":"see pretty rarely. So this makes"},{"speaker":"Anton Chuvakin","startTime":1339.62,"endTime":1343.04,"body":"for an exciting time. I'm back"},{"speaker":"Anton Chuvakin","startTime":1339.62,"endTime":1343.04,"body":"in the garden. The days I had a"},{"speaker":"Anton Chuvakin","startTime":1343.04,"endTime":1346.67,"body":"debate with an analyst who said"},{"speaker":"Anton Chuvakin","startTime":1343.04,"endTime":1346.67,"body":"that, you know what, for me at"},{"speaker":"Anton Chuvakin","startTime":1346.67,"endTime":1351.08,"body":"Caspi, cloud access security"},{"speaker":"Anton Chuvakin","startTime":1346.67,"endTime":1351.08,"body":"broker to maybe a SIM, and my"},{"speaker":"Anton Chuvakin","startTime":1351.08,"endTime":1354.65,"body":"initial reaction was, wow, this"},{"speaker":"Anton Chuvakin","startTime":1351.08,"endTime":1354.65,"body":"is stupid. But then he said,"},{"speaker":"Anton Chuvakin","startTime":1355.01,"endTime":1357.47,"body":"Wait a second, what about the"},{"speaker":"Anton Chuvakin","startTime":1355.01,"endTime":1357.47,"body":"company that doesn't have a data"},{"speaker":"Anton Chuvakin","startTime":1357.47,"endTime":1363.23,"body":"center uses, you know, 50 or 100"},{"speaker":"Anton Chuvakin","startTime":1357.47,"endTime":1363.23,"body":"different SaaS services, does"},{"speaker":"Anton Chuvakin","startTime":1363.23,"endTime":1368.06,"body":"not run anything in public cloud"},{"speaker":"Anton Chuvakin","startTime":1363.23,"endTime":1368.06,"body":"is or runs very little, and does"},{"speaker":"Anton Chuvakin","startTime":1368.06,"endTime":1372.65,"body":"not have a data center? Well,"},{"speaker":"Anton Chuvakin","startTime":1368.06,"endTime":1372.65,"body":"like, why isn't CASB be thei"},{"speaker":"Anton Chuvakin","startTime":1372.65,"endTime":1379.49,"body":"SIEM? Hmm. And my answer wa"},{"speaker":"Anton Chuvakin","startTime":1372.65,"endTime":1379.49,"body":", huh, well, okay. If you a"},{"speaker":"Anton Chuvakin","startTime":1379.88,"endTime":1384.47,"body":"e almost a complete SaaS puri"},{"speaker":"Anton Chuvakin","startTime":1379.88,"endTime":1384.47,"body":"t, software as a service puri"},{"speaker":"Anton Chuvakin","startTime":1384.5,"endTime":1387.02,"body":"ts, and you don't have data"},{"speaker":"Anton Chuvakin","startTime":1384.5,"endTime":1387.02,"body":"enter space have very little in"},{"speaker":"Anton Chuvakin","startTime":1387.02,"endTime":1392.69,"body":"rastructure service. Yeah, cas"},{"speaker":"Anton Chuvakin","startTime":1387.02,"endTime":1392.69,"body":"ing kind of is your SIEM. Hey,"},{"speaker":"Anton Chuvakin","startTime":1392.69,"endTime":1395.27,"body":"hate to say it like this becaus"},{"speaker":"Anton Chuvakin","startTime":1392.69,"endTime":1395.27,"body":"the mission is somewhat d"},{"speaker":"Anton Chuvakin","startTime":1395.27,"endTime":1399.59,"body":"fferent. But ultimately, your c"},{"speaker":"Anton Chuvakin","startTime":1395.27,"endTime":1399.59,"body":"ntral threat detection and monit"},{"speaker":"Anton Chuvakin","startTime":1399.83,"endTime":1404.3,"body":"ring console for all your s"},{"speaker":"Anton Chuvakin","startTime":1399.83,"endTime":1404.3,"body":"able of SaaS apps, is a  CAS"},{"speaker":"Anton Chuvakin","startTime":1404.3,"endTime":1408.11,"body":", is not the same as on log m"},{"speaker":"Anton Chuvakin","startTime":1404.3,"endTime":1408.11,"body":"nager in CASB's can collect some"},{"speaker":"Anton Chuvakin","startTime":1408.26,"endTime":1412.88,"body":"logs, they do detection, the"},{"speaker":"Anton Chuvakin","startTime":1408.26,"endTime":1412.88,"body":"can store logs, some of them."},{"speaker":"Anton Chuvakin","startTime":1412.88,"endTime":1416.63,"body":"And so you may live in a world"},{"speaker":"Anton Chuvakin","startTime":1412.88,"endTime":1416.63,"body":"admittedly pretty esoteric plac"},{"speaker":"Anton Chuvakin","startTime":1416.63,"endTime":1420.83,"body":"where CASB is your SIEM. So,"},{"speaker":"Anton Chuvakin","startTime":1416.63,"endTime":1420.83,"body":"so I could say sorry, I argued"},{"speaker":"Anton Chuvakin","startTime":1420.83,"endTime":1423.17,"body":"with you five years ago, but yo"},{"speaker":"Anton Chuvakin","startTime":1420.83,"endTime":1423.17,"body":"were kind of right. This wa"},{"speaker":"Anton Chuvakin","startTime":1423.17,"endTime":1424.64,"body":"some companies. Hmm"},{"speaker":"Robby Peralta","startTime":1425.39,"endTime":1426.71,"body":"And that kind of"},{"speaker":"Robby Peralta","startTime":1425.39,"endTime":1426.71,"body":"goes back to what you just"},{"speaker":"Robby Peralta","startTime":1426.71,"endTime":1429.47,"body":"earlier said it's not about the"},{"speaker":"Robby Peralta","startTime":1426.71,"endTime":1429.47,"body":"product. It's not about cm or"},{"speaker":"Robby Peralta","startTime":1429.47,"endTime":1431.93,"body":"EDR. sore, it's about the"},{"speaker":"Robby Peralta","startTime":1429.47,"endTime":1431.93,"body":"mission, right to be able to"},{"speaker":"Robby Peralta","startTime":1431.93,"endTime":1434.93,"body":"detect and respond to respond to"},{"speaker":"Robby Peralta","startTime":1431.93,"endTime":1434.93,"body":"things that's different from"},{"speaker":"Robby Peralta","startTime":1435.26,"endTime":1438.38,"body":"each organization, depending on"},{"speaker":"Robby Peralta","startTime":1435.26,"endTime":1438.38,"body":"who that position is."