Too Much Success? — How Calyptia Solved an Unusual Problem with a Team’s SIEM Adoption

Written by Erik Bledsoe in Customer Success Storieson May 5, 2023

Too Much Success? — How Calyptia Solved an Unusual Problem with a Team’s SIEM Adoption

Recently a prospect (now a customer) approached us with an unusual problem. Their adoption of a SIEM platform was going too well. Confused? Let me explain.

As is often the case in large organizations, the adoption of a new technology began with a single unit within the company. As the unit experienced the benefits of their SIEM solution, other units began to take notice and asked if they could also use the new platform. As adoption grew laterally throughout the organization, they discovered they were quickly approaching the data limits of their existing contract. However, they lacked the budget to expand beyond the terms of their contract. The team asked if Calyptia could help.

We could, and we did.

Calyptia’s Solution: Reduce the Volume of Data

Calyptia’s solutions address the first mile of observability — the telemetry pipeline that collects, processes, transforms as needed, and routes your data to your SIEM or observability platform. Calyptia doesn’t replace your existing toolset; we enhance it while simultaneously simplifying the management of your telemetry platform.

By integrating Calyptia with their existing SIEM solution, the team could process event data before it landed in their SIEM platform. As a result, they could identify duplicate and other “noisy” irrelevant data midstream and redirect it to cheaper storage solutions such as S3. Calyptia’s ability to replay this redirected data at a later date adds a layer of protection against overly aggressive filtering of data when trying to reduce the noise since no data is lost.

The result significantly reduced irrelevant data flowing into their SIEM platform. 

We are often asked to help reduce a company’s spending by reducing the amount of data flowing into their SIEM or observability platform. In this instance, our customer had a different strategy. They wanted to expand the availability of their SIEM solution while staying within their existing budget. They believed this was good for the company and that a budget increase would follow as more units found success with the SIEM.

How Much Data Flow Could You Reduce?

Interested in learning how much your data flow could be reduced. We will be happy to perform a no-obligation analysis of your system. Just set up a time to meet with us.

You might also like

Fluent Bit

A practical guide for avoiding data loss and backpressure problems with Fluent Bit

Learn how to detect and avoid backpressure problems with Fluent Bit by balancing memory-based and filesystem-based buffering.

Continue reading
Chronosphere + Calyptia

Calyptia joins Chronosphere to build the future of observability

Today we are excited to announce that Calyptia is now part of Chronosphere. This will bring new benefits and opportunities to both Calyptia and Chronosphere customers while we continue to provide a vendor neutral approach to control observability data to any backend.

Continue reading
Processing Custom IIS server logs with Fluent Bit, Wasm, and Rust

Processing Custom IIS server logs with Fluent Bit, Wasm, and Rust

Create a custom processing script for IIS logs written in Rust and implemented using the Fluent Bit Wasm plugin.

Continue reading