The crazy IMPACT of the Data Lake

When we began building the security data lake solution, we had no idea that this solution would evolve and meet so many important needs for the enterprise. Most importantly, we found the solution is changing the way we approach security engineering. We didn't anticipate that we would be able to bring together multiple IT silos … Continue reading The crazy IMPACT of the Data Lake

The crazy IMPACT of the Data Lake

When we began building the security data lake solution, we had no idea that this solution would evolve and meet so many important needs for the enterprise. Most importantly, we found the solution is changing the way we approach security engineering. We didn't anticipate that we would be able to bring together multiple IT silos … Continue reading The crazy IMPACT of the Data Lake

Big Lake = Big Value

“Getting value out of your data lake” For the first time in the security industry, we are seeing security operations teams and data analytics teams working together. This positive development illustrates that security data has value to everyone and can be shared throughout a company. It is important to take control of your data destiny, … Continue reading Big Lake = Big Value

Data Transformers to the Rescue

ETL vs Log Forwarding - Why your security future depends on it! We are now officially in a new era of security engineering.  This era is characterized by big data analytics encompassing AI, machine learning, and data warehousing. In our previous posts, we discussed the need for security operations to have greater visibility into log … Continue reading Data Transformers to the Rescue

Azure Security Data Lake

Harnessing The Power of Big Data Analytics and AI - Security's Future Welcome to the SOCAUTOMATORS series on building a Security Data Lake. This series of blog posts and accompanying videos will help you design your data lake and provide guidance on technically implementing the solution in Azure. Many organizations need to harness the power … Continue reading Azure Security Data Lake

Filling Up the Security Data Lake

Dam the Lake! The foundation of our data “dam” is a pool of information collected from multiple sources. Some data is ingested directly into the data lake storage account. Other data is ingested into the SIEM and later forwarded on to the data lake to meet long-term retention requirements.  Typically, 70% of data ingested into … Continue reading Filling Up the Security Data Lake

What to bring to the Data Lake?

“Yes – it’s more than bathing suit” Security engineering teams need to develop new skills to provide their security analysts with the necessary depth of data and analytics to perform their jobs effectively. Analysts require this data to be readily available in the SIEM during an incident. We must reduce the speed of triage to … Continue reading What to bring to the Data Lake?

Will your SIEM survive?

“The rise of data and the security data lake” There is a long-standing problem in cybersecurity. There is the ever increasing need to log more sources to provide needed visibility to detect threat activity. The need to ingest raw logs has created an ingestion problem. The SIEM was supposed to be the ultimate solution to … Continue reading Will your SIEM survive?