The cloud-native platform for centralized log management
Analytics, visualizations, and workflows purpose built for practitioners
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
In my experience, there are some questions that will literally blow the CISO’s mind. Well, let me be clear: not literally, figuratively. Not the CISO, but her SOC team. And not their minds, but their SIEM.
Hyperbole aside, this happens regularly.
Recently a customer called this “the 5TB question.” Sounds geeky, but it makes sense. The CISO would get a “simple” question from the CEO or CIO that would require at least 5TB / day of additional data ingestion and analytics to answer. The first time it happened to him, it was the straw that broke the SOC’s back. He ripped out his legacy system and never looked back.
I started asking more customers about their “5TB / day nightmare,” and it turns out that this happens all the time and sometimes it’s more like 50 TBs:
So why is it, after all the work you’ve done, that adding much more data into your SIEM or logging platform will break things? Three inconvenient truths emerge, and the last one is the worst:
As I said, the third reason is the worst. But it’s happening all the time.
We all know we’re just one meeting away from our own “5TB” question. Books have been written about the explosion of data. During this bizarre, ongoing COVID time, new data needs have emerged:
Today SOCs ingest data from core security systems—firewalls, IPS, identity—which is mostly manageable with the legacy SIEM solutions many organizations still use. But CEOs and CIOs now ask questions that go far beyond traditional security topics. Collecting and digging through ever-growing data logs to find answers is causing legacy security systems to collapse. The challenge facing security teams is how can they respond to these urgent questions, which require querying multiple terabytes of data to answer?
CISOs are facing demands to effectively log more and different types of data than ever before, especially in organizations accelerating their cloud shift. And these growing demands raise many concerns.
Security logging solutions have not kept pace with organizations’ need to collect the amounts of data required to answer these critical questions. This forces organizations to retain less historical data, reduce query performance, or spend significantly more on logging. None of these options is appealing.
Luckily, the answer isn’t so hard anymore. I’ve been in the logging space for 20 years across three different solutions, each leapfrogging the last. Today we’re helping the largest organizations to ramp fast to meet this need. Key is a cloud-native architecture, a friendly cost and price structure, and amazing analytics. We’re helping organizations ween off of punitive contracts and transition in a matter of weeks.
As a CISO, are you fully prepared to answer these mind-blowing 5-, 25-, or 50TB questions?
By Marc van Zadelhoff
Sign up to stay informed with the latest updates from Devo.