$3.4M+ Projected Cost Savings
40% Reduction in Ingest Volume
10K+ Hybrid Hosts Onboarded
2x Faster Alert Triage Time
Battling soaring cloud storage costs and log alert fatigue, the information and insights company partnered with Softility to re-architect its security logging ecosystem. We delivered a unified SIEM (Security Information and Event Management) architecture that integrates a cloud-native security data lake with its cloud logging platform, defined enterprise-wide logging standards, and built a unified pipeline to separate noise from critical events. We helped the data bureau reduce ingest volume from 17TB/day to 10TB/day and compute resources by 40% in just two months, improve signal-to-noise ratio, enhance SOC responsiveness, and save $3.4M per annum in security OpEx.
The Customer
Our customer is one of the world’s largest information and insights companies specializing in credit reporting, risk management, and identity verification. The company serves global financial institutions, insurers, retailers, and healthcare providers.
The Challenges
The data bureau’s third-party cloud-based SIEM platform features an extensive and complex architecture developed over several years, covering 18 regions, with multiple use cases in Security, Operations, and Application Monitoring. The logging team encountered numerous challenges due to the absence of a centralized and rationalized approach to log collection, classification, and storage. High volumes of irrelevant logs overwhelmed meaningful security alerts.
The logging team faced the following critical challenges:
– Rising cloud costs: due to workload-based pricing for both relevant and non-critical logs
– Uncontrolled data ingestion: due to a lack of standard logging practices and usage discipline
– Large volumes of data: redundant and low-value logs drove up costs
– Low-quality alerts: redundant and low-value log noise waste SOC staff’s time
– Lack of unified standards: to separate operational, application, compliance, and infosec use cases on the platform
– Signal-to-noise imbalance: exhausting the expensive compute, storage, and licensing resources
– Lack of review process: to monitor the growth and demand for resources in real-time
The customer’s legacy security logging and SIEM platform were both costly and inefficient. All logs—regardless of criticality—were routed to the expensive SIEM cloud estate, leading to inflated indexes, excessive storage costs, and an overflow of low-value alerts that overwhelmed security operations teams. With cloud storage and license fees doubling in less than two years, a scalable and cost-conscious solution was urgently needed.
To reduce soaring security logging cloud storage costs and improve its overall security posture, the world’s leading data and credit bureau partnered with Softility to modernize its SIEM architecture.
The Goal
Our customer needed a scalable, intelligent logging solution to:
- Categorize and route logs by use case (app performance, compliance audit, threat detection, etc.)
- Define and implement repeatable logging standards across all log source types
- Provide a vendor-neutral solution to scale the logging and threat detection requirements over the next 5 years
- Reduce daily ingest volumes into the high-cost SIEM environment
The Solution
To reduce overall ingestion and optimize the workload, compute, and storage resources within the SIEM solution, Softility helped the data bureau launch a cross-functional program to re-architect its overall security posture. We helped the customer’s logging team re-architect its SIEM environment with a unified logging framework driven by a modern, risk-aware logging strategy focused on cost efficiency, operational clarity, and architectural scalability.
The main objective was to distinguish noise from threats, improve the signal-to-noise ratio, and reduce significant logging costs on the cloud, while ensuring business continuity. With close engagement with the leadership, we identified operational challenges and redefined enterprise-wide logging standards across 10,000+ on-prem and cloud hosts. We delivered a unified, scalable, cloud-native logging SIEM platform with streamlined log management and alert consolidation, driving faster response times and improved signal clarity.
We designed and delivered a unified logging platform that modernized log routing, storage, and enrichment through a combination of open-source and enterprise-grade technologies. The approach focused on log rationalization, cost optimization, and operational scalability in line with a modern security observability strategy.
