Business Security Weekly episode 188: Hosts Matt Alderman, Paul Asadoorian, and Jason Albuquerque speak with Gravwell co-founder Corey Thuen about harnessing the power of raw, unstructured data for security and operations.
"Rather than trying to 'normalize', we take in all types of raw data. Logs come in and are stored in the data lake including the time series format, so you can go back in and access raw data in its original format." ~Corey Thuen, CEO, Gravwell
(regarding the Gravwell pricing model) "That pricing model ... eliminates so many roadblocks to bringing something like this into your organization as a platform." ~Jason Albuquerque, host, Business Security Weekly
(in response to Matt Alderman's question "What are signs that your log management program is not working?") "An informal research project I've been conducting is in speaking with incident responders, I've asked the question 'when you roll up to some place because someone has paid you to come in and help respond to an incident, what percentage of those companies have their logs ready for you?' And the highest number that any of them have told me is 20%. Only 20% of organizations at the top have logs ready for incident response when they roll in. Which is an indicator of potentially having some troubles or inefficiencies with how you're collecting logs." ~Corey Thuen, CEO, Gravwell
from Security Weekly
