In this episode of The Hoot, we talk with David Graff, Network Security Engineer at Michigan State University about pain points experienced with their existing solution, why they switched to Humio, and the need to log everything at scale.

David shares MSUs strategy on how to set up needed hardware for maximum efficiency to optimize costs, as well as address the silicon chip shortage many IT departments are dealing with today.

Similar to other universities and public sector agencies, David shares MSU’s challenges around needing to scale while also being very cost conscious. They use Humio for threat detection and being able to log everything is critical to keeping their network and systems secure. 

Content warning - This podcast covers some serious topics including instances of homophobia, transphobia, and suicide in an effort to help educate. 

This episode of the Hoot is part of a diversity and inclusion series we’ve launched to help bring awareness to issues, experiences, and ideas to help advocate for change within the tech community. The goal of this series is to to help industries launch or expand communities for existing employees, as well as embrace and recruit a diverse workforce to help bring new opportunities and growth. 

Our conversation with Ari Ray (they/them), Technology Alliances Manager, and Arielle Cronig (she/her), Senior Intelligence Analyst at Crowdstrike focuses on the LGBTQ+ community and how to create a positive and thriving community for co-workers. 

They share their experiences at CrowdStrike, the programs they have helped to develop, how people can be allies to colleagues, and how other companies can proactively embrace inclusion within their own organization. 

Today’s service-oriented business environment requires companies to put technology and innovation first in order to stay ahead of the competition. 

In this episode, Steven Gall, VP of Engineering at M1 Finance discusses rapid growth, the importance of being able to quickly adapt, embrace new technology, as well as creating and maintaining a customer first culture. 

Simon Phillips discusses the importance of data, including data at the edge for effective incident prevention and investigation. Security is driven by data, it’s the heart of your IT systems. The more data you have access to, the more insights your SOC analysts have to help them quickly determine where to start their investigations. 

As an industry veteran, Simon recalls the pain points around using index-based databases and having to predetermine what data you might or might not need due to storage and search constraints. Being able to search and correlate data across different departments and sources is critical for security operations. 

An interview with Marian Bolous, a ITDevSecOps expert discusses her career journey and her learnings from the Advanced Log Management Course after attending sessions one through three.  

She also discusses how the industry has changed over the last few years, and her views on how log management has evolved. 

This week we are joined by Corelight’s Senior Product Marketing Manager Ed Smith and Sales Engineer Gary Fisk. Ed and Gary introduce Corelight@Home, a program that brings Corelight’s enterprise-class network detection and response to home networks. 

The Corelight@Home program provides an opportunity to become familiar with Humio and the Corelight Sensors, and while you’re at it, understand what devices are communicating over your home network. And it’s easy to get started! The Corelight team built a configuration script and documentation for easy deployment on Raspberry Pi. 

Listen to the podcast to learn:

• How Corelight@Home came about
• How monitoring a home network compares to monitoring a traditional enterprise network
• How Corelight@Home works
• The different use cases and interesting findings that result from running Corelight@Home

Show notes: 

Get more of the origin story and the technical details behind Corelight@Home in the blog post Who’s your fridge talking to at night? 

Check out a recent Corelight@Home webcast. 

Register for Corelight@Home.

In this week’s podcast, we speak with Bojan Simic, President and Chief Analyst at Digital Enterprise Journal (DEJ). DEJ recently surveyed more than 3,500 organizations and identified key areas that are having the strongest impact on IT performance markets in 2020. We sat down with Bojan to get his take on the survey results, including the challenges driving IT performance and the results that took him by surprise. 

Listen to the podcast to learn:

• The benefits of evaluating vendors based on their effectiveness in helping the organization achieve specific goals versus the completeness of their solutions
• Evaluation criteria for ensuring that solutions are a good fit for your organization’s overall tech stack
• Why observability is key for overcoming a variety of IT challenges

Show notes: 

Read the DEJ Report: Eight key areas shaping IT performance markets.

Learn why DEJ named Humio a leader in eight key areas shaping IT performance.

In this week’s podcast we talk with Jerald Perry, Senior Technical Marketing Engineer at Humio about how Humio’s index-free architecture and compression translate to cost savings for our customers.

