It’s been a full week since the 2024 RSA Conference in San Francisco, and I’m caught up and back to my normal routine. I really enjoyed meeting with customers, prospects, partners, and friends new and old, and felt a lot of optimism for the future. My favorite session of the week was by far the OCSF breakfast. 

Working in cybersecurity for 25 years, I’ve never been a part of a community so focused and willing to come together on an important joint mission to empower security teams to solve what I believe is the largest remaining challenge in cyber security: turning data into a true advantage. I’m proud to be a part of the OCSF community and am excited to share our latest updates, including enhanced support for the Open Cybersecurity Schema Framework (OCSF). 

The Complexity of Modern Security Operations 

Security teams have been grappling with a relentless influx of data, scattered across diverse systems and formats for quite some time now – it is not a new problem. Each piece of data, whether from IT tools, cloud environments, or business applications, holds value and potential insights into security threats, but can be harder to find than a CISO in the vendor expo halls at RSA. 

The traditional approach of centralizing logs for rule-based analysis is faltering under the weight of modern demands. Security-relevant data is everywhere, yet it remains siloed and uncooperative. The burgeoning volumes of data demand immense resources to move and process, often offering diminishing returns on the hefty investments required. This can be seen with data engineering skills showing up in security job postings, aka, data magician. The enhanced quality of security alerts within platforms suggests that these insights should be leveraged more effectively, rather than just left to age in place.

While mastering complex security issues can significantly fortify a company’s defenses, the basic yet vital practice of maintaining security hygiene is what often determines success. These experiences have solidified my belief: to truly protect a company, turning data into a strategic asset is not just beneficial—it’s imperative.

Flipping the Script on Security Data Utilization

Despite increasing investments in security resources, the rate of significant security breaches continues to climb. Finding and training skilled security personnel remains a formidable challenge, and as the quantity of data and complexity of systems grow, so does the asymmetry of the battle against cyber adversaries—they need to succeed only once, while defenders must succeed continuously.

Query exists to shift this balance. Our philosophy is simple: “bring your search to your data, not your data to your search.” This approach has fundamentally changed how teams interact with their security environments. We enable security teams to leverage their security data as a strategic asset, enhancing their capabilities without the burdens of more data centralization or prolonged deployment cycles. By integrating seamlessly with existing environments like Splunk, Microsoft, Crowdstrike, and many other platforms and tools, Query not only amplifies visibility by tenfold but also enriches data with actionable context, transforming security operations into a more data driven and effective endeavor.

At Query, our technology is designed not just to gather data but to harness it—wherever it resides and exactly when it’s needed. Query provides an OCSF normalized, context-rich view of distributed data and alerts, helping teams understand the narrative behind the numbers. Our solution integrates machine-assisted summaries, trend analysis, and context enrichment, empowering security teams to act swiftly and decisively. This approach significantly reduces the need for repetitive tasks, such as pivoting, searching, and pivoting again, and the cognitive load on teams, allowing them to focus on strategic decision-making.

The Immediate Value of Query 

Since launching Query, we’ve seen tremendous interest and adoption across diverse industries. The feedback has been overwhelmingly positive, with many of you sharing stories of how Query has not only simplified but also amplified your security operations. 

Our customers tell us that the ability to access and utilize security data across their existing investments, in one normalized view, has been a game-changer. Our customers are flipping the time and investment spent on security data centralization, engineering, and management to time spent using and taking action based on the data previously locked away in investments they already made. This shift is more than just a technological change—it represents a strategic realignment of resources towards proactive defense and away from tedious data management.

Major Product Updates

As we continue to grow and evolve, our commitment remains the same: to work alongside you, our valued customers and the security community, in creating a safer and more secure digital world. Your success is our success, and every product enhancement is aimed at ensuring you have the data you need when you need it to protect and defend your organizations effectively.

I’m excited to announce a major update to our product suite, which includes enhanced support for the Open Cybersecurity Schema Framework (OCSF) 1.1, integration with Amazon Security Lake, enhanced integration for our Splunk App, and significant advancements in our Federated Data Mesh technology. We’ve also expanded our capabilities with new Security Alert Aggregations and numerous additional data integrations.

These enhanced features are designed not just to keep pace with the security demands of today but to anticipate the challenges of tomorrow. With the support for Amazon Security Lake and our expanded data integrations, Query enables security teams to continue to expand their data visibility while controlling costs and reducing deployment time. This capability means faster detection, more precise responses, and a significant reduction in the risk of oversight.

A Commitment to Partnership

Query remains committed to evolving alongside our customers, refining our technologies to meet the dynamic challenges of the security landscape. We believe that by making data actionable and contextually rich, we can turn what has been an overwhelming flood of information into a strategic advantage.

Thank you for being a part of our community. Together, we are not just responding to threats but actively transforming the landscape of cybersecurity.