The Revolutionary Aspect of SearchMore
By Augusto Barros, Vice President of Solutions
So you are working on your security monitoring and log management architecture. You look at your requirements and see:
- The need to collect logs from certain log sources to support your threat detection use cases.
- Provide advanced analytics capabilities to implement those same threat detection use cases.
- The need to collect logs from a superset of sources and store them for at least one year, due to compliance and investigation reasons.
- Provide the ability to quickly search the stored logs to support investigations during incident response.
During my past life as an industry analyst I heard that many clients facing these requirements decided to split security monitoring and log retention in two distinct solutions. Most existing SIEMs are limited in capacity and performance to handle the huge data load from the broader log retention requirements. Others, such as Splunk, can handle the load. But you need to pay for it. A lot.
The implications of the ever-growing volume of data to be collected by SIEM solutions and punitive license models is the addition of unnecessary architecture complexity to keep costs under control. Among other approaches, organizations have been:
- Adding cheaper, but limited open source log management systems to their environments to reduce the amount of data fed into their Splunk SIEM.
- Avoiding the consolidation of data from their cloud environments and reducing their ability to apply centralized analytics and simplify searching data during investigations.
- Applying aggressive filtering of data from their log sources to reduce the volume of data hitting Splunk, limiting their ability to perform Threat Hunting and increasing risks from compliance exposure or limited visibility for incident response.
The innovative SearchMore approach by Securonix is not simply delivering 50% in savings (or more) when compared to Splunk. By providing cost-effective search capabilities on the same platform used for security monitoring, the Securonix platform simplifies architecture decisions while maximizing the data available for threat hunting and incident response.
And of course, all this provided by a native SaaS solution. Running a single, SaaS based solution for threat detection and response can also provide savings by reducing the resources necessary to keep it up and running. Leave that to us, and focus your resources on using the advanced analytics and long-term search capabilities to support your security operations processes.