Red Canary, a leader in managed detection and response (MDR), is adding new capabilities to Red Canary Security Data Lake, a service that enables IT and security teams to efficiently store, search, and access large volumes of infrequently accessed logs.
Security teams struggle to balance data retention costs with ensuring they have the relevant logs available when needed for threat investigations and response, according to the vendor.
Red Canary’s new Security Data Lake capabilities help organizations tackle these issues head on. Whether organizations are looking to complement an existing SIEM investment by storing lower-value data more efficiently or need a standalone solution for managing security logs without a SIEM, Red Canary’s Security Data Lake delivers flexibility, cost savings, and seamless access to critical data.
“Security teams are already stretched thin, balancing growing data retention requirements with shrinking budgets,” said Mary Writz, SVP of product management at Red Canary. “Not all data offers equal value for threat detection and response, yet organizations are often required to retain vast amounts of it to stay in compliance. SIEMs were historically the most common place to store all this data, but the high costs mean organizations get a low return on investment for any logs that they rarely use. If log sources don’t help security teams to detect threats, organizations shouldn’t pay a premium to store them.”
New capabilities include the ability to ingest logs from any source. Retain high-volume, infrequently accessed logs, such as firewall, DNS, and SASE data. Store raw, line-delimited data (e.g., JSON strings, Syslog messages) that is writable to an Amazon S3 bucket or Syslog collector.
Additionally, customers can demonstrate compliance in highly regulated industries, such as financial services and healthcare. Store logs indefinitely to meet retention requirements. Export logs on demand to compile audit reports when needed.
And the latest updates ensure data availability for threat investigations. Customers can use SQL search to run ad-hoc queries during incident investigations. They can search data by attributes such as hostnames, IPs, URLs, and date/time ranges. And perform basic statistical analysis to enhance detection workflows.
"We designed Red Canary Security Data Lake to seamlessly integrate with Red Canary’s platform, ensuring security teams can manage their data efficiently without added complexity,” added Writz. “Whether organizations want to optimize their SIEM costs or need a scalable solution to store security data without a SIEM, they get a native, fully managed experience that scales with them. Security teams shouldn’t have to choose between affordability and security effectiveness—we’re making it easier for them to have both.”
For more information about this news, visit https://redcanary.com.