Red Canary expands Security Data Lake to help organizations optimize their SIEM costs

Red Canary announced new capabilities for Red Canary Security Data Lake, a service that enables IT and security teams to store, search, and access large volumes of infrequently accessed logs—such as firewall, DNS, and SASE data—without overspending on legacy SIEMs.

Security teams struggle to balance data retention costs with ensuring they have the relevant logs available when needed for threat investigations and response. In fact, new research surveying 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide in February 2025, found that:

• Just 35% of data stored in legacy SIEMs delivers tangible value for threat detection.
• Only 13% of organizations separate out low value data for cheaper storage in a raw data repository.
• Due to SIEM storage costs, 68% of IT security decision makers discard low value data and have to hope they won’t regret it.
• 84% of IT security decision makers say having a security data lake to store low value logs at reduced costs would maximize the value of their SIEM spend.
• 62% of IT security decision makers say they are fed up with pouring money down the drain storing useless data just to tick a box for compliance.

Red Canary’s new Security Data Lake capabilities help organizations tackle these issues head on. Whether organizations are looking to complement an existing SIEM investment by storing lower-value data more efficiently or need a standalone solution for managing security logs without a SIEM, Red Canary’s Security Data Lake delivers flexibility, cost savings, and seamless access to critical data when it matters most.

“Security teams are already stretched thin, balancing growing data retention requirements with shrinking budgets,” said Mary Writz, SVP of Product Management at Red Canary. “Not all data offers equal value for threat detection and response, yet organizations are often required to retain vast amounts of it to stay in compliance. SIEMs were historically the most common place to store all this data, but the high costs mean organizations get a low return on investment for any logs that they rarely use. If log sources don’t help security teams to detect threats, organizations shouldn’t pay a premium to store them.”

What’s new:

Ingest logs from any source

• Retain high-volume, infrequently accessed logs, such as firewall, DNS, and SASE data.
• Store raw, line-delimited data (e.g., JSON strings, Syslog messages) that is writable to an Amazon S3 bucket or Syslog collector.

Demonstrate compliance in highly regulated industries, such as financial services and healthcare

• Store logs indefinitely to meet retention requirements.
• Export logs on demand to compile audit reports when needed.

Ensure data availability for threat investigations

• Use SQL search to run ad-hoc queries during incident investigations.
• Search data by attributes such as hostnames, IPs, URLs, and date/time ranges.
• Perform basic statistical analysis to enhance detection workflows.

“We designed Red Canary Security Data Lake to seamlessly integrate with Red Canary’s platform, ensuring security teams can manage their data efficiently without added complexity,” added Writz. “Whether organizations want to optimize their SIEM costs or need a scalable solution to store security data without a SIEM, they get a native, fully managed experience that scales with them. Security teams shouldn’t have to choose between affordability and security effectiveness—we’re making it easier for them to have both.”