Listen to our conversation with Jerald to learn:

• Why purpose-built solutions save money
• How index-free technology reduces CPU and storage costs
• What factors influence total cost of ownership (TCO) for log management
• Why scalable log management is essential 

We often hear companies lament the fact that the cost of their traditional index-based log management solutions prevents them from collecting all the logs they need. In the conversation, Jerald reveals the benefits of using an index-free log management tool instead.

By reducing CPU demands and storage demands, an index-free architecture translates to a reduced TCO. For Humio, index-free isn’t the only source of cost reductions. Jerald reveals that Humio’s purpose-built design enables it to incorporate more adjustments, such as compression that can facilitate faster performance and less expensive storage and processes of data. 

The fact that we're a purpose-built platform for log management means that we have built compression into our strategy.

Jerald closes with a warning about the need to choose log management solutions that scale for the future because data volumes are only going to increase. 

Companies need a log management partner that has the ability to cost effectively scale with them and still provide access to this log data in an efficient manner. Because three years from now, five years from now, they don't know what that log data is going to look like or how large it's going to be.

By leveraging an index-free architecture, advanced compression, and flexible storage options, Humio delivers speed and scalability at a fraction of the price of other log management that scales to meet future data volume demands. Enterprise users can save up to 80% on their infrastructure compared to ELK and Splunk.

See how Humio’s architecture can keep costs low for years by using our cost savings estimator.

In this week’s podcast we have a conversation with Kasper Nissen, Site Reliability Engineer at Lunar, about his experience with the new Humio Operator for Kubernetes. 

Lunar is a Nordic bank with more than 200,000 users in Denmark, Sweden, and Norway. Lunar seeks to change banking for the better so that its users can control their spending, save smarter and make their money grow. Born in the cloud, Lunar uses technology to react swiftly to user needs and expectations.

Previously on The Hoot, Kasper introduced us to Lunar’s cloud-native environment, and what it took to make the environment at this innovative fintech startup reliable and secure. The platform is built entirely as a cloud-native app hosted in AWS. Lunar uses Humio to achieve observability into what is happening in all parts of the environment, so they log everything they can from the cloud. 

Currently, Kasper is in the process of centralizing log management on a cluster in Lunar’s Kubernetes environment. He’s using the new Humio Operator to simplify the process of creating and running Humio in Kubernetes. 

“Running Humio with the Operator is so much easier because it minimizes the operational overhead of running Humio in Kubernetes. The Operator also provides us with a distributed set up out of the box, which is awesome, especially now that we can push the burden of managing Kafka and Zookeeper, which are notoriously difficult systems to run, to the cloud provider.” 

Kasper Nissen, SRE at Lunar

Listen to our conversation with Kasper to learn: 

• How Humio addresses the challenge of volumes being tied to Availability Zones in AWS
• How the Humio Operator simplifies the deployment and management of Humio in Kubernetes
• How Lunar uses Humio and Git as a single source of truth for all of its environments
• How Humio helps Lunar optimize their cloud storage

Show notes: 

Listen to episode 32, when Kasper introduced us to Lunar’s cloud-native environment.

Read about Lunar’s log management journey, which took them from an Elasticsearch and Kibana setup to Humio. 

Learn more about the Humio Operator for running Humio on Kubernetes. 

Watch an on-demand webinar to learn more about the Humio Operator from one of the engineers who helped build it!

In this week’s podcast, we have a conversation with Karsten Thygesen, CTO, and Anders Saxtoft, Sales Manager for Security and Analytics at Netic. They perform best-of-breed business-critical IT operations management for private companies and public institutions, helping clients with operations, security, cloud, data analytics, and more. 

Netic uses Humio to help organizations get the most out of their log data. Their experience with processing, analysis, and monitoring of logs goes back more than 15 years. They have assisted a number of Denmark’s largest businesses and government agencies with multiple use cases for log management. They offer Log-Management-as-a-Service, with the option of professional services to further customize log management to suit the needs of any organization.

John and Karsten talk about some of the challenges that organizations face securing their data. Many companies are struggling to formalize their security strategy, and don’t understand the important role of collecting and monitoring the right level of data.

