Stenobird

Episode

E177: RunReveal's Anti SIEM SIEM Platform (With AI That Actually Works!)

Podcast
Open Source Startup Podcast
Published
Jul 8, 2025
Duration seconds
2613
Processing state
processed
Canonical source
https://podcasters.spotify.com/pod/show/ossstartuppodcast/episodes/E177-RunReveals-Anti-SIEM-SIEM-Platform-With-AI-That-Actually-Works-e359h8k
Audio
https://anchor.fm/s/3eab794c/podcast/play/105218772/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2025-6-8%2Ff4c6d97f-ebc9-d20b-20fa-ab82a004d21d.mp3
JSON
/v1/public/podcasts/open-source-startup-podcast/episodes/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works
Markdown
/podcast/open-source-startup-podcast/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/open-source-startup-podcast/episodes/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/open-source-startup-podcast/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

RunReveal is challenging the 'walled garden' SIEM model by providing a high-performance security data platform built on ClickHouse. The discussion explores how decoupling security data from proprietary vendors enables AI-driven investigations and more efficient data management.

Topics

  • Security Information and Event Management
  • ClickHouse
  • Open Source Software
  • Artificial Intelligence
  • Model Context Protocol
  • Data Engineering
  • Cybersecurity Automation
  • Event Stream Processing

Highlights

  • Main idea: Traditional SIEMs create expensive, proprietary data silos that prevent security teams from effectively utilizing their own logs
  • Practical takeaway: Using an open-source event processing library like Kawa allows for scalable, high-volume event processing as an alternative to Flink or Spark
  • Failure mode: Relying on proprietary collectors for endpoint security can hinder the ability to audit, extend, or modify critical infrastructure
  • Main idea: The Model Context Protocol (MCP) is a critical bridge for enabling LLMs to perform automated security investigations using standardized data schemas
  • Spicy take: The risks of data exposure to third-party LLMs will likely trigger a massive industry shift back toward on-premises and self-hosted infrastructure

Chapters

  1. 1:00 Founding Story: The transition from building honeypots at Cloudflare to identifying a massive gap in the security data market.
  2. 4:15 The Problem with Walled Gardens: How proprietary SIEM architectures lead to massive ingestion costs and data inaccessibility.
  3. 17:25 Open Source Strategy: Balancing SaaS product growth with community trust through open-source projects like Kawa and RevealD.
  4. 23:45 AI-Powered Investigations: Leveraging standardized schemas and the Model Context Protocol (MCP) to automate security workflows.
  5. 36:50 Technical Learnings & Future Trends: Reflections on early technical decisions and the predicted resurgence of on-prem deployments due to AI privacy concerns.