Too Much Success? — How Calyptia Solved an Unusual Problem with a Team’s SIEM Adoption

Written by Erik Bledsoe in Customer Success Storieson May 5, 2023

Too Much Success? — How Calyptia Solved an Unusual Problem with a Team’s SIEM Adoption

Recently a prospect (now a customer) approached us with an unusual problem. Their adoption of a SIEM platform was going too well. Confused? Let me explain.

As is often the case in large organizations, the adoption of a new technology began with a single unit within the company. As the unit experienced the benefits of their SIEM solution, other units began to take notice and asked if they could also use the new platform. As adoption grew laterally throughout the organization, they discovered they were quickly approaching the data limits of their existing contract. However, they lacked the budget to expand beyond the terms of their contract. The team asked if Calyptia could help.

We could, and we did.

Calyptia’s Solution: Reduce the Volume of Data

Calyptia’s solutions address the first mile of observability — the telemetry pipeline that collects, processes, transforms as needed, and routes your data to your SIEM or observability platform. Calyptia doesn’t replace your existing toolset; we enhance it while simultaneously simplifying the management of your telemetry platform.

By integrating Calyptia with their existing SIEM solution, the team could process event data before it landed in their SIEM platform. As a result, they could identify duplicate and other “noisy” irrelevant data midstream and redirect it to cheaper storage solutions such as S3. Calyptia’s ability to replay this redirected data at a later date adds a layer of protection against overly aggressive filtering of data when trying to reduce the noise since no data is lost.

The result significantly reduced irrelevant data flowing into their SIEM platform. 

We are often asked to help reduce a company’s spending by reducing the amount of data flowing into their SIEM or observability platform. In this instance, our customer had a different strategy. They wanted to expand the availability of their SIEM solution while staying within their existing budget. They believed this was good for the company and that a budget increase would follow as more units found success with the SIEM.

How Much Data Flow Could You Reduce?

Interested in learning how much your data flow could be reduced. We will be happy to perform a no-obligation analysis of your system. Just set up a time to meet with us.

You might also like

Illustration including logos of Fluent Bit, Slack, and Elastic

Enforcing structured logging across applications using Fluent Bit

In this article, we will leverage Fluent Bit’s log processing capabilities to ensure consistent structured logging across applications using two different methods. In addition, we demonstrate how to send alerts to Slack when the logs are not properly formatted.

Continue reading
Fluent Bit: Alerting via Slack when log destination is unreachable

Fluent Bit: Alerting via Slack when the log destination is unreachable

Learn how to use Fluent Bit to identify irregularities in the data pipeline as they occur and send alerts to Slack

Continue reading
Abstract design

Scaling ARM builds with Actuated

Calyptia fixed its failing Arm builds for open-source Fluent Bit and accelerated our commercial development by adopting Actuated and bare-metal runners.

Continue reading