Reduce the Cost of Log Retention

Avoid paying a premium for high volume, low fidelity security data storage. By sending that data to Red Canary, you’ll save money while maintaining accessibility for your team’s and Red Canary’s investigations.

Key Benefits

Reduce SIEM costs

Pay a fraction of SIEM storage costs for high volume, low fidelity data sources like Firewall, DNS, and SASE logs.

Meet retention requirements

Prove to auditors that your data is retained and can be retrieved on-demand. If you need to export specific logs you can do so at any time.

Investigate stored data

Ensure visibility into your data for your team’s and Red Canary’s investigations, improving your security posture.

The Challenge

Security leaders face tough tradeoffs when managing security data. Storing too much in a SIEM results means you’re overpaying on infrequently searched, low-value data, while managing a data lake adds infrastructure headaches. You need a solution that reduces overhead and keeps data accessible at all times.

Our Solution

Flexible and cost-efficient retention

Store raw data–JSON strings, syslog messages, anything that’s line delimited that you can write to an S3 bucket–for any length of time specified by you.

SQL search and analytics

Use SQL to search based on specific attributes–IPs, hostnames, URLs, date/time ranges–and run basic statistical analyses to support internal investigations.

MDR enhancement

Red Canary can leverage the Security Data Lake during our investigations, strengthening your detection and response coverage.