},{"speaker":"Anton Chuvakin","startTime":1439.31,"endTime":1440.9,"body":"may be"},{"speaker":"Anton Chuvakin","startTime":1439.31,"endTime":1440.9,"body":"different. I mean, there's still"},{"speaker":"Anton Chuvakin","startTime":1440.9,"endTime":1444.53,"body":"patterns like I still say that"},{"speaker":"Anton Chuvakin","startTime":1440.9,"endTime":1444.53,"body":"if you're building a sock that"},{"speaker":"Anton Chuvakin","startTime":1444.53,"endTime":1447.14,"body":"is centered a sale, I don't"},{"speaker":"Anton Chuvakin","startTime":1444.53,"endTime":1447.14,"body":"think you're wrong. I mean,"},{"speaker":"Anton Chuvakin","startTime":1447.14,"endTime":1449.96,"body":"it's, it's been there, it's"},{"speaker":"Anton Chuvakin","startTime":1447.14,"endTime":1449.96,"body":"broken model, you may see"},{"speaker":"Anton Chuvakin","startTime":1449.96,"endTime":1452.48,"body":"certain areas where you get to"},{"speaker":"Anton Chuvakin","startTime":1449.96,"endTime":1452.48,"body":"fill the gaps. But I don't think"},{"speaker":"Anton Chuvakin","startTime":1452.48,"endTime":1455.57,"body":"you're wrong. I don't think that"},{"speaker":"Anton Chuvakin","startTime":1452.48,"endTime":1455.57,"body":"it's a traditional approach here"},{"speaker":"Anton Chuvakin","startTime":1455.57,"endTime":1458.66,"body":"isn't wrong. It's just well,"},{"speaker":"Anton Chuvakin","startTime":1455.57,"endTime":1458.66,"body":"traditional approach. You may be"},{"speaker":"Anton Chuvakin","startTime":1458.66,"endTime":1461.0,"body":"non traditional, or you may be"},{"speaker":"Anton Chuvakin","startTime":1458.66,"endTime":1461.0,"body":"traditional. So to me, this is"},{"speaker":"Anton Chuvakin","startTime":1461.0,"endTime":1464.24,"body":"not about, you know, same as dad"},{"speaker":"Anton Chuvakin","startTime":1461.0,"endTime":1464.24,"body":"don't use sim Nothing of that"},{"speaker":"Anton Chuvakin","startTime":1464.24,"endTime":1468.32,"body":"sort. seems not that same as a"},{"speaker":"Anton Chuvakin","startTime":1464.24,"endTime":1468.32,"body":"two almost $3 billion market"},{"speaker":"Anton Chuvakin","startTime":1468.32,"endTime":1471.32,"body":"people buy their happy customers"},{"speaker":"Anton Chuvakin","startTime":1468.32,"endTime":1471.32,"body":"they're getting you can say"},{"speaker":"Anton Chuvakin","startTime":1471.32,"endTime":1474.05,"body":"despite customers for modern"},{"speaker":"Anton Chuvakin","startTime":1471.32,"endTime":1474.05,"body":"sales for software service"},{"speaker":"Anton Chuvakin","startTime":1474.05,"endTime":1477.35,"body":"teams, and even for legacy"},{"speaker":"Anton Chuvakin","startTime":1474.05,"endTime":1477.35,"body":"seats. Sure, why not? Hmm."},{"speaker":"Robby Peralta","startTime":1478.22,"endTime":1480.32,"body":"But the million"},{"speaker":"Robby Peralta","startTime":1478.22,"endTime":1480.32,"body":"dollar question. Where do we go"},{"speaker":"Robby Peralta","startTime":1480.32,"endTime":1481.88,"body":"from here? what's what's next?"},{"speaker":"Anton Chuvakin","startTime":1483.11,"endTime":1488.9,"body":"Okay, good one."},{"speaker":"Anton Chuvakin","startTime":1483.11,"endTime":1488.9,"body":"So. So here's where my bias, you"},{"speaker":"Anton Chuvakin","startTime":1488.9,"endTime":1490.91,"body":"know, because I've worked for"},{"speaker":"Anton Chuvakin","startTime":1488.9,"endTime":1490.91,"body":"Google, specifically Google"},{"speaker":"Anton Chuvakin","startTime":1490.91,"endTime":1493.88,"body":"Cloud Security sort of business"},{"speaker":"Anton Chuvakin","startTime":1490.91,"endTime":1493.88,"body":"unit, and I came there to"},{"speaker":"Anton Chuvakin","startTime":1493.88,"endTime":1497.24,"body":"chronicle. I have a bit of a"},{"speaker":"Anton Chuvakin","startTime":1493.88,"endTime":1497.24,"body":"bias in favor of a software as a"},{"speaker":"Anton Chuvakin","startTime":1497.24,"endTime":1499.97,"body":"service sim or something as a"},{"speaker":"Anton Chuvakin","startTime":1497.24,"endTime":1499.97,"body":"service model for a lot of"},{"speaker":"Anton Chuvakin","startTime":1500.0,"endTime":1504.38,"body":"detection and response. Now, I"},{"speaker":"Anton Chuvakin","startTime":1500.0,"endTime":1504.38,"body":"have a funny story about that"},{"speaker":"Anton Chuvakin","startTime":1504.38,"endTime":1508.31,"body":"going back to the Gartner days,"},{"speaker":"Anton Chuvakin","startTime":1504.38,"endTime":1508.31,"body":"a few years, several years ago,"},{"speaker":"Anton Chuvakin","startTime":1508.34,"endTime":1511.85,"body":"I somebody told me that they"},{"speaker":"Anton Chuvakin","startTime":1508.34,"endTime":1511.85,"body":"think software service sim is"},{"speaker":"Anton Chuvakin","startTime":1511.85,"endTime":1516.89,"body":"going to grow. And I told them,"},{"speaker":"Anton Chuvakin","startTime":1511.85,"endTime":1516.89,"body":"well, doesn't it have to appear"},{"speaker":"Anton Chuvakin","startTime":1516.89,"endTime":1521.69,"body":"first, before it grows? Like, if"},{"speaker":"Anton Chuvakin","startTime":1516.89,"endTime":1521.69,"body":"you look at the Magic Quadrant,"},{"speaker":"Anton Chuvakin","startTime":1521.69,"endTime":1526.31,"body":"or just in the market of sim in"},{"speaker":"Anton Chuvakin","startTime":1521.69,"endTime":1526.31,"body":"2015, there wasn't anybody with"},{"speaker":"Anton Chuvakin","startTime":1526.31,"endTime":1528.92,"body":"a credible software service"},{"speaker":"Anton Chuvakin","startTime":1526.31,"endTime":1528.92,"body":"model who wasn't the mq or even"},{"speaker":"Anton Chuvakin","startTime":1528.92,"endTime":1533.3,"body":"invite us. So software as a"},{"speaker":"Anton Chuvakin","startTime":1528.92,"endTime":1533.3,"body":"service model for say,"},{"speaker":"Anton Chuvakin","startTime":1533.3,"endTime":1536.9,"body":"vulnerability scanning was"},{"speaker":"Anton Chuvakin","startTime":1533.3,"endTime":1536.9,"body":"pioneered by qualis,"},{"speaker":"Robby Peralta","startTime":1537.47,"endTime":1539.48,"body":"20 years ago. How"},{"speaker":"Robby Peralta","startTime":1537.47,"endTime":1539.48,"body":"about that, huh."},{"speaker":"Anton Chuvakin","startTime":1540.17,"endTime":1544.43,"body":"And the software"},{"speaker":"Anton Chuvakin","startTime":1540.17,"endTime":1544.43,"body":"service for sim is much younger."