A US based healthcare sector market leader was contending with constantly growing security telemetry volumes. Over the years, growth of infrastructure and new security tools had significantly expanded the aggregate log volume their SOC needed to access for investigations.
Meanwhile low and slow (APT) threats warranted longer retention periods with quick or hot access but queries were already taking too long. Scaling their existing on-premise SIEM solution would imply higher license costs as well as more infrastructure to buy, deploy and manage. The deployment of a modern EDR, valuable for its rich telemetry but voluminous in its logging output, drove them to start identifying new solutions to address their security analytics challenges and needs.