SIEM Overview

The Iguazio Continuous Data Platform provides deep visibility and control of SIEM – security information and event management – including log management, identity and access-control and policy compliance tools, ensuring customers immediately detect and respond to threats. The platform drives real-time actionable insights from large volumes of fresh, historical and operational data, while leveraging the latest AI tools and eliminating data pipeline complexities at a fraction of the cost.

Benefits

  • Reduced costs
  • Improved search performance
  • Triggers real-time alerts
  • Incorporates new microservices with Spark ML and Presto (SQL)

Challenges

  • Limited analysis: Proprietary query languages with no machine learning capabilities and limited enrichment needed for a bigger and clearer picture
  • High costs: Limited aggregation and compression capabilities resulting in higher storage costs
  • Slow performance: Search queries to run on more storage and limited metadata capabilities hindering the detection of crucial insights on time

Our Solution

Enhanced analytics: The Iguazio Continuous Data Platform provides real-time insights and actions, combining multiple streaming feeds and external sources such as firewall and proxy servers, as well as repositories of known security threats. Developers can leverage a variety of machine learning frameworks such as Spark ML and Presto and easily develop apps using Python and Scala for anomaly detection and real-time alerts.

Reduced costs: Iguazio’s licensing model is based on storage capacity as opposed to indexed data. The platform’s filtering, compression and aggregation capabilities cut the amount of stored data and therefore result in a 40% cost reduction.

Accelerated performance: Iguazio’s advanced filtering, compression and aggregation capabilities also accelerate search queries that no longer need to run on raw data. Search queries run efficiently on structured events with metadata, at least 10% faster than before.