},{"speaker":"Anton Chuvakin","startTime":1544.97,"endTime":1547.46,"body":"And it's been a bit of a"},{"speaker":"Anton Chuvakin","startTime":1544.97,"endTime":1547.46,"body":"mystery. I know, I was all"},{"speaker":"Anton Chuvakin","startTime":1547.49,"endTime":1550.31,"body":"almost involved in founding the"},{"speaker":"Anton Chuvakin","startTime":1547.49,"endTime":1550.31,"body":"software service sim vendor back"},{"speaker":"Anton Chuvakin","startTime":1550.31,"endTime":1553.82,"body":"in the day before my Gartner"},{"speaker":"Anton Chuvakin","startTime":1550.31,"endTime":1553.82,"body":"job, but the funny part is,"},{"speaker":"Anton Chuvakin","startTime":1554.93,"endTime":1558.98,"body":"software service sim was a slow"},{"speaker":"Anton Chuvakin","startTime":1554.93,"endTime":1558.98,"body":"start. But today it gets stuck."},{"speaker":"Anton Chuvakin","startTime":1559.34,"endTime":1562.55,"body":"And today, I would say that"},{"speaker":"Anton Chuvakin","startTime":1559.34,"endTime":1562.55,"body":"unless you are in some kind of"},{"speaker":"Anton Chuvakin","startTime":1563.24,"endTime":1567.32,"body":"extreme, cloud adverse"},{"speaker":"Anton Chuvakin","startTime":1563.24,"endTime":1567.32,"body":"environment where you just"},{"speaker":"Anton Chuvakin","startTime":1567.41,"endTime":1570.89,"body":"absolutely hate the cloud, and"},{"speaker":"Anton Chuvakin","startTime":1567.41,"endTime":1570.89,"body":"you just insist on using data"},{"speaker":"Anton Chuvakin","startTime":1570.89,"endTime":1575.24,"body":"centers for everything. Most"},{"speaker":"Anton Chuvakin","startTime":1570.89,"endTime":1575.24,"body":"likely a lot of security, threat"},{"speaker":"Anton Chuvakin","startTime":1575.24,"endTime":1579.83,"body":"detection would go cloud. And it"},{"speaker":"Anton Chuvakin","startTime":1575.24,"endTime":1579.83,"body":"was a really, really slow"},{"speaker":"Anton Chuvakin","startTime":1579.83,"endTime":1583.1,"body":"journey for this. And I feel I"},{"speaker":"Anton Chuvakin","startTime":1579.83,"endTime":1583.1,"body":"feel like in the last two, three"},{"speaker":"Anton Chuvakin","startTime":1583.1,"endTime":1587.24,"body":"years, it really ramped up. Like"},{"speaker":"Anton Chuvakin","startTime":1583.1,"endTime":1587.24,"body":"if you look at the same mq 2020"},{"speaker":"Anton Chuvakin","startTime":1587.3,"endTime":1592.79,"body":"Magic Quadrant, you'd see two"},{"speaker":"Anton Chuvakin","startTime":1587.3,"endTime":1592.79,"body":"three credible software services"},{"speaker":"Anton Chuvakin","startTime":1592.79,"endTime":1597.08,"body":"vendors, a couple of couple of"},{"speaker":"Anton Chuvakin","startTime":1592.79,"endTime":1597.08,"body":"vendors with hosted offerings,"},{"speaker":"Anton Chuvakin","startTime":1597.08,"endTime":1602.51,"body":"and you'll see that area finally"},{"speaker":"Anton Chuvakin","startTime":1597.08,"endTime":1602.51,"body":"go big. And to me, Chronicle is"},{"speaker":"Anton Chuvakin","startTime":1602.51,"endTime":1605.93,"body":"kind of our way of doing it. And"},{"speaker":"Anton Chuvakin","startTime":1602.51,"endTime":1605.93,"body":"to me that way, is surely I"},{"speaker":"Anton Chuvakin","startTime":1605.93,"endTime":1609.77,"body":"would say superior. But I'll"},{"speaker":"Anton Chuvakin","startTime":1605.93,"endTime":1609.77,"body":"back it out by saying that it is"},{"speaker":"Anton Chuvakin","startTime":1609.77,"endTime":1612.08,"body":"superior because of the pricing"},{"speaker":"Anton Chuvakin","startTime":1609.77,"endTime":1612.08,"body":"model, because we don't charge"},{"speaker":"Anton Chuvakin","startTime":1612.08,"endTime":1615.89,"body":"per per gigabyte we charge per"},{"speaker":"Anton Chuvakin","startTime":1612.08,"endTime":1615.89,"body":"employee. So to me, SaaS SIEM is"},{"speaker":"Anton Chuvakin","startTime":1615.89,"endTime":1619.28,"body":"a big part of the future. A"},{"speaker":"Anton Chuvakin","startTime":1615.89,"endTime":1619.28,"body":"d whether it would be called S"},{"speaker":"Anton Chuvakin","startTime":1619.28,"endTime":1622.07,"body":"EM or security analytics, or may"},{"speaker":"Anton Chuvakin","startTime":1619.28,"endTime":1622.07,"body":"e it would be called XDR, I"},{"speaker":"Anton Chuvakin","startTime":1622.07,"endTime":1625.97,"body":"on't know. I think that you"},{"speaker":"Anton Chuvakin","startTime":1622.07,"endTime":1625.97,"body":"ould probably not be doing on"},{"speaker":"Anton Chuvakin","startTime":1625.97,"endTime":1631.37,"body":"prem SIEM, in five years. And y"},{"speaker":"Anton Chuvakin","startTime":1625.97,"endTime":1631.37,"body":"u are very unlikely to be us"},{"speaker":"Anton Chuvakin","startTime":1631.37,"endTime":1632.99,"body":"ng on premise seven second 10"},{"speaker":"Robby Peralta","startTime":1633.08,"endTime":1635.06,"body":"And and the main"},{"speaker":"Robby Peralta","startTime":1633.08,"endTime":1635.06,"body":"reason that is just because it's"},{"speaker":"Robby Peralta","startTime":1635.06,"endTime":1637.43,"body":"less work for you, right, it's"},{"speaker":"Robby Peralta","startTime":1635.06,"endTime":1637.43,"body":"just easier to get their"},{"speaker":"Robby Peralta","startTime":1637.43,"endTime":1640.25,"body":"information that are what is one"},{"speaker":"Robby Peralta","startTime":1637.43,"endTime":1640.25,"body":"of the main reasons why that is"},{"speaker":"Robby Peralta","startTime":1640.25,"endTime":1640.76,"body":"the case."