Tenzir’s security data pipeline platform optimizes SIEM, cloud, and data costs
At Black Hat USA 2023, Tenzir launched its new security data pipeline platform.
The solution delivers an easier and more cost-effective approach to solve the growing data engineering challenges typically faced by security teams.
Tenzir pipelines allow for the collection, shaping, enrichment, and routing of data between any security and data technology using a rich set of data types and security-native operators purpose-built for security use cases.
By allowing only the right data to be moved to the right place at the right time, and by pushing detection and enrichment to the network edge, businesses can drastically reduce their consumption-based SIEM, cloud, and data costs. An extensive library of out-of-the-box data connectors, operators, and formats is included to help users simplify pipeline and detection engineering, and to aid in rapid response to emerging threats.
Tenzir is available in three editions: an open-source developer edition, a free Community Edition, and a commercial Enterprise Edition offering unlimited nodes, multi-node pipelines, and dedicated support with SLAs.
Tenzir’s platform is open core and built using open standards including Apache Arrow and Parquet, SIGMA and STIX, with the base tool available as open-source. This enables Tenzir’s customers to take their data wherever they go, and allows them to bypass vendor lock-in to freely mix and match the best security solutions that meet their needs.
Cybersecurity teams use between 50 to 100 different discrete security tools according to a recent study by KPMG and Oracle. The volume of data that needs to be collected, analyzed, and stored by security teams has grown exponentially, with detection and response architectures becoming increasingly complex and expensive to manage as a result.
In response, security leaders are seeking out more effective and efficient solutions to reduce SIEM and cloud costs, and to rationalize their sprawling vendor portfolios. A recent survey by Gartner found that 75% of organizations are pursuing security vendor consolidation in 2022, up from 29% in 2020.
“To survive in today’s unforgiving threat landscape you need fast, near real-time data and extensive historical data, and so security operations have by necessity become power data consumers ,” said Matthias Vallentin, Tenzir’s CEO. “As a consequence, security teams now spend a disproportionate amount of their time and budgets on data engineering. Tenzir pipelines will help security teams speed up and simplify managing the data they need, so that they can spend more time hunting threats.”
Key capabilities
- Interactive Pipeline editor: Compose pipelines from historical data and deploy them on live data
- Extensive operator library: A large toolbox of special-purpose data transformation operators, connectors, and formats speed up creating dataflow pipelines for a wide array of security use-cases
- Powerful yet simple language: An easy-to-learn pipeline language for data collection, routing, processing, enrichment, as well as heavy-duty analytical workloads, enabling live and retro execution of detection content
- Centralized node and pipeline management: manage Tenzir nodes and span pipelines across them to implement federated detection and response architectures
Availability
Tenzir is available in three editions:
Open Source: For developers and builders
- Pricing: Free
- Management: Command line, On-prem
- Includes numerous connectors and formats, pipeline execution and
storage, CLI, REST API, and Python library, Discord support
Community Edition: For small businesses, consultants, and researchers
- Pricing: Free up to 1 TB/day
- Management: SaaS web interface
- Includes 1 managed node, managed pipelines, up to 1 TB/day pipeline
ingress, web frontend
Enterprise Edition: For enterprises, OEM solutions, and system integrators
- Pricing: fixed GB/day or pay-as-you-go by the GB
- Management: SaaS, On-prem
- Includes unlimited nodes, multi-node pipelines, dynamic retention and
aging, dedicated support with SLAs