Enterprises struggle to balance data retention costs with compliance
A new survey of 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide, finds that just 35 percent of data stored in legacy SIEMs delivers tangible value for threat detection.
In addition, only 13 percent of organizations separate out low value data for cheaper storage in a raw data repository. Due to SIEM storage costs, 68 percent of IT security decision makers say they discard low value data and have to hope they won't regret it.
It's perhaps not surprising that 62 percent of IT security decision makers say they are fed up with 'pouring money down the drain' storing useless data just to tick a box for compliance.
The survey results have been released alongside Red Canary's launch of new Security Data Lake capabilities to help organizations tackle these issues head on. 84 percent of IT security decision makers say having a security data lake to store low value logs at reduced costs would maximize the value of their SIEM spend.
"Security teams are already stretched thin, balancing growing data retention requirements with shrinking budgets," says Mary Writz, SVP of product management at Red Canary. "Not all data offers equal value for threat detection and response, yet organizations are often required to retain vast amounts of it to stay in compliance. SIEMs were historically the most common place to store all this data, but the high costs mean organizations get a low return on investment for any logs that they rarely use. If log sources don't help security teams to detect threats, organizations shouldn’t pay a premium to store them."
Features of Security Data Lake include the ability to ingest logs from any source and retain high-volume but infrequently accessed logs, such as firewall, DNS, and SASE data. Logs can be exported on demand to compile audit reports when needed.
Users can employ SQL search to run ad-hoc queries during incident investigations and search data by attributes such as hostnames, IPs, URLs, and date/time ranges , as well as performing basic statistical analysis to enhance detection workflows.
"We designed Red Canary Security Data Lake to seamlessly integrate with Red Canary's platform, ensuring security teams can manage their data efficiently without added complexity," adds Writz. "Whether organizations want to optimize their SIEM costs or need a scalable solution to store security data without a SIEM, they get a native, fully managed experience that scales with them. Security teams shouldn't have to choose between affordability and security effectiveness -- we're making it easier for them to have both."
You can find out more on the Red Canary blog.
Image credit: ISergey/depositphotos.com