Too Much Success? — How Calyptia Solved an Unusual Problem with a Team’s SIEM Adoption

Written by Erik Bledsoe in Customer Success Storieson May 5, 2023

Too Much Success? — How Calyptia Solved an Unusual Problem with a Team’s SIEM Adoption

Recently a prospect (now a customer) approached us with an unusual problem. Their adoption of a SIEM platform was going too well. Confused? Let me explain.

As is often the case in large organizations, the adoption of a new technology began with a single unit within the company. As the unit experienced the benefits of their SIEM solution, other units began to take notice and asked if they could also use the new platform. As adoption grew laterally throughout the organization, they discovered they were quickly approaching the data limits of their existing contract. However, they lacked the budget to expand beyond the terms of their contract. The team asked if Calyptia could help.

We could, and we did.

Calyptia’s Solution: Reduce the Volume of Data

Calyptia’s solutions address the first mile of observability — the telemetry pipeline that collects, processes, transforms as needed, and routes your data to your SIEM or observability platform. Calyptia doesn’t replace your existing toolset; we enhance it while simultaneously simplifying the management of your telemetry platform.

By integrating Calyptia with their existing SIEM solution, the team could process event data before it landed in their SIEM platform. As a result, they could identify duplicate and other “noisy” irrelevant data midstream and redirect it to cheaper storage solutions such as S3. Calyptia’s ability to replay this redirected data at a later date adds a layer of protection against overly aggressive filtering of data when trying to reduce the noise since no data is lost.

The result significantly reduced irrelevant data flowing into their SIEM platform. 

We are often asked to help reduce a company’s spending by reducing the amount of data flowing into their SIEM or observability platform. In this instance, our customer had a different strategy. They wanted to expand the availability of their SIEM solution while staying within their existing budget. They believed this was good for the company and that a budget increase would follow as more units found success with the SIEM.

How Much Data Flow Could You Reduce?

Interested in learning how much your data flow could be reduced. We will be happy to perform a no-obligation analysis of your system. Just set up a time to meet with us.

You might also like

Fluent Bit

Statement on CVE-2024-4323 and its fix

We'd like to make sure you’re aware of a security vulnerability (known as CVE-2024-4323) that impacts Fluent Bit versions 2.0.7 through 3.0.3. The latest version of Fluent Bit, version 3.0.4, fixes this issue.

Continue reading
Fluent Bit

Explaining the Fluent Bit processor

Fluent Bit 2.1.2 introduced customization logic for input and output plugins called Processors (not to be confused with the Stream Processor). Here's an example of its use.

Continue reading
Fluent Bit or Fluentd

Fluent Bit and Fluentd – a child or a successor?

Fluent Bit may have started as a sibling to Fluentd, but it is fair to say that it has now grown up and is Fluentd's equal. Learn which is right for your needs and how they can be used together.

Continue reading