},{"speaker":"Anton Chuvakin","startTime":1641.54,"endTime":1645.41,"body":"Today, we did a"},{"speaker":"Anton Chuvakin","startTime":1641.54,"endTime":1645.41,"body":"paper on this on kind of like a"},{"speaker":"Anton Chuvakin","startTime":1645.44,"endTime":1649.22,"body":"first Gartner paper on softer"},{"speaker":"Anton Chuvakin","startTime":1645.44,"endTime":1649.22,"body":"service Sim, our team did in"},{"speaker":"Anton Chuvakin","startTime":1649.25,"endTime":1653.75,"body":"2017, or 18. I don't recall. So"},{"speaker":"Anton Chuvakin","startTime":1649.25,"endTime":1653.75,"body":"the point is that when we did"},{"speaker":"Anton Chuvakin","startTime":1653.75,"endTime":1656.51,"body":"the analysis for the paper, I"},{"speaker":"Anton Chuvakin","startTime":1653.75,"endTime":1656.51,"body":"kind of thought, hey, it would"},{"speaker":"Anton Chuvakin","startTime":1656.51,"endTime":1659.99,"body":"be all about analytics. And in"},{"speaker":"Anton Chuvakin","startTime":1656.51,"endTime":1659.99,"body":"reality, it was all about it's"},{"speaker":"Anton Chuvakin","startTime":1659.99,"endTime":1663.23,"body":"much easier to manage. So"},{"speaker":"Anton Chuvakin","startTime":1659.99,"endTime":1663.23,"body":"exactly like you just said, so"},{"speaker":"Anton Chuvakin","startTime":1663.26,"endTime":1666.83,"body":"people said, we asked him, Hey,"},{"speaker":"Anton Chuvakin","startTime":1663.26,"endTime":1666.83,"body":"why do you use test him? And"},{"speaker":"Anton Chuvakin","startTime":1666.83,"endTime":1671.51,"body":"they're like, I hate I hate"},{"speaker":"Anton Chuvakin","startTime":1666.83,"endTime":1671.51,"body":"patching redhead boxes. And he's"},{"speaker":"Anton Chuvakin","startTime":1671.51,"endTime":1674.45,"body":"like, what? And they said, Well,"},{"speaker":"Anton Chuvakin","startTime":1671.51,"endTime":1674.45,"body":"that's why we want to do they"},{"speaker":"Anton Chuvakin","startTime":1674.45,"endTime":1677.09,"body":"want to do cloud, we want to do"},{"speaker":"Anton Chuvakin","startTime":1674.45,"endTime":1677.09,"body":"SaaS, because we don't want t"},{"speaker":"Anton Chuvakin","startTime":1677.09,"endTime":1679.28,"body":"maintain hardware, we want t"},{"speaker":"Anton Chuvakin","startTime":1677.09,"endTime":1679.28,"body":"don't want to performance t"},{"speaker":"Anton Chuvakin","startTime":1679.28,"endTime":1684.35,"body":"hardware, we don't want to pa"},{"speaker":"Anton Chuvakin","startTime":1679.28,"endTime":1684.35,"body":"for hardware. And to me the tha"},{"speaker":"Anton Chuvakin","startTime":1684.35,"endTime":1688.43,"body":"has been a current motivator"},{"speaker":"Anton Chuvakin","startTime":1684.35,"endTime":1688.43,"body":"But I still feel that th"},{"speaker":"Anton Chuvakin","startTime":1688.46,"endTime":1692.9,"body":"analytic advantages of Saa"},{"speaker":"Anton Chuvakin","startTime":1688.46,"endTime":1692.9,"body":", where you do have broad"},{"speaker":"Anton Chuvakin","startTime":1692.9,"endTime":1696.59,"body":"r visibility of the data, a"},{"speaker":"Anton Chuvakin","startTime":1692.9,"endTime":1696.59,"body":"d hence, higher chances"},{"speaker":"Anton Chuvakin","startTime":1696.59,"endTime":1699.95,"body":"f applying analytics to data to"},{"speaker":"Anton Chuvakin","startTime":1696.59,"endTime":1699.95,"body":"e ultimately a weighing argumen"},{"speaker":"Anton Chuvakin","startTime":1700.28,"endTime":1704.75,"body":". And this is what happened"},{"speaker":"Anton Chuvakin","startTime":1700.28,"endTime":1704.75,"body":"o EDR, for example. EDR was bo"},{"speaker":"Anton Chuvakin","startTime":1704.78,"endTime":1709.1,"body":"n as an on premise softwar"},{"speaker":"Anton Chuvakin","startTime":1704.78,"endTime":1709.1,"body":", carbon black 2000 to, you kno"},{"speaker":"Anton Chuvakin","startTime":1709.1,"endTime":1712.91,"body":", what don't they call the date"},{"speaker":"Anton Chuvakin","startTime":1709.1,"endTime":1712.91,"body":"f probably 13 as well. Yeah. A"},{"speaker":"Anton Chuvakin","startTime":1712.91,"endTime":1717.41,"body":"d so later on most of the E"},{"speaker":"Anton Chuvakin","startTime":1712.91,"endTime":1717.41,"body":"R vendors kind of found a way"},{"speaker":"Anton Chuvakin","startTime":1717.41,"endTime":1721.4,"body":"o back end to the cloud, becau"},{"speaker":"Anton Chuvakin","startTime":1717.41,"endTime":1721.4,"body":"e analytic advantages, ease"},{"speaker":"Anton Chuvakin","startTime":1721.4,"endTime":1725.72,"body":"f management, ease of deploymen"},{"speaker":"Anton Chuvakin","startTime":1721.4,"endTime":1725.72,"body":", lack of the need to mana"},{"speaker":"Anton Chuvakin","startTime":1725.72,"endTime":1729.86,"body":"e massive, scalable back en"},{"speaker":"Anton Chuvakin","startTime":1725.72,"endTime":1729.86,"body":"s well, at each client. So to m"},{"speaker":"Anton Chuvakin","startTime":1730.31,"endTime":1733.34,"body":", that sounds sasses the answe"},{"speaker":"Anton Chuvakin","startTime":1730.31,"endTime":1733.34,"body":". And again, in other domains"},{"speaker":"Anton Chuvakin","startTime":1733.34,"endTime":1736.49,"body":"f security, people have known"},{"speaker":"Anton Chuvakin","startTime":1733.34,"endTime":1736.49,"body":"t for 10 years. I mean, you're n"},{"speaker":"Anton Chuvakin","startTime":1736.49,"endTime":1740.15,"body":"t gonna do like secure ema"},{"speaker":"Anton Chuvakin","startTime":1736.49,"endTime":1740.15,"body":"l gateway appliance. This has be"},{"speaker":"Anton Chuvakin","startTime":1740.15,"endTime":1744.8,"body":"n kind of waiting for many, ma"},{"speaker":"Anton Chuvakin","startTime":1740.15,"endTime":1744.8,"body":"y years. webproxy What Gartn"},{"speaker":"Anton Chuvakin","startTime":1744.8,"endTime":1747.74,"body":"r call secure web gateways?"},{"speaker":"Anton Chuvakin","startTime":1744.8,"endTime":1747.74,"body":"I mean, almost nobody's usi"},{"speaker":"Anton Chuvakin","startTime":1747.74,"endTime":1751.1,"body":"g appliances anymore. I mean, it"},{"speaker":"Anton Chuvakin","startTime":1747.74,"endTime":1751.1,"body":"s shrinking. But sim has be"},{"speaker":"Anton Chuvakin","startTime":1751.13,"endTime":1754.58,"body":"n slower to uptake of the SaaS."