Gravwell co-founder Corey Thuen chats with Risky Business host Patrick Gray for the "Snake Oilers" edition of the Risky.Biz podcast (Snake Oilers 12 part 2). They cover some of the key differentiators that Gravwell brings to the SIEM market, including structure-on-read ingestion, and access to raw binary data.
Here are a few excerpts from the 22 Oct 2020 podcast:
“Gravwell makes a structure-on-read based SIEM, which is an interesting point of difference ... They enable large-scale, fully unstructured data ingest. So basically what they’ve built is a SIEM that does structure-on-read so instead of trying to format all of your event data on ingest you can just put it somewhere raw and figure out how to throw it on a timeline when you want to look at it.” ~Patrick Gray, Risky Business podcast host
"The problem Gravwell is seeking to solve is the fact that organizations have a bunch of data coming in from their applications, from systems, from the cloud, and they need to be able to make sense of it for making decisions like security, finding bad guys who are targeting them, but also business decisions like which of our products is doing the best, which of our web pages has been popular this week, has this marketing campaign made sense. Sort of all the questions that data can inform the decisions to, is where Gravwell helps.” ~Corey Thuen, CEO, Gravwell
(regarding the difference between Gravwell and competitors in the space) "The difference is you don’t need to actually do the plumbing … you just pull all the data in and then you can search. You can meaningfully search binary data." ~Patrick Gray, Risky Business podcast host
(in response to Patrick Gray's question about why a CISO might be interested in Gravwell) "The core problem is, as a CISO it’s very unlikely that you’re collecting all the data that you want, and that’s for a variety of reasons - maybe it’s in binary, maybe you want packet data or netflow data but you can’t because it’s binary and you can’t convert it. Or maybe it’s cost – maybe your dev ops team wants to be able to put data in, but the security team’s budget is out and so there’s in-fighting between organizations. That kind of thing happens all the time. That’s where we come along ... Our pricing model is significantly different than the rest of the industry. We encourage you to put in as much data as possible because it’s your data, you own it, and you will benefit by having more data, and the method to be able to search through that data." ~Corey Thuen, CEO, Gravwell
Listen to the full podcast here:Risky.Biz