Gurucul recently announced the enhancements to its federated search capabilities. Gurucul federated search empowers users to run queries from a single console across any data source including data lakes, cloud object storage, databases, identity systems, threat intel sources, and SIEMs – including Splunk. This universal search capability uses a familiar syntax and workflow that makes security analysts more efficient by significantly increasing the data available to them and adding context to security investigations. Since federated search keeps data in the same location it resides, users can maintain compliance and ownership of the data, and reduce data transfer and ingestion costs.
“Compliance, data ownership, and licensing models make broad data collection cost-prohibitive and thwart contextual threat detection and fast response. A powerful single console to search all security and observability data for investigations, regardless of where it resides, is a technical milestone for SIEM and observability use cases while significantly reducing costs and meeting data residency compliance needs” said Nilesh Dherange, CTO at Gurucul. “Gurucul federated search provides radical insights into data that is not centralized, equipping organizations to store data in the most cost-efficient way and supercharging security analysts’ productivity.”
Most organizations are facing one or many of these concerns: ingestion volume-based licensing models, data residency compliance requirements, and high data transfer costs which inhibit centralized data and log collection. In addition, searching disparate individual data sources makes it challenging to harness valuable insights and increases the risk of missed detections and long response times.
Gurucul federated search encompasses all data sources without requiring cross-cloud or restricted cross-region data transfers to a centralized location or manual logins to different applications. It also eliminates the need to ingest and re-index data from federated sources, which provides significant cost reduction.
Other benefits of Gurucul federated search include:
- Single console – Single search console with robust features for all data security and observability sources, including saved queries, UI-driven query updates, attribute summarizations and more.
- Faster investigations – Accelerate investigations without the need for upfront data transformation and ingestion.
- Quicker Time to Value – Add new federated data sources in minutes for powerful data insights and fast response times.
- Ownership and compliance – Make data available for decentralized threat detection while letting users keep ownership of that data and store it to meet compliance standards and budget needs.
- Reporting – Build high-powered custom reports on any decentralized data for actionable insights, and leverage extensive reporting capabilities such as scheduling, email, download and export.
