I’m thrilled to share some incredibly exciting news – Graylog’s v6.0 is officially here! It’s been quite the journey getting to this point, filled with late nights, endless cups of coffee, and an unwavering commitment from our amazing team.
As we unveil this latest version, I can’t help but reflect on how far SIEM technology has come over the past two decades. Gone are the days when Intellitactics and NetForensics reigned supreme. It’s truly remarkable to see how far we’ve come and to ponder what innovations lie ahead in security event and information management.
Let’s talk about the promise of SIEM – the ability to accurately identify early signs of an attacker’s activity, understand its impact, and provide actionable insights for mitigation. It’s a lofty goal, one that has been hindered by various challenges along the way.
SIEMs are no longer just about organizing security events from perimeter defense tools. Today, we face the daunting task of collecting data from a myriad of applications, systems, and platforms, often drowning in noise rather than signal. Analytics across large data sets present their own set of challenges, balancing the risk of false positives with the fear of missing true indicators of compromise.
And let’s not forget about the ever-evolving landscape of the IT environments we protect, where abstraction upon abstraction and rapid rate of change hide exploitable vulnerabilities. Add to that a highly motivated community of threat actors constantly innovating and sharing their exploits, for their own financial or political gain.
Now, I’m not here to claim that v6.0 is the silver bullet that solves all these challenges. What I can say is that I’m incredibly proud of the strides we’ve made with this release.
So, what’s new in v6.0?
- Decreasing risk of cyberattacks: Quickly align your Graylog deployment to meet specific security and compliance objectives by providing and continuously updating readily usable content, including Sigma Rules, Anomaly Detectors, Dashboards, and more. This includes a unique partnership with SOC Prime, packaging SOC Prime’s content directly into our Spotlight packs, updated to perform optimally with Graylog without requiring any additional licensing.
- Guiding the analyst to fast issue resolution: We’ve implemented features to automatically identify the risk of raised alerts and provide recommended steps of action to immediately know what to do next. Our new Security Layout and new customizable alert and Investigation dashboard widgets streamline alert triage and investigation so you can resolve issues with fewer clicks.
- Reducing overall costs of ownership: We’ve introduced data tiering, allowing you to optimize your storage spending without sacrificing search experience by introducing a new warm tier that supports cloud storage or less expensive spinning disks. Your cost reduction has the potential to be an order of magnitude while allowing you to store longer periods of searchable data.
But enough from me! I want to hear from you! Dive into v6.0, explore its features, and let us know what you think. Your feedback is what drives us to keep innovating and reinventing. Together, let’s continue to push the boundaries of what’s possible and narrow in on the promise of SIEM.
Seth Goldhammer
VP of Product Management, Graylog, Inc.