3 years ago

Category: Software, Business, Database, Security, Data, Infrastructure, artificial-intelligence

Successful implementation of a security monitoring infrastructure involves people, process, technology and data, and requires multiple iterative phases to reach maturity. Security data comes from multiple sources and the prevailing method at the time of this writing is to acquire security data by consuming log files from every possible asset, (be it an application, database, virtual machine, container, microservice, operating system, server, network component, storage and even intelligent power strips) and then sending that data to a SIEM or log management system such as Splunk, SumoLogic, or Elastic.

This shift in digital supply chain requires a shift in security monitoring practices.

This is where a time-series database becomes a critical and natural solution by converting all your log data and security events to collections of time series.

In contrast, time-series databases normalize security event data at data ingest into an efficient, standardized format allowing you to store security data economically and index on multiple attributes to enable fast searches.