Long-term Retention
Security teams need to store large amounts of data for years for two primary reasons:
- In order to adhere to compliance and regulatory requirements
- To perform retrospective investigations and threat hunting
Multi-cloud Organization
Security data originates and resides in several locations, especially in multi-cloud or hybrid-cloud organizations. Security products and teams need complete visibility into the entirety of the data so that they can perform detection, incident response, threat hunting, etc. Since the volume of data is large, moving the data away from where it originates incurs costly egress fees.
Data Flexibility
Traditional SIEMs store data internally using proprietary data storage technologies making it only accessible through APIs exposed by the SIEM. Being able to access the data through standard, open formats empowers teams to perform other data-intensive activities like internally training ML models in an ergonomic and efficient manner.
Fast Query and Search
Searching through petabytes of security data doesn't have to take hours. Low-latency queries and searches enable security analysts to apply detections at the speed of an attack and also allows security engineers to explore threat hunting in real-time.