Blogs
May 14, 2025 / May 14, 2025 by Jonathan Rau | Leave a Comment
Introduction Query Federated Security provides Security Operations (SecOps) teams and other observability, operations, and security teams with visibility and utility by bringing analytics, detections, search, and query translation to their data. Query Federated Security has over 45 Connectors as of this writing and we are continuously adding more to best serve our customers and stay […]
Read more »
May 12, 2025 / May 12, 2025 by Jonathan Rau | Leave a Comment
Introduction Delta Lake is one of the three popular open table formats data lakehouses, and is an ideal choice for managing security telemetry at scale. It brings ACID compliance, schema enforcement, and performance optimizations to cloud storage, making it a strong fit for security data operations. When writing data to Amazon S3 using Delta Lake, […]
May 6, 2025 / May 6, 2025 by Jonathan Rau | Leave a Comment
Introduction For almost as long as Hadoop Distributed File System (HDFS) could mount S3 buckets, data lakes (then simply called data warehouses) were built on Amazon S3. Though you could argue the phenomenon stretches even further back, with S3 a popular durable storage location for raw and archival data for big data and security teams […]
April 21, 2025 / April 21, 2025 by Jonathan Rau | Leave a Comment
This is part IV of a series exploring the concepts and potential of Federated Security. See more. Introduction The cybersecurity landscape is undergoing a fundamental transformation. Security organizations are becoming responsible for securing larger footprints across public cloud, SaaS, and private cloud or hybrid workloads. With this new responsibility comes the new currency: data, and […]
April 10, 2025 / April 10, 2025 by Jonathan Rau | Leave a Comment
Introduction Regarding your security program: speed, precision, and context aren’t just luxuries, they’re table stakes. As the volume of security-relevant data explodes across cloud platforms, SaaS tools, and hybrid infrastructure, traditional approaches to detection engineering capabilities are negatively impacted. If your current detection strategy still relies solely on your SIEM’s native capabilities or is tied […]
April 2, 2025 / April 2, 2025 by Jonathan Rau | Leave a Comment
Introduction Security leaders and SecOps organizations face a paradox: the more data we collect to defend our organizations, the harder it becomes to analyze that data efficiently. For CISOs, CIOs, Heads of Detection Engineering, and SOC leaders, the challenge is no longer about collecting data, it’s about using it and using it effectively. Federated Search […]
April 1, 2025 / April 1, 2025 by Jonathan Rau | Leave a Comment
Introduction As we spoke about in previous blog posts, and what is very apparent to everyone anyway, is that there is so much damn data. The jury is still out on what security data strategy will rule the day, be it centralization, decentralization, or federation but teams still need to access it ASAP. To get […]
March 24, 2025 / March 26, 2025 by Jonathan Rau | Leave a Comment
Introduction When you think of the leaders in the Endpoint Detection & Response (EDR) space, even if you do not personally use them, you cannot deny CrowdStrike’s leadership and innovation. However, to consider CrowdStrike as simply an EDR company is a mistake, as over the years they have expanded into everything from Vulnerability Management with […]
March 20, 2025 / March 20, 2025 by Jonathan Rau | Leave a Comment
Introduction Security teams generate and consume vast amounts of data from firewalls, endpoint detection and response (EDR) systems, intrusion detection systems (IDS), and other security telemetry sources. Traditional SIEMs and log management tools often struggle with scalability, cost, and performance when handling these high-velocity logs. Open lakehouse architectures offer a flexible, cost-efficient alternative, and Delta […]
February 18, 2025 / February 18, 2025 by Jonathan Rau | Leave a Comment
Introduction The Microsoft Security ecosystem is large, which is certainly one of the understatements of all time, but when you combine the actual security-related SKUs and security-relevant data it is VERY large. Everything from Microsoft Entra ID (formerly known as Azure Active Directory) to the mobile device management platform Microsoft Intune, as well as the […]