},{"speaker":"Anton Chuvakin","startTime":1751.13,"endTime":1754.58,"body":"nd I think that's kind of a"},{"speaker":"Anton Chuvakin","startTime":1754.58,"endTime":1757.52,"body":"ig deal for the next few yea"},{"speaker":"Anton Chuvakin","startTime":1754.58,"endTime":1757.52,"body":"s, next several yea"},{"speaker":"Robby Peralta","startTime":1758.0,"endTime":1759.74,"body":"Are there any"},{"speaker":"Robby Peralta","startTime":1758.0,"endTime":1759.74,"body":"other like, small, like,"},{"speaker":"Robby Peralta","startTime":1760.31,"endTime":1763.19,"body":"benefits that people wouldn't"},{"speaker":"Robby Peralta","startTime":1760.31,"endTime":1763.19,"body":"guess just by having, you know,"},{"speaker":"Robby Peralta","startTime":1763.19,"endTime":1767.39,"body":"see him in the cloud. One thing"},{"speaker":"Robby Peralta","startTime":1763.19,"endTime":1767.39,"body":"I read about Chronicle was that,"},{"speaker":"Robby Peralta","startTime":1767.48,"endTime":1772.16,"body":"you know, can store telemetry"},{"speaker":"Robby Peralta","startTime":1767.48,"endTime":1772.16,"body":"data in the cloud, and maybe is"},{"speaker":"Robby Peralta","startTime":1772.16,"endTime":1774.35,"body":"just going back to pricing"},{"speaker":"Robby Peralta","startTime":1772.16,"endTime":1774.35,"body":"model, they don't charge that"},{"speaker":"Robby Peralta","startTime":1774.35,"endTime":1775.07,"body":"way. And that's why that's"},{"speaker":"Anton Chuvakin","startTime":1775.46,"endTime":1778.46,"body":"not it's it's"},{"speaker":"Anton Chuvakin","startTime":1775.46,"endTime":1778.46,"body":"not only sure, but it's not only"},{"speaker":"Anton Chuvakin","startTime":1778.46,"endTime":1783.53,"body":"that, I think one of the hidden"},{"speaker":"Anton Chuvakin","startTime":1778.46,"endTime":1783.53,"body":"advantages is that when you own"},{"speaker":"Anton Chuvakin","startTime":1783.53,"endTime":1786.08,"body":"the cloud, or even if you"},{"speaker":"Anton Chuvakin","startTime":1783.53,"endTime":1786.08,"body":"purchase the I mean, we all in"},{"speaker":"Anton Chuvakin","startTime":1786.08,"endTime":1788.9,"body":"the cloud, obviously, our you"},{"speaker":"Anton Chuvakin","startTime":1786.08,"endTime":1788.9,"body":"know, friends from Microsoft do"},{"speaker":"Anton Chuvakin","startTime":1788.9,"endTime":1793.1,"body":"too. And when you only got"},{"speaker":"Anton Chuvakin","startTime":1788.9,"endTime":1793.1,"body":"babies, if you don't on the"},{"speaker":"Anton Chuvakin","startTime":1793.1,"endTime":1796.94,"body":"cloud, even if you buy the cloud"},{"speaker":"Anton Chuvakin","startTime":1793.1,"endTime":1796.94,"body":"to rent the cloud, you can do a"},{"speaker":"Anton Chuvakin","startTime":1796.94,"endTime":1800.24,"body":"lot more interesting things with"},{"speaker":"Anton Chuvakin","startTime":1796.94,"endTime":1800.24,"body":"performance, manage The"},{"speaker":"Anton Chuvakin","startTime":1800.24,"endTime":1803.93,"body":"resources. So, for example, if I"},{"speaker":"Anton Chuvakin","startTime":1800.24,"endTime":1803.93,"body":"want to run deep learning"},{"speaker":"Anton Chuvakin","startTime":1803.96,"endTime":1809.6,"body":"algorithms, or any kind of more"},{"speaker":"Anton Chuvakin","startTime":1803.96,"endTime":1809.6,"body":"top tier ml stuff, you may need"},{"speaker":"Anton Chuvakin","startTime":1809.69,"endTime":1815.96,"body":"a lot of resources for somewhat"},{"speaker":"Anton Chuvakin","startTime":1809.69,"endTime":1815.96,"body":"short amount of time. Like, it's"},{"speaker":"Anton Chuvakin","startTime":1815.96,"endTime":1820.4,"body":"expected that you get it in the"},{"speaker":"Anton Chuvakin","startTime":1815.96,"endTime":1820.4,"body":"cloud. But you absolutely cannot"},{"speaker":"Anton Chuvakin","startTime":1820.4,"endTime":1824.87,"body":"have on prem. Because imagine"},{"speaker":"Anton Chuvakin","startTime":1820.4,"endTime":1824.87,"body":"that you have 50 servers, but"},{"speaker":"Anton Chuvakin","startTime":1824.9,"endTime":1828.68,"body":"for two hours, you need 50,000"},{"speaker":"Anton Chuvakin","startTime":1824.9,"endTime":1828.68,"body":"servers, and then you don't"},{"speaker":"Anton Chuvakin","startTime":1828.68,"endTime":1833.96,"body":"anymore. You cannot do that you"},{"speaker":"Anton Chuvakin","startTime":1828.68,"endTime":1833.96,"body":"there's no way to do it. So to"},{"speaker":"Anton Chuvakin","startTime":1833.96,"endTime":1838.28,"body":"me, this secret future advantage"},{"speaker":"Anton Chuvakin","startTime":1833.96,"endTime":1838.28,"body":"of this would be the writing the"},{"speaker":"Anton Chuvakin","startTime":1838.28,"endTime":1844.4,"body":"types of ml, that rely on that"},{"speaker":"Anton Chuvakin","startTime":1838.28,"endTime":1844.4,"body":"type of extreme compute for"},{"speaker":"Anton Chuvakin","startTime":1844.4,"endTime":1848.06,"body":"short period of time, but not"},{"speaker":"Anton Chuvakin","startTime":1844.4,"endTime":1848.06,"body":"all the time. Because like, you"},{"speaker":"Anton Chuvakin","startTime":1848.06,"endTime":1849.8,"body":"know, we can do it all the time,"},{"speaker":"Anton Chuvakin","startTime":1848.06,"endTime":1849.8,"body":"but then it would be a little"},{"speaker":"Anton Chuvakin","startTime":1849.8,"endTime":1853.64,"body":"bit costly. The point is that,"},{"speaker":"Anton Chuvakin","startTime":1849.8,"endTime":1853.64,"body":"if you're on pram, I would"},{"speaker":"Anton Chuvakin","startTime":1853.64,"endTime":1857.15,"body":"expect that certain algorithms"},{"speaker":"Anton Chuvakin","startTime":1853.64,"endTime":1857.15,"body":"you can never run. Now, you"},{"speaker":"Anton Chuvakin","startTime":1857.15,"endTime":1859.94,"body":"asked me a second question named"},{"speaker":"Anton Chuvakin","startTime":1857.15,"endTime":1859.94,"body":"specific algorithms, you mean,"},{"speaker":"Anton Chuvakin","startTime":1860.06,"endTime":1863.87,"body":"and I cannot I it's still a"},{"speaker":"Anton Chuvakin","startTime":1860.06,"endTime":1863.87,"body":"little