Transcript
Hi Mike Matchett with Small World Big Data. We are here at RSAC 2025 live. We are looking at the latest and greatest cybersecurity vendors and the innovative features they're bringing to the cybersecurity space. I've got Graylog here. We're going to find out what a Graylog is because I'm sure it's not black and white, is it Seth? No, that's absolutely what we're doing is centralized log management security event information management and API security. All right. That's a that's a bundle of stuff. How does that work together. I mean some people might just do one of those things. Yeah. What we're able to do is collect logs from anything on the network and environment that generates the log. We're able to analyze those logs, look for evidence of intrusion, and then provide a workflow to be able to then be able to mitigate those threats that it's discovers with the API security product. Specifically, what we realized was that logs don't really tell the story. You know, if you're looking at your application logs, if you're looking at cloud provider logs, it didn't really help with what was happening in the API transactions. So we have a specialized tool that looks at the API request and responses to look for specific threats in that data set. Are you talking about APIs that you might offer and expose, or APIs that you use? Either or. But yeah, generally this is going to be for the applications that you're developing and the APIs that are in the endpoints that you have. What we find that a lot of a lot of environments don't even realize the API endpoints in their own environment. So we'll help with that API endpoint discovery. And then look at those transactions themselves to make sure that people aren't doing anything malicious against your APIs that you've exposed. I mean, everything comes built with API these days when you're doing that platform level coding, right? And you're trying to be useful, you're creating microservices, 10,000 microservices. Each one of them might have an API that gets really complex. Absolutely, exactly. And that's why API discovery is such a big component of that. Because if you think about it, you know, is your applications, your developers are building out your applications. What they're thinking about is how are these microservices going to talk to each other? And you might be thinking about, how are my customers or how are my partners, how are they going to develop off of these platforms? But you're not necessarily thinking about is how is a threat actor going to leverage those APIs for their own gains. And that's where we can come in and make sure that they're being used in the way that they were intended to be used. Okay. Looking at the show, one of the main themes, I'll just say it. Ai is out there. Ai is built on APIs as well. What kind of what do you kind of tell people that say like, oh, we've got not just APIs, but we've got a lot of AI projects out there that are exposing a lot of things. If your product is using AI, if your users are using AI and your SIM is using AI, we kind of have you covered. So we want to ensure that users are using AI in a responsible manner. That's something that we can help with, and we are using AI in our own product to help you get a second pair of eyes in terms of, hey, for these types of activities that we're seeing in my environment, how are these connected? Does this look malicious? What should be the next step in my investigation? We leverage AI to help you there, in order to make sure that you're comprehensively and conclusively being able to respond to the threats that are being discovered. All right. Looking at the RSA crowd, lots of people here. If you wanted to get the security crowd a single message about what Graylog is doing, particularly value proposition of having multiple parts of the puzzle brought together to do some additional value, that maybe doing those things in isolation, what would that be? You know, for Graylog, there's really two specific areas that I really like to focus on. The first is what Graylog does around our data management capabilities, being able to allow you to have a secondary data lake, that you can park data that maybe isn't being applied to your real time analytics isn't going to your dashboards, but if you drop that log, it's gone forever. So we give you a place to park. That data on the side doesn't count towards the Graylog license, but you can always fetch that if it ever does become important to you in the future. The second is our asset risk model. Instead of triaging each individual alert one at a time, taking 10 or 15 minutes to understand well, why did this alert fire? What did it fire on? We're bringing together the context of what? On a system, on a user level? What are all the activities that have targeted that system, including is that related to threat campaigns? As we think ransomware groups have campaigns that they're running, we can actually link together multiple activities from the same campaign that have targeted multiple systems grouped together at a system or at a user level. So you have all that context at one single point to now begin your investigation. And as you say, if there's smoke, there's fire. We can show you where there's actual smoke in your environment. I mean, that's great. So the Graylog is really kind of referring to that archive of, of log that's not counting against you, but you're not getting rid of it because you might have to drill back into it at some point. That's exactly right. And there's trade offs with traditional sims of, well, what data can I collect because it's going to go against my license, or what threat detections can I enable because I can have to triage those. I might overload the SOC. What we're looking to do is eliminate those trade offs with the way that we can help you collect all the data but in an appropriate, cost effective way. And I can turn on all the threat detections, but not overload my SOC, because we're going to collapse them to the assets that are at risk. I mean, that's so much better than statistically sampling or averaging or bringing things up to a bigger time interval, right? Or just even number of events that happened last hour. I love that perspective. You keep the details so you can always drill back into it. Um, if you, uh, wanted to tell someone who's thinking, oh, maybe this is something I need to go look at. Uh, obviously you have a website, but is there some place specific for the security crowd you would point them at to get started? Yeah. So on our website, what I would take a look at, of course, we could give you a personalized demo. You want to see how this product is going to interact with your types of logs with your types of use cases. And we'll be introducing a way that you can on your own trial out Graylog with real world attack data in Graylog, so you won't have to provide your own log data. You can actually see what it's going to look like, how you investigate these things all on your own without a salesperson over your shoulder. Well there's not. Salespeople aren't all bad. We talk about that. But no, I appreciate that kind of offer, because there's really a lot of people here who might just prefer to look at things before going too far. Very cautious crowd, it turns out, on stuff. Um, no. That's great. Um, what? Just looking around at RCC, what do you think is coming next? What do you think's going to happen here? You know, I think what we're seeing is with I, as you talked about before, the practical uses of AI. So we still see a lot of AI being splashed around from a marketing perspective. But as we are looking at AI, what are the true pragmatic, practical uses? And we're going to start to see the hype fall down to true application. All right. Thank you so much, Seth, for for giving us that information. Thank you very much as well. All right. Check it out. That's Graylog with an A. It's GRAY Graylog. Take care.
