Recently a prospect (now a customer) approached us with an unusual problem. Their adoption of a SIEM platform was going too well. Confused? Let me explain.
As is often the case in large organizations, the adoption of a new technology began with a single unit within the company. As the unit experienced the benefits of their SIEM solution, other units began to take notice and asked if they could also use the new platform. As adoption grew laterally throughout the organization, they discovered they were quickly approaching the data limits of their existing contract. However, they lacked the budget to expand beyond the terms of their contract. The team asked if Calyptia could help.
We could, and we did.
Calyptia’s Solution: Reduce the Volume of Data
Calyptia’s solutions address the first mile of observability — the telemetry pipeline that collects, processes, transforms as needed, and routes your data to your SIEM or observability platform. Calyptia doesn’t replace your existing toolset; we enhance it while simultaneously simplifying the management of your telemetry platform.
By integrating Calyptia with their existing SIEM solution, the team could process event data before it landed in their SIEM platform. As a result, they could identify duplicate and other “noisy” irrelevant data midstream and redirect it to cheaper storage solutions such as S3. Calyptia’s ability to replay this redirected data at a later date adds a layer of protection against overly aggressive filtering of data when trying to reduce the noise since no data is lost.
The result significantly reduced irrelevant data flowing into their SIEM platform.
We are often asked to help reduce a company’s spending by reducing the amount of data flowing into their SIEM or observability platform. In this instance, our customer had a different strategy. They wanted to expand the availability of their SIEM solution while staying within their existing budget. They believed this was good for the company and that a budget increase would follow as more units found success with the SIEM.
How Much Data Flow Could You Reduce?
Interested in learning how much your data flow could be reduced. We will be happy to perform a no-obligation analysis of your system. Just set up a time to meet with us.