Fluency has built the fastest indexed database in log management. We maintain full-year searchable data at lower costs and faster speeds than index-less approaches. So why do we consider this our second-best technology?
Databases are the hammer of the log management world. Since the first log tools, information was first saved, then analyzed. Every feature of log analytics is hinged on this basic premise of searching stored data. Elastic, Datadog, and Snowflake are all databases being sold into security operations. Forensic investigations, like the SolarWinds hack, show us the importance of being able to search six- to nine-month-old historical data. But for almost all other security operations functions, searching is inefficient.
If we are not going to be searching, then how do we detect? How do we alert?
We watch.
Consider if you want to limit more than ten people in a store at a given time.
If you are watching, each time someone enters you increase the counter by one, and when they leave you to decrement it. When an increase occurs, you look at the counter and determine when there are ten people and prevent more from entering until someone leaves.
If you are a database, every ten minutes you shut the door of the store. Then you walk through the store to determine how many people are in the store. If there are ten or more, you then shut the entry door until enough people leave.
Which one is accurate? quicker? scales? efficient? For all these cases, it is watching.
Watching is a superpower. It is the basis for operations. Fluency is changing the way operations work from searching to watching.