Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Blog Product updates

Dive into the Red Canary Security Data Lake

Red Canary now offers cost-efficient data storage that improves your security posture

Dylan Solomon

Organizations need to achieve multiple objectives with their security data, with perhaps the most important being:

  • threat detection
  • threat investigation
  • regulatory compliance

 

Threat detection often drives data storage decisions for the other two–if not all–security objectives, with SIEM products serving as a general security data storage hub. This approach to storage leads to common and recurring frustrations, such as:

  1.  You need to comply with annual log retention policies, but your SIEM only retains logs for three months
  2.  Most of the logs you’re storing in your expensive SIEM do not contribute to threat detection
  3.  Neither your team nor your security service provider can efficiently query historical data during investigations and threat hunts

 

Not all data sources are equally valuable, and they shouldn’t be priced that way. That is why we are excited to announce the Red Canary Security Data Lake, a centralized and scalable repository for storing your high-volume, low-detection-value security data at a reasonable rate.

 

 

How it works

Set up integrations in minutes

If you can forward your logs to an AWS S3 bucket, or a Syslog server, you can add it to the Security Data Lake. We’ve tallied 200+ supported integrations spanning security products, cloud service providers, productivity software, and more.

Integrations in the Red Canary Security Data Lake

Demonstrate compliance

In many cases, just taking a screenshot is sufficient to prove certain logs are retained, but should you need to prove data retention to an auditor, we make it easy to find those logs and export.

Screenshot of logs exporting from Red Canary's Security Data Lake

Investigate your data

You can write SQL queries directly against your supported data sources within the Red Canary platform. Search across all your logs for specific events, answer questions like “Is this normal or anomalous?”, aggregate data to identify trends, and perform complex analysis to uncover hidden threats—all with the familiar and powerful language of SQL.

MDR investigation using Red Canary's Security Data Lake

Supercharge your MDR (coming soon)

Starting in Q3, Red Canary analysts will be able to leverage your data in the Security Data Lake during MDR investigations. Over the course of this year, we will optimize our investigation workflows to leverage stored data throughout the detection and response lifecycle.

MDR investigation using Red Canary's Security Data Lake

So what does this mean for you?

It means fewer dollars wasted. It means faster, more effective threat hunting and incident response. It means deeper, more actionable insights into your security posture.

Optimize security and storage with Red Canary's Security Data Lake

see for yourself
Request a demo and discover how Red Canary’s Managed Detection and Response and Security Data Lake work together to transform your security operations.
Related Articles
 

Red Canary named a Leader in MDR

 

The unusual suspects: Effectively identifying threats via unusual behaviors

 

Incorporating AI agents into SOC workflows

 

Red Canary: At the heart of your security operations

Subscribe to our blog

 

See Red Canary in action

Schedule your demo now
Get a Demo
 
 
 
 
Back to Top