Stale logs sitting on a storage device somewhere are just that… stale. SecOps teams can’t easily make use of them, rendering them almost useless for investigations. The value of your data deteriorates fast when you can’t easily access it. Restoring data from a frozen state can be painful, especially when you don’t know the exact timeframe you need to look at. 

Additionally, your organization also likely needs to keep logs for a period of time for one or more compliance reasons. But as compliance alone clearly doesn’t equal security, there’s somewhat of a paradox of stashing logs to check the compliance box but not being able to put them to good operational use. 

Ultimately, you’re faced with the choice between expensive hot or warm storage costs, or using cheaper inaccessible cold or frozen logs. Or are you…? Enter stage right: Exabeam Cloud Archive! Available as an add-on to Exabeam Saas Cloud solutions, Cloud Archive solves the conundrum of log accessibility vs storage cost. You can store your logs securely in Exabeam Cloud Platform, and search them with ease. 

And meeting compliance requirements is a breeze — your data can be stored and searched for up to 10 years. No fiddly restore efforts to demonstrate during audits, and as the data is written in immutable files you know that it’s not been tampered with or accidentally modified. 

Logs sent to Cloud Archive are fully parsed, and are searched and filtered using the same methods as Exabeam Data Lake. No new querying languages to learn, and no unacceptably long wait times to get valuable results from your data. 

How it works: Cloud Archive directly integrates with the Exabeam SaaS Cloud infrastructure to ingest all the received logs. Cloud Archive indexes and stores logs in a cloud-native object store, then makes those logs available through its search service. Logs in Cloud Archive are parsed the same way they are in Data Lake. To ensure parsing consistency, Cloud Archive synchronizes the parser configuration with Data Lake every 24 hours.


Drive-by Compromise Technique
Figure 1: Cloud Archive architecture in Exabeam Cloud.
 

To learn more about Cloud Archive — check out the Cloud Archive datasheet!

Senior Product Marketing Manager

Samantha has 20 years of experience in cyber security. She has defined strategy for multiple security products and technologies, helped hundreds of organisations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained anyone who’ll listen on security concepts and solutions. She authors articles for various security publications, and is a regular speaker and volunteer at industry events, including BSides, IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team Village (DEFCON)."

Follow on Linkedin

More like this

If you’d like to see more content like this, subscribe to the Exabeam Blog

Subscribe