bit of a hypothetical"},{"speaker":"Anton Chuvakin","startTime":1863.87,"endTime":1866.57,"body":"where I kind of fused some of my"},{"speaker":"Anton Chuvakin","startTime":1863.87,"endTime":1866.57,"body":"knowledge of a male with some of"},{"speaker":"Anton Chuvakin","startTime":1866.57,"endTime":1870.23,"body":"my knowledge of SIEM. And kin"},{"speaker":"Anton Chuvakin","startTime":1866.57,"endTime":1870.23,"body":"of, I kind of suspect that ther"},{"speaker":"Anton Chuvakin","startTime":1870.23,"endTime":1874.22,"body":"will be use cases where th"},{"speaker":"Anton Chuvakin","startTime":1870.23,"endTime":1874.22,"body":"algorithms require a lot o"},{"speaker":"Anton Chuvakin","startTime":1874.22,"endTime":1878.09,"body":"compute for short periods o"},{"speaker":"Anton Chuvakin","startTime":1874.22,"endTime":1878.09,"body":"time. And if you're on prem, yo"},{"speaker":"Anton Chuvakin","startTime":1878.09,"endTime":1881.09,"body":"can never ever match it. An"},{"speaker":"Anton Chuvakin","startTime":1878.09,"endTime":1881.09,"body":"this is algorithm gives you"},{"speaker":"Anton Chuvakin","startTime":1881.09,"endTime":1884.66,"body":"threat detection advantage. An"},{"speaker":"Anton Chuvakin","startTime":1881.09,"endTime":1884.66,"body":"on prem then there can neve"},{"speaker":"Anton Chuvakin","startTime":1884.66,"endTime":1889.34,"body":"replicate it never ever, ever"},{"speaker":"Anton Chuvakin","startTime":1884.66,"endTime":1889.34,"body":"So to me, I feel like a littl"},{"speaker":"Anton Chuvakin","startTime":1889.34,"endTime":1895.1,"body":"bit of this is happening toda"},{"speaker":"Anton Chuvakin","startTime":1889.34,"endTime":1895.1,"body":"in EDR. I see some EDR vendor"},{"speaker":"Anton Chuvakin","startTime":1895.13,"endTime":1898.88,"body":"that run pretty heavy workload"},{"speaker":"Anton Chuvakin","startTime":1895.13,"endTime":1898.88,"body":"for a few hours, kind of I don'"},{"speaker":"Anton Chuvakin","startTime":1898.88,"endTime":1901.25,"body":"know, probably at night, but o"},{"speaker":"Anton Chuvakin","startTime":1898.88,"endTime":1901.25,"body":"course in the cloud, it doesn'"},{"speaker":"Anton Chuvakin","startTime":1901.25,"endTime":1904.31,"body":"really matter. And they gaine"},{"speaker":"Anton Chuvakin","startTime":1901.25,"endTime":1904.31,"body":"some analytic advantages fro"},{"speaker":"Anton Chuvakin","startTime":1904.31,"endTime":1907.88,"body":"that which an on prem competito"},{"speaker":"Anton Chuvakin","startTime":1904.31,"endTime":1907.88,"body":"can ever match. Okay, maybe thi"},{"speaker":"Anton Chuvakin","startTime":1907.88,"endTime":1910.16,"body":"was a little bit too elaborate"},{"speaker":"Anton Chuvakin","startTime":1907.88,"endTime":1910.16,"body":"But the point is that if there'"},{"speaker":"Anton Chuvakin","startTime":1910.16,"endTime":1912.41,"body":"an algorithm that you can run i"},{"speaker":"Anton Chuvakin","startTime":1910.16,"endTime":1912.41,"body":"the cloud that you cannot o"},{"speaker":"Anton Chuvakin","startTime":1912.41,"endTime":1915.05,"body":"prem, that's a dramati"},{"speaker":"Anton Chuvakin","startTime":1912.41,"endTime":1915.05,"body":"advantage. Hmm"},{"speaker":"Robby Peralta","startTime":1915.59,"endTime":1916.85,"body":"And that's not"},{"speaker":"Robby Peralta","startTime":1915.59,"endTime":1916.85,"body":"possible on premise"},{"speaker":"Anton Chuvakin","startTime":1916.94,"endTime":1920.12,"body":"exactly as"},{"speaker":"Anton Chuvakin","startTime":1916.94,"endTime":1920.12,"body":"possible, because you cannot buy"},{"speaker":"Anton Chuvakin","startTime":1920.78,"endTime":1923.51,"body":"10,000 times more servers for an"},{"speaker":"Anton Chuvakin","startTime":1920.78,"endTime":1923.51,"body":"hour. Hmm."},{"speaker":"Robby Peralta","startTime":1923.81,"endTime":1926.18,"body":"One last question"},{"speaker":"Robby Peralta","startTime":1923.81,"endTime":1926.18,"body":"before I let you go. I haven't"},{"speaker":"Robby Peralta","startTime":1926.18,"endTime":1931.07,"body":"heard artificial intelligence"},{"speaker":"Robby Peralta","startTime":1926.18,"endTime":1931.07,"body":"named in a security conversation"},{"speaker":"Robby Peralta","startTime":1931.07,"endTime":1933.59,"body":"for a long time. And that"},{"speaker":"Robby Peralta","startTime":1931.07,"endTime":1933.59,"body":"surprises me. And you're talking"},{"speaker":"Robby Peralta","startTime":1933.59,"endTime":1935.51,"body":"about machine learning, where"},{"speaker":"Robby Peralta","startTime":1933.59,"endTime":1935.51,"body":"where are we with in terms of"},{"speaker":"Robby Peralta","startTime":1935.51,"endTime":1938.93,"body":"that? Why is that not like a big"},{"speaker":"Robby Peralta","startTime":1935.51,"endTime":1938.93,"body":"thing anymore? Or is this just"},{"speaker":"Robby Peralta","startTime":1938.93,"endTime":1940.76,"body":"because of Coronavirus and I'm"},{"speaker":"Robby Peralta","startTime":1938.93,"endTime":1940.76,"body":"not at conferences anymore."