Red Canary unveils cost-saving data storage enhancement

Red Canary has introduced enhanced capabilities for its Security Data Lake, enabling IT and security teams to store and access large volumes of infrequently accessed logs more cost-effectively.

Organisations today face challenges in managing data retention requirements imposed by regulatory compliance, which frequently compels security teams to preserve low-value data at increased storage costs. According to research conducted by Censuswide for Red Canary in February 2025, a significant portion of these efforts does not contribute to actual threat detection. 

The survey noted that 62% of IT security decision makers are exasperated by the financial resources spent on storing data solely to satisfy compliance mandates. Additionally, the findings revealed that 68% of IT security decision makers often discard low-value data due to prohibitive storage costs, with only 35% of stored data in Security Information and Event Management (SIEM) systems proving useful for threat detection.

The new functionalities introduced by Red Canary aim to address these issues by providing organisations with a way to balance data storage without compromising compliance, ultimately optimising costs. The capabilities allow for the efficient storage, search, and retrieval of logs that are necessary but infrequently accessed, including firewall, DNS, and SASE data, without incurring high costs associated with legacy SIEM systems.

Mary Writz, Senior Vice President of Product Management at Red Canary, highlighted the predicament faced by security teams: "Security teams are already stretched thin, balancing growing data retention requirements with shrinking budgets. Not all data offers equal value for threat detection and response, yet organisations are often required to retain vast amounts of it to stay in compliance. SIEMs were historically the most common place to store all this data, but the high costs mean organisations get a low return on investment for any logs that they rarely use. If log sources don't help security teams to detect threats, organisations shouldn't pay a premium to store them."

Red Canary's Security Data Lake provides flexibility as organisations can use it to complement existing SIEM investments by more efficiently storing lower-value data or as a standalone solution for managing security logs independently of a SIEM. This offers cost savings while maintaining access to essential data for compliance and threat investigations.

The new capabilities include the ingestion of logs from diverse sources, the ability to retain high-volume yet rarely accessed data, and the storage of raw data in formats like JSON strings, which can be written to an Amazon S3 bucket or Syslog collector. Moreover, the solution supports data retention indefinitely to meet specific industry compliance requirements, facilitates export of logs on demand for audit reports, and enhances data availability for incident investigations through SQL search functionalities.

Mary Writz further commented on the integration of this solution with Red Canary's platform, saying, "We designed Red Canary Security Data Lake to seamlessly integrate with Red Canary's platform, ensuring security teams can manage their data efficiently without added complexity. Whether organisations want to optimise their SIEM costs or need a scalable solution to store security data without a SIEM, they get a native, fully managed experience that scales with them. Security teams shouldn't have to choose between affordability and security effectiveness - we're making it easier for them to have both."

The survey conducted for this research canvassed the opinions of 300 IT security decision makers across the United States and the United Kingdom, all from enterprises with over 1,000 employees. The objective was to gain insights into the challenges posed by current data storage practices and the potential benefits offered by scalable solutions such as Red Canary's latest enhancements.