After 2 decades of trying to make SIEMs work, security data lakes are a hot topic as they present an increasingly attractive alternative. The only hotter topic is ChatGPT and the game changing potential of AI. So in episode 52 of Security Voices, we mash the two together as Dave, Pathik Patel (Informatica), and Omer Singer (Snowflake) explore the many angles of security data lakes with an AI-assist from ChatGPT.

From a functional definition to dishing on whether security data lakes signal the death of the SIEM, ChatGPT weighs in impressively early in the episode. Its later performance is much more suspect, seemingly gassing out under the pressure of harder (more poorly formed?) questions and likely a knee-buckling workload from millions of others testing the service simultaneously. The humans go on to discuss the real-time expectations for SIEMs vs. the “single source of truth” nature of security data lakes which lead to an exploration of product “suites” vs. specialized services and promise of the data lake to potentially unify them all.

The week prior to the recording was the announcement of both the Open Cybersecurity Schema Framework (OCSF) standard alongside AWS’ new Security Data Lake offering built on top of S3. We discuss the implications of AWS entering the space and what it means for already entrenched companies like Snowflake and Splunk. Pathik explains the significance of OCSF for security leaders and his projection of how important it will be for alleviating vendor lock-in and ultimately boosting our ability to provide strong security analytics.

The practical realities of building and running a security data lake are clearly described from Pathik’s experience at Informatica focusing on harmonizing and reporting on vulnerability data. He makes plain the amount of work involved– and the clear benefits of piggybacking off the company’s existing data lake.

The episode wraps with ChatGPT refusing to say anything further while Omer and Pathik take turns doing some end of year crystal ball gazing.