Phillip Deneault
Assoc. Dir. Computer Security and Policy,
Boston College
Enterprise Logging without Limits? Ignore Ingestion Costs? Focus on Function? Shutter your SIEM? Maybe!
Wednesday, May 21, 2025 | 11:30AM–12:15PM ET | Harborside Ballroom B, 4th Floor
Session Type:
Breakout Session
Delivery Format:
Presentation/Panel
Using open source tools like OpenSearch and Apache Nifi, Boston College has developed solutions to perform large-scale log storage and management with minimal investment. The goal is to minimize, and possibly eliminate, the need for high operational cost SIEMs and other log storage tools and reuse the savings to improve detection and other next-generation features. We’ll cover some history and drivers that other universities will find familiar, talk about solutions that have worked, some that didn’t, and common "gotchas." Attendees will walk away with a model for how to migrate away from expensive commercial SIEMs for log storage, ideas which could immediately be used to help manage or bootstrap new, less expensive solutions, and with deep knowledge specific to an OpenSearch implementation.