The unified Logging Architecture comprises:
- Third-party SIEM for real-time threat detection and alerting on high-value logs
- Open-Source logging platform for cost-effective, long-term storage of low-risk, irrelevant, or noisy logs
- Cloud-native Security Data Lake for audit, compliance, and deep historical analysis
- Source-Level Logging Standards to ensure consistency and compliance across 10K+ hosts in a hybrid infrastructure
- Security Alert Enrichment & Rationalization for better alert precision and lower false positives
We designed and delivered a unified logging platform that modernized log routing, storage, and enrichment through a combination of open-source and enterprise-grade technologies. The approach focused on log rationalization, cost optimization, and operational scalability in line with a modern security observability strategy. We a;sp delivered usable, searchable log data interfaces and dashboards for business users and compliance teams.
The Benefits
This large-scale SIEM modernization transforms how security data is ingested, stored, and operationalized and drastically improves the signal-to-noise ratio for alerts. This solution is projected to deliver our customer $3.4 million in annual savings. With our SIEM modernization solution, the data bureau achieved:
- Cost Savings in Millions: Cut down millions of dollars in SIEM licensing and storage costs by directing non-critical logs away from the cloud platform, reducing the infrastructure and compute capacity for logs, and reducing the amount of searchable/ingested data by nearly half.
- Improved compute efficiency: Reduced log volume, optimized ingestion, and log tiering led to massive cost savings on storage, processing, indexing, and real-time search resources.
- Improved Security Posture: Improved signal-to-noise ratio, streamlined logging standards, enriched high-context alerts, and signal precision enhanced the detect-triage-response times.
- Operational Intelligence: Business and compliance users gained streamlined access to logs without cluttering the SIEM. There is enterprise-wide alignment, with clear accountability and cross-functional collaboration.
- Future-Ready Architecture: The architecture is designed to integrate easily with emerging detection and response tools, SOAR platforms, and compliance engines, and allows other business units to adopt the same framework with minimal lift.
$3.4M
Cost Savings: Projected annually on cloud and SaaS license costs
40%
Ingest Reduction: Daily ingest dropped from 17TB/day to just 10TB/day
40%
Improvement In overall compute resources in just two months
10,000+
Hosts Onboarded: Scalable logging across hybrid multi-cloud hosts
3x
Improvement in signal-to-noise ratio, alert detection, triage & response times
2x
Faster Platform: Improved efficiency and reduced alert fatigue
Softility helped the world’s largest data bureau modernize its SIEM architecture by redefining how security logs are valued, categorized, and consumed across the enterprise to achieve cost savings in millions, gain scalable governance, improve operational excellence, and accelerate security response.
Conclusion
Softility’s cybersecurity logging solution enabled one of the world’s largest data bureaus to re-architect its overall security posture by modernizing its SIEM platform, resulting in millions of dollars in savings, scalable governance, operational excellence, and faster, sharper security response. This unified logging initiative helped our customer move from a high-cost SIEM implementation to a modern, risk-aware, and low-cost logging solution.
With cloud-native pipelines, a dual-tier log routing strategy, updated security logging standards across 10K+ on-prem and cloud hosts, and an open-source-based Security Data Lake solution, we helped our customer consolidate its security logging data into a single pane of glass, accelerate SOC incident response, and reduce $3.4M+ in cloud spend. Softility helped make this transformation both repeatable and resilient, setting a benchmark for secure, cost-effective logging in large enterprises.
About Softility Cybersecurity Solutions
We help some of the world’s biggest businesses successfully safeguard their business against threats and manage their overall security posture. Leveraging our immense experience in helping federal and Fortune 500 companies unlock the highest value from digital transformation, our cybersecurity solutions now help customers seamlessly integrate a variety of security tools in the multi-hybrid cloud to build resilience, manage vulnerabilities, and proactively mitigate attacks before they occur. We provide all the support needed by a modern SOC through futuristic solutions in Managed Detection and Response and Security Orchestration, Automation, and Response. Our unified automation platform and managed services help customers provide faster response and gain total observability and compliance. Our solutions enhance your threat intelligence and attack surface management capabilities, minimize security risk exposure, ensure the optimal health of your overall security operations estate, and continuously improve and mitigate security gaps to successfully build your cyber resilience.
Mitigate Threats with Futuristic Security – Request a Consultation/Demo
Recent Posts