“From a security perspective, what we're seeing right now is a lack of maturity. That might sound a bit rash, even though it's true. Many companies have not yet figured out how important security is today and how hard it may actually hit them. It turns out again and again that they are lacking error logs. They do not have common log collection, or even a budget for cybersecurity.”

Karsten Thygesen, CTO at Netic

They discuss the approach they take to get started with coming up with an overall strategic plan. Karsten highlight the maturity journey that organizations should be on, and the steps along the way:

• Common log collection is the very first step to better security. Secure the log data, so there's some data available to explore when something goes wrong. 
• Next, conduct a general analysis of the company to find where the weak spots are that they want to protect.
• Then take a look at the architecture, the structure, the way they work, the extent of their network, and determine if they have any holes in the architecture.
• Next, monitor security and security behavior, both from the employees, but also from external threats to the company. 
• Then review regulations like GDPR and develop a plan for compliance.
• Down the road, they may implement a SIEM system, or deploy managed detection and response. 

Karsten was around for the birth of Humio. He is friends with the founders, and he was part of the discussion about how to design an advanced log management solution and make it affordable. He describes the features of Humio that they rely on for their customers.

“Humio is very, very strong in ingesting a huge amount of data and doing very fast, real-time searches. It’s easy to visualize the data. And a quite important thing for us is the multi-tenancy, where we can have a shared platform for multiple of our customers and thereby bringing down the cost of operations.”

Netic offers Logging as a Service for its customers. This allows their clients to be focused on their own business, feeling secure that the network is being taken care of, and that their security is being monitored. 

“Logging as a service means that we are taking the operational responsibility and the infrastructure responsibility and offering Humio as a service to our customers. We make it very easy for them to get onboarded. And we can very quickly start the dialogue about bringing out the value of the data that we onboard in their solution. The whole conversation is much less about infrastructure and technologies and more about how to bring out the value from the data that we are ingesting.”

Netic provides a managed detection and response platform where they provide a 24x7 security center. They generate alerts based on indicators of compromise and intrusion detection software, and they use Humio as a collection service and to trigger alerts.

“The investigation is often based on the logs that we are collecting from the customers, so we are using Humio, a SIEM, and customer-specific systems to figure out what is going on. We always get a recommendation to the customers for what action they should take.”

They discuss why it’s a good idea to augment a SIEM system with Humio. Different solutions have different purposes and different capabilities. 

“A SIEM system tries to correlate the latest data to see if something is going on, but in a rather narrow timeframe. Humio is more geared to long-term storage of logs so that we can go back multiple years and try to investigate if something happened a long time before. And normally, application logs might not be a security interest, but the security area is moving all the time, so new kinds of threats are appearing, and then suddenly an application log can be an interesting security environment.”

Netic helps customers comply with GDPR rules, and with other compliance requirements. Every industry and location has different regulations, so they help their customers understand the requirements and then map them to actual actions. They can pinpoint what logs to collect, and help install them for the required retention period. 

“GDPR isn’t taken seriously everywhere. A lot of people—maybe it's not the right word—they look at this ‘ghost’ called GDPR, and they are afraid of it. Quite frankly, they don’t know what to do with it.”

Anders Saxtoft, Sales Manager for Security and Analytics at Netic

There’s strong business value that comes from a good log management system, especially the ability to be prepared for anything that may happen. It’s important to have the right data available when there is a breach or if there's an operational problem, or even if you just want to find some business intel or analytics. 

“Especially in security where everything is moving so fast, you never know what you need to know. That same goes for applications where everything is changing so fast. There's simply no time to sit down and filter all the data to save some money. Today, time is more critical, and you need to have a solution where you can just log everything without thinking so much about the cost, that's for sure.”

Listen to the whole podcast to answer all of these questions: 

• How can a large enterprise understand its system when it is divided into different silos and nobody has the general overview?
• What steps do Netic customers take to prepare for the unknown?
• What problems were the founders of Humio trying to solve when they developed the Humio technology? 
• How can log management be used for capacity planning? 
• How does Netic help find the context of a breach, not just detect the damage it does?
• How can we secure borders when there really are no borders on the edge of the network? 

Ready to get started with Humio? Get started with our free trial, or schedule a live demo with a Humio team member.