Data overload is one of the biggest challenges facing security teams, but German startup Tenzir thinks it has the solution: security data operations, or SecDataOps.
"We are bringing open-source security data pipelines to market," Tenzir founder and CEO Matthias Vallentin tells Security Weekly's Mandy Logan at the Black Hat 2023 security conference last week. "Think of it as a mechanism to acquire, enrich, route security data, get it from A to B."
Security teams are being overwhelmed by the amount of telemetry they have to ingest and process, Vallentin explains, and security tools such as SIEMs can't keep up.
"The amount of data we consume is just exponentially skyrocketing," Vallentin says, with security tools "basically collapsing under the load."
At the same time, he says, the need for even more data grows as attackers become more sophisticated and the number of signals required to spot attacker activity increases.
"We have to be smarter in our detections to find them, and that requires more data," Vallentin says.
SecDataOps is an open-source approach to reducing, managing and redirecting that data, Vallentin says, through reshaping, filtering, pre-processing, compaction and deduplication.
"SecDataOps is really an operating model," he explains. "[It's] a way to think about leveraging the data, to build data, to build out security use cases from a data-flow perspective."
He's bringing it to market because he doesn't expect security practitioners to suddenly take up data as a new task.
"Security teams don't have data engineers by default," Valletin says. "That's usually a different skill."
This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them!
The full interview is above. Notable points along the way:
00:00 – Mandy Logan, Pulse Security Weekly, Matias Valentin, Tenzir
00:17 - Black Hat experience smooth, new tool launches
00:37 - Tenzir: Open-source security data pipeline
03:45 - Data engineering challenges for security teams
06:03 - Data wrangling for security teams
10:50 - Security data pipelines empower agile use cases
13:22 - Node-based security data pipelines: flexible, cost-effective
14:41 - Future-proof security operations for data aggregation