# E177: RunReveal's Anti SIEM SIEM Platform (With AI That Actually Works!) Page: https://stenobird.com/podcast/open-source-startup-podcast/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works Text version: https://stenobird.com/podcast/open-source-startup-podcast/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works.md Podcast: [Open Source Startup Podcast](https://stenobird.com/podcast/open-source-startup-podcast) Published: 2025-07-08T19:05:18+00:00 Episode link: https://podcasters.spotify.com/pod/show/ossstartuppodcast/episodes/E177-RunReveals-Anti-SIEM-SIEM-Platform-With-AI-That-Actually-Works-e359h8k Audio file: https://anchor.fm/s/3eab794c/podcast/play/105218772/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2025-6-8%2Ff4c6d97f-ebc9-d20b-20fa-ab82a004d21d.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/open-source-startup-podcast/episodes/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works Duration seconds: 2613 ## Resource RunReveal is challenging the 'walled garden' SIEM model by providing a high-performance security data platform built on ClickHouse. The discussion explores how decoupling security data from proprietary vendors enables AI-driven investigations and more efficient data management. ## Highlights - Main idea: Traditional SIEMs create expensive, proprietary data silos that prevent security teams from effectively utilizing their own logs - Practical takeaway: Using an open-source event processing library like Kawa allows for scalable, high-volume event processing as an alternative to Flink or Spark - Failure mode: Relying on proprietary collectors for endpoint security can hinder the ability to audit, extend, or modify critical infrastructure - Main idea: The Model Context Protocol (MCP) is a critical bridge for enabling LLMs to perform automated security investigations using standardized data schemas - Spicy take: The risks of data exposure to third-party LLMs will likely trigger a massive industry shift back toward on-premises and self-hosted infrastructure ## Topics Security Information and Event Management, ClickHouse, Open Source Software, Artificial Intelligence, Model Context Protocol, Data Engineering, Cybersecurity Automation, Event Stream Processing ## Chapters - 1:00 — Founding Story: The transition from building honeypots at Cloudflare to identifying a massive gap in the security data market. - 4:15 — The Problem with Walled Gardens: How proprietary SIEM architectures lead to massive ingestion costs and data inaccessibility. - 17:25 — Open Source Strategy: Balancing SaaS product growth with community trust through open-source projects like Kawa and RevealD. - 23:45 — AI-Powered Investigations: Leveraging standardized schemas and the Model Context Protocol (MCP) to automate security workflows. - 36:50 — Technical Learnings & Future Trends: Reflections on early technical decisions and the predicted resurgence of on-prem deployments due to AI privacy concerns. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/open-source-startup-podcast/episodes/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/open-source-startup-podcast/e177-runreveal-s-anti-siem-siem-platform-with-ai-that-actually-works.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.