},{"speaker":"Anton Chuvakin","startTime":1941.99,"endTime":1947.93,"body":"I prefer to"},{"speaker":"Anton Chuvakin","startTime":1941.99,"endTime":1947.93,"body":"stick to ML for this and not"},{"speaker":"Anton Chuvakin","startTime":1947.93,"endTime":1956.96,"body":"really go say the A word.. So"},{"speaker":"Anton Chuvakin","startTime":1947.93,"endTime":1956.96,"body":"one of the last papers me and my"},{"speaker":"Anton Chuvakin","startTime":1956.96,"endTime":1961.25,"body":"team had done at Gartner in 2019"},{"speaker":"Anton Chuvakin","startTime":1956.96,"endTime":1961.25,"body":"was kind of assessing the impact"},{"speaker":"Anton Chuvakin","startTime":1961.25,"endTime":1966.59,"body":"of AI and ML on security. So we"},{"speaker":"Anton Chuvakin","startTime":1961.25,"endTime":1966.59,"body":"are basically looking to answer"},{"speaker":"Anton Chuvakin","startTime":1966.59,"endTime":1970.04,"body":"the same question, what's the"},{"speaker":"Anton Chuvakin","startTime":1966.59,"endTime":1970.04,"body":"real state of affairs in regards"},{"speaker":"Anton Chuvakin","startTime":1970.04,"endTime":1973.73,"body":"to ml and AI techniques. And by"},{"speaker":"Anton Chuvakin","startTime":1970.04,"endTime":1973.73,"body":"the way, in the finance side,"},{"speaker":"Anton Chuvakin","startTime":1973.79,"endTime":1977.48,"body":"Gartner has gone through its own"},{"speaker":"Anton Chuvakin","startTime":1973.79,"endTime":1977.48,"body":"transformation in regards to AI"},{"speaker":"Anton Chuvakin","startTime":1977.48,"endTime":1982.19,"body":"terminology. When we started"},{"speaker":"Anton Chuvakin","startTime":1977.48,"endTime":1982.19,"body":"writing about this, we actually"},{"speaker":"Anton Chuvakin","startTime":1982.19,"endTime":1985.64,"body":"did not use the term AI because"},{"speaker":"Anton Chuvakin","startTime":1982.19,"endTime":1985.64,"body":"we sort of preserved initially"},{"speaker":"Anton Chuvakin","startTime":1985.64,"endTime":1989.03,"body":"preserved AI for some kind of a"},{"speaker":"Anton Chuvakin","startTime":1985.64,"endTime":1989.03,"body":"future advance, you know, but"},{"speaker":"Anton Chuvakin","startTime":1989.03,"endTime":1992.09,"body":"later on, kind of under pressure"},{"speaker":"Anton Chuvakin","startTime":1989.03,"endTime":1992.09,"body":"from everybody else, you say, an"},{"speaker":"Anton Chuvakin","startTime":1992.09,"endTime":1995.96,"body":"AI to me narrow AI, essentially"},{"speaker":"Anton Chuvakin","startTime":1992.09,"endTime":1995.96,"body":"advanced machine learning, we"},{"speaker":"Anton Chuvakin","startTime":1995.96,"endTime":1998.24,"body":"sort of cave, I guess that's my"},{"speaker":"Anton Chuvakin","startTime":1995.96,"endTime":1998.24,"body":"reading of the tea leaves, I"},{"speaker":"Anton Chuvakin","startTime":1998.24,"endTime":2000.4,"body":"don't know how it really"},{"speaker":"Anton Chuvakin","startTime":1998.24,"endTime":2000.4,"body":"happened. And they started"},{"speaker":"Anton Chuvakin","startTime":2000.4,"endTime":2005.32,"body":"saying AI to indicate narrow AI."},{"speaker":"Anton Chuvakin","startTime":2000.4,"endTime":2005.32,"body":"Basically, machine learning"},{"speaker":"Anton Chuvakin","startTime":2005.32,"endTime":2007.42,"body":"techniques utilized in a"},{"speaker":"Anton Chuvakin","startTime":2005.32,"endTime":2007.42,"body":"particular manner deep learning,"},{"speaker":"Anton Chuvakin","startTime":2007.42,"endTime":2012.97,"body":"too. So in the paper, we did say"},{"speaker":"Anton Chuvakin","startTime":2007.42,"endTime":2012.97,"body":"AI ml, the point that we made in"},{"speaker":"Anton Chuvakin","startTime":2012.97,"endTime":2016.0,"body":"the paper is that there are"},{"speaker":"Anton Chuvakin","startTime":2012.97,"endTime":2016.0,"body":"certain areas where ml has been"},{"speaker":"Anton Chuvakin","startTime":2016.03,"endTime":2020.8,"body":"effective. And of course, there"},{"speaker":"Anton Chuvakin","startTime":2016.03,"endTime":2020.8,"body":"are anti malware companies. I'm"},{"speaker":"Anton Chuvakin","startTime":2020.8,"endTime":2024.97,"body":"not going to name names, you"},{"speaker":"Anton Chuvakin","startTime":2020.8,"endTime":2024.97,"body":"know, for this, that"},{"speaker":"Anton Chuvakin","startTime":2025.21,"endTime":2028.54,"body":"substantially relied on ml to"},{"speaker":"Anton Chuvakin","startTime":2025.21,"endTime":2028.54,"body":"detect viruses quite"},{"speaker":"Anton Chuvakin","startTime":2028.54,"endTime":2032.05,"body":"effectively. Right. And to me,"},{"speaker":"Anton Chuvakin","startTime":2028.54,"endTime":2032.05,"body":"of course, there are sim vendors"},{"speaker":"Anton Chuvakin","startTime":2032.08,"endTime":2035.2,"body":"or UBA vendors that rely on"},{"speaker":"Anton Chuvakin","startTime":2032.08,"endTime":2035.2,"body":"them. Well, very often is an"},{"speaker":"Anton Chuvakin","startTime":2035.2,"endTime":2039.01,"body":"exhilarating Nic, or as a"},{"speaker":"Anton Chuvakin","startTime":2035.2,"endTime":2039.01,"body":"technique that works really well"},{"speaker":"Anton Chuvakin","startTime":2039.01,"endTime":2043.09,"body":"for some use cases, but not for"},{"speaker":"Anton Chuvakin","startTime":2039.01,"endTime":2043.09,"body":"others. So to me, I would say we"},{"speaker":"Anton Chuvakin","startTime":2043.09,"endTime":2048.37,"body":"are in the sort of a slow ramp"},{"speaker":"Anton Chuvakin","startTime":2043.09,"endTime":2048.37,"body":"up like you remember the classic"},{"speaker":"Anton Chuvakin","startTime":2048.37,"endTime":2049.42,"body":"hype cycle from Gartner."},{"speaker":"Robby Peralta","startTime":2049.47,"endTime":2050.82,"body":"Yeah I was"},{"speaker":"Robby Peralta","startTime":2049.47,"endTime":2050.82,"body":"thinking that right now"},{"speaker":"Anton Chuvakin","startTime":2054.59,"endTime":2057.35,"body":"I'm sure there's"},{"speaker":"Anton Chuvakin","startTime":2054.59,"endTime":2057.35,"body":"a published piece on security ML"},{"speaker":"Anton Chuvakin","startTime":2057.35,"endTime":2061.22,"body":"with hype cycle so you just need"},{"speaker":"Anton Chuvakin","startTime":2057.35,"endTime":2061.22,"body":"to look it up. But my impression"},{"speaker":"Anton Chuvakin","startTime":2061.22,"endTime":2066.62,"body":"is that we are in the we're kind"},{"speaker":"Anton Chuvakin","startTime":2061.22,"endTime":2066.62,"body":"of creeping up from the, from"},{"speaker":"Anton Chuvakin","startTime":2066.62,"endTime":2070.64,"body":"the from the, from the deep,"},{"speaker":"Anton Chuvakin","startTime":2066.62,"endTime":2070.64,"body":"right? So two, three years ago,"},{"speaker":"Anton Chuvakin","startTime":2070.64,"endTime":2072.95,"body":"and you went to conferences, and"},{"speaker":"Anton