How Stellar Cyber Addresses Data Storage Pain
Security problems are essentially data problems. For threat detection, investigation and forensic analysis, ideally one would like to collect as much data as they can and store it as long as they want. However, everything has its limitations. For example, the high long-term storage costs, the slow speed of search/query and infrastructure requirements are common complaints for legacy SIEMs. Thus let’s set the record straight about how Stellar Cyber’s SIEM functions on its Open XDR platform address these data storage issues. There are many big differences with Stellar Cyber’s data storage.
You Can Capture the Right Data
Stellar Cyber gives you a 360-degree view of your security infrastructure by capturing data from variety of data sources including endpoints, servers, applications, cloud, users. Instead of acting like a log data vacuum cleaner and scooping up every piece of data like packets in network traffic, Stellar Cyber captures only security-relevant data. We extract only the metadata that matters. We also allow customers to filter out the data they don’t think they need for their environment. Of course, you can choose to store all the data if you like, but most of our customers are more than happy with collecting the right data.
You Can Store Unlimited Data in a Cloud-Native Data Lake
Even with the right data, your data volume will increase for certain as your applications grow and your business grows. Your data is stored in an elastic data lake with a microservice-based, cloud-native architecture in a clustering manner. When your data volume grows, you can grow the data lake with it by simply adding more nodes and storage to the cluster. You can do this without affecting the storage and search performance.
You Can Perform Fast Forensic Analysis and Threat Hunting on Your Data
The fast forensic analysis and threat-hunting capabilities are built on top of our scalable data lake. The normalized and real-time enriched data can be searched quickly by any data field or any combination of fields. Data is also automatically evaluated for anomalies by our AI-powered detection engine. Your analysts can use pre-built threat-hunting playbooks to ferret out threats wherever they reside. Remember, Stellar Cyber gives you a 360-degree view of your security infrastructure (endpoints, servers, applications, cloud) so our solution sees threats wherever they crop up.
You Can Customize Different Storage Retention Time
Unlike many stand-alone SIEM products, Stellar Cyber recognizes that every customer has different data retention requirements. We let you choose the storage retention time for your data, and you can do it per tenant in a multi-tenancy environment. You can have flexible choices such as weeks or months, or over a year if you like, and you can configure the retention time for different types of data. You can store important data longer while storing less important data for a shorter period of time.
You Can Use Different Storage Types
For time-series data, not all the data are equal when time elapses. While most SIEM products store all data in “hot” storage for immediate retrieval, we allow you to choose whether to store data in hot or cold storage. Many customers save money by assigning their older data to cold storage, which is much more affordable. Rest assured, though, you can still analyze data in cold storage, and you can easily bring data from cold storage to hot storage for forensic analysis if it becomes necessary.
You Can Choose Different Storage Locations
Cloud-based SIEM products store your data in the cloud, and you pay extra for that. Stellar Cyber offers multi-tiered storage – you can choose cloud-based storage, on-prem storage like your affordable NAS, or other cheap storage mechanisms to save on costs. You can even use a hybrid mix of storage types.
Why Not Have it Your Way with Open XDR?
So, by choosing Stellar Cyber’s Open XDR platform and using our built-in SIEM capabilities, you not only get long-term data storage, but you gain flexibility about where and how that data is stored to drive down costs, along with the ability to apply our award-winning analytical and response engines to spot and remediate threats as they are found. For more information, you are welcome to visit https://stellarcyber.ai/products/single-unified-data-lake/
Why put on another SIEM’s expensive straitjacket when you can choose your own approach to storage and analysis?