That's one reason that having 400 days of live data is pretty huge. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. In the past, our operational norm was to keep live data for only 30 days.
And they can not only do so from a security point of view, but even for operational use cases. Devo is pulling back information in a fast fashion, based on real-time events." "Those 400 days of hot data mean that people can look for trends and at what happened in the past. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure.
I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way." "The real-time analytics of security-related data are super. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. And I can do that by creating entity-based queries. You'd have a backlog of processing the logs as it was ingesting them." "It's very, very versatile." "The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. "The most valuable feature is definitely the ability that Devo has to ingest data.
0 kommentar(er)
