Red Canary announced new capabilities for
Red Canary Security Data Lake, a service that enables IT and security teams to
efficiently store, search, and access large volumes of infrequently accessed
logs-such as firewall, DNS, and SASE data-without overspending on legacy SIEMs.
Security teams
struggle to balance data retention costs with ensuring they have the relevant
logs available when needed for threat investigations and response. In fact, new
research surveying 300 IT and security professionals, commissioned by Red
Canary and conducted by Censuswide in February 2025, found that:
-
Just 35% of data stored in legacy SIEMs delivers tangible
value for threat detection.
-
Only 13% of organizations separate out low value data for
cheaper storage in a raw data repository.
-
Due to SIEM storage costs, 68% of IT security decision
makers discard low value data and have to hope they won't regret it.
-
84% of IT security decision makers say having a security
data lake to store low value logs at reduced costs would maximize the value of
their SIEM spend.
-
62% of IT security decision makers say they are fed up
with pouring money down the drain storing useless data just to tick a box for
compliance.
Red Canary's
new Security Data Lake capabilities help organizations tackle these issues head
on. Whether organizations are looking to complement an existing SIEM investment
by storing lower-value data more efficiently or need a standalone solution for
managing security logs without a SIEM, Red Canary's Security Data Lake delivers
flexibility, cost savings, and seamless access to critical data when it matters
most.
"Security teams
are already stretched thin, balancing growing data retention requirements with
shrinking budgets," said Mary Writz, SVP of Product Management at Red Canary.
"Not all data offers equal value for threat detection and response, yet
organizations are often required to retain vast amounts of it to stay in
compliance. SIEMs were historically the most common place to store all this
data, but the high costs mean organizations get a low return on investment for
any logs that they rarely use. If log sources don't help security teams to
detect threats, organizations shouldn't pay a premium to store them."
What's new:
Ingest logs from any source
-
Retain high-volume, infrequently accessed logs, such as
firewall, DNS, and SASE data.
-
Store raw, line-delimited data (e.g., JSON strings,
Syslog messages) that is writable to an Amazon S3 bucket or Syslog collector.
Demonstrate compliance in highly regulated
industries, such as financial services and healthcare
-
Store logs indefinitely to meet retention requirements.
-
Export logs on demand to compile audit reports when
needed.
Ensure data availability for threat investigations
-
Use SQL search to run ad-hoc queries during incident
investigations.
-
Search data by attributes such as hostnames, IPs, URLs,
and date/time ranges.
-
Perform basic statistical analysis to enhance detection
workflows.
"We
designed Red Canary Security Data Lake to seamlessly integrate with Red
Canary's platform, ensuring security teams can manage their data efficiently
without added complexity," added Writz.
"Whether
organizations want to optimize their SIEM costs or need a scalable solution to
store security data without a SIEM, they get a native, fully managed experience
that scales with them. Security teams shouldn't have to choose between
affordability and security effectiveness-we're making it easier for them to
have both."