Graylog ‘redefines’ SIEM

Graylog has unveiled significant security advancements to drive smarter, faster, and more cost-efficient security operations. The company’s latest capabilities include advanced data routing, asset-based risk scoring, and AI-generated investigation reports.

  • Monday, 28th October 2024 Posted 9 months ago in by Phil Alsop

These enhancements, and many others in the Fall 2024 release, help organizations realign their time and financial investment with security objectives, empowering security teams to confidently reduce risk. With a detailed understanding of the threat landscape at both user and system levels, Graylog enables organizations to make more informed decisions about their security posture and respond more effectively to potential threats.

Exclusive to Graylog is its native advanced data routing that enables practitioners to send lower-value “standby” data to inexpensive storage before it is indexed by Graylog. Standby data is available for retrieval into Graylog for future incident investigations. This classification shifts the typical SIEM license model to more accurately align with the overall value of the data. Security and IT operations teams can now invest time and money in the value of the data sent, processed, and stored while minimizing the number of technology solutions managed.

“A challenge with SIEMs has been the need to bring in all the data from log sources as if all the log messages are of equal value,” said Seth Goldhammer, vice president of product management at Graylog. “Of course, if a log message is dropped, it is gone forever. Our new data routing removes this compromise, allowing practitioners to bring in all the data and only pay for the log messages delivering value.”

Graylog's asset-based risk modeling finds related security events across attack surfaces and prioritizes what should be investigated with context such as vulnerability state, variance, and API risk. Instead of thousands of daily alerts requiring individual triage and investigation, Graylog prioritizes the high-risk users and systems for security analysts, grouping together multiple alerts and context to expedite the investigation.

Graylog’s Fall 2024 release includes a timeline visualization of events and leverages GenAI to summarize these details, including impact analysis, into an incident response report to further aid with those investigations and save analyst time.

Arctic Wolf enhances Aurora Platform with integrations

Posted 8 hours ago by Aaron Sandhu
Arctic Wolf boosts its Aurora Platform by integrating with Microsoft, Oracle, OneLogin, and CyberArk, enhancing security operations and flexibility.

Riverbed's leap in network observability

Posted 9 hours ago by Aaron Sandhu
Riverbed unveils AI-powered network observability solutions, enhancing IT efficiency and performance with the XX90 appliance series and Flex...
Rubrik and Sophos collaborate to introduce an integrated backup and recovery solution for Microsoft 365, enhancing ransomware resilience and data...

Rackspace Technology unveils cloud management platform

Posted 10 hours ago by Aaron Sandhu
Rackspace Technology introduces its enhanced Cloud Management Platform, empowering organisations with AI-enabled tools and next-gen upgrades for...

AirMDR unveils AI SOC Platform with free plan

Posted 13 hours ago by Aaron Sandhu
AirMDR introduces an AI-driven solution that automates SOC operations, along with a risk-free trial plan.

Cloudera expands horizons with Taikun acquisition

Posted 1 day ago by Aaron Sandhu
Cloudera acquires Taikun to bolster Kubernetes capabilities, enhancing flexibility and efficiency across IT environments.
Advania UK cements its leading position in the UK tech sector following the integration of CCS Media and Servium.
Palo Alto Networks' acquisition of CyberArk marks a significant shift, introducing Identity Security as a core focus in its multi-platform strategy.