Chuvakin","startTime":2070.64,"endTime":2072.95,"body":"I went to conferences, and it"},{"speaker":"Anton Chuvakin","startTime":2072.95,"endTime":2077.09,"body":"was really, really noisy. It was"},{"speaker":"Anton Chuvakin","startTime":2072.95,"endTime":2077.09,"body":"probably close to the peak of"},{"speaker":"Anton Chuvakin","startTime":2077.09,"endTime":2082.19,"body":"inflated expectations, right? So"},{"speaker":"Anton Chuvakin","startTime":2077.09,"endTime":2082.19,"body":"it has largely come down. And I"},{"speaker":"Anton Chuvakin","startTime":2082.19,"endTime":2084.86,"body":"feel like we're gonna be slowly"},{"speaker":"Anton Chuvakin","startTime":2082.19,"endTime":2084.86,"body":"creeping up to the plate of"},{"speaker":"Anton Chuvakin","startTime":2084.86,"endTime":2088.1,"body":"productivity, where it's"},{"speaker":"Anton Chuvakin","startTime":2084.86,"endTime":2088.1,"body":"effective, but not magical."},{"speaker":"Anton Chuvakin","startTime":2088.58,"endTime":2092.6,"body":"Today we are in the we are"},{"speaker":"Anton Chuvakin","startTime":2088.58,"endTime":2092.6,"body":"starting to see areas where it's"},{"speaker":"Anton Chuvakin","startTime":2092.6,"endTime":2096.32,"body":"effective. And we are already"},{"speaker":"Anton Chuvakin","startTime":2092.6,"endTime":2096.32,"body":"mostly aware that it's not"},{"speaker":"Anton Chuvakin","startTime":2096.32,"endTime":2098.75,"body":"magical. Of course there are"},{"speaker":"Anton Chuvakin","startTime":2096.32,"endTime":2098.75,"body":"always idiotic vendors who will"},{"speaker":"Anton Chuvakin","startTime":2098.75,"endTime":2104.3,"body":"say that there is No AI can"},{"speaker":"Anton Chuvakin","startTime":2098.75,"endTime":2104.3,"body":"solve security higher world"},{"speaker":"Anton Chuvakin","startTime":2104.3,"endTime":2108.47,"body":"hunger, you know, your cancer, I"},{"speaker":"Anton Chuvakin","startTime":2104.3,"endTime":2108.47,"body":"think. And yeah, but that"},{"speaker":"Anton Chuvakin","startTime":2108.47,"endTime":2111.14,"body":"exists. And then there's"},{"speaker":"Anton Chuvakin","startTime":2108.47,"endTime":2111.14,"body":"frankly, there's one particular"},{"speaker":"Anton Chuvakin","startTime":2111.14,"endTime":2116.51,"body":"vendor I'm thinking about, but"},{"speaker":"Anton Chuvakin","startTime":2111.14,"endTime":2116.51,"body":"we will be in the finding areas"},{"speaker":"Anton Chuvakin","startTime":2116.51,"endTime":2118.91,"body":"where it's works and using it"},{"speaker":"Anton Chuvakin","startTime":2116.51,"endTime":2118.91,"body":"there. So to me, this is kind of"},{"speaker":"Anton Chuvakin","startTime":2118.91,"endTime":2123.56,"body":"how it's feel it feels very much"},{"speaker":"Anton Chuvakin","startTime":2118.91,"endTime":2123.56,"body":"creeping up from the deep is"},{"speaker":"Anton Chuvakin","startTime":2123.56,"endTime":2124.82,"body":"what's going on. Hmm."},{"speaker":"Robby Peralta","startTime":2125.23,"endTime":2128.05,"body":"So to conclude"},{"speaker":"Robby Peralta","startTime":2125.23,"endTime":2128.05,"body":"our chat today, SIEM is not dead"},{"speaker":"Robby Peralta","startTime":2128.05,"endTime":2132.13,"body":"SIEM has just reached the end of"},{"speaker":"Robby Peralta","startTime":2128.05,"endTime":2132.13,"body":"its hype cycle, and it's no"},{"speaker":"Robby Peralta","startTime":2132.13,"endTime":2133.18,"body":"longer a buzzword, I guess."},{"speaker":"Anton Chuvakin","startTime":2133.96,"endTime":2136.84,"body":"It's no longer"},{"speaker":"Anton Chuvakin","startTime":2133.96,"endTime":2136.84,"body":"buzzword, for sure. Well, Dr."},{"speaker":"Anton Chuvakin","startTime":2136.84,"endTime":2137.2,"body":"Chuvakin"},{"speaker":"Robby Peralta","startTime":2137.2,"endTime":2139.84,"body":"thank you so much"},{"speaker":"Robby Peralta","startTime":2137.2,"endTime":2139.84,"body":"for your time today. I'm going"},{"speaker":"Robby Peralta","startTime":2139.84,"endTime":2141.91,"body":"to beg you to come back once I"},{"speaker":"Robby Peralta","startTime":2139.84,"endTime":2141.91,"body":"have another good topic for you."},{"speaker":"Robby Peralta","startTime":2141.91,"endTime":2144.94,"body":"So look for that in your in your"},{"speaker":"Robby Peralta","startTime":2141.91,"endTime":2144.94,"body":"LinkedIn mailbox."},{"speaker":"Anton Chuvakin","startTime":2145.96,"endTime":2147.46,"body":"Perfect figure"},{"speaker":"Anton Chuvakin","startTime":2145.96,"endTime":2147.46,"body":"in my show, looking forward to"},{"speaker":"Anton Chuvakin","startTime":2147.46,"endTime":2147.64,"body":"it."},{"speaker":"Robby Peralta","startTime":2147.7,"endTime":2148.9,"body":"Yes. Take care,"},{"speaker":"Robby Peralta","startTime":2147.7,"endTime":2148.9,"body":"stay safe."},{"speaker":"Robby Peralta","startTime":2152.05,"endTime":2154.87,"body":"Well, that's all for today,"},{"speaker":"Robby Peralta","startTime":2152.05,"endTime":2154.87,"body":"folks. Thank you for tuning in"},{"speaker":"Robby Peralta","startTime":2154.87,"endTime":2157.48,"body":"to the mnemonic security"},{"speaker":"Robby Peralta","startTime":2154.87,"endTime":2157.48,"body":"podcast. If you have any"},{"speaker":"Robby Peralta","startTime":2157.48,"endTime":2160.54,"body":"concepts or ideas that you would"},{"speaker":"Robby Peralta","startTime":2157.48,"endTime":2160.54,"body":"like us to discuss on future"},{"speaker":"Robby Peralta","startTime":2160.54,"endTime":2163.06,"body":"episodes, please feel free to"},{"speaker":"Robby Peralta","startTime":2160.54,"endTime":2163.06,"body":"send us a mail"},{"speaker":"Robby Peralta","startTime":2163.21,"endTime":2167.23,"body":"podcast@mnemonic.no Thank you"},{"speaker":"Robby Peralta","startTime":2163.21,"endTime":2167.23,"body":"for listening, and we'll see you"},{"speaker":"Robby Peralta","startTime":2167.23,"endTime":2167.68,"body":"next time."}]}