Evolving to SIEM

  • SIEM

LogSentinel was founded several years ago with the vision of improving security for everyone and an initial goal of protecting audit log integrity.


Initially, we implemented and scaled state-of-the-art research to guarantee the integrity of logs – through hash chains, merkle trees, timestamps and, ultimately, anchoring to public blockchains. While doing that, we had to get data into the system. Our API allows new applications to easily send their audit logs, but that’s not enough in a typical context – organizations have legacy systems, cloud systems, network appliances, web servers, that we can’t expect to be upgraded to “speak” our API. So early on we created the LogSentinel Collector (initially called “Agent”), to collect literally anything – text files, database audit logs, Windows logs, syslog, standard and specific formats and even had one IBM mainframe integration.

Once we have collected all those logs, it was logical to try to find anomalous and potentially malicious patterns in them. So we developed our three-fold anomaly (and threat) detection – using statistics, rules and ultimately – machine learning.

We have continuously improved our search and analytics capabilities, our data normalization, enrichment and extraction, our alerting functionality, and our supported cloud services. Customers were using us alongside their SIEM, or in order to cover compliance needs that SIEMs usually cover, or just in order to be able to collect logs that the SIEMs they have reviewed didn’t support out-of-the-box. They cared about the integrity of logs, but they cared about the visibility, flexibility and threat detection as well.

Then we sat down and asked ourselves whether we can do more to address our bigger vision. And then we realized that our solution has naturally evolved to be a SIEM (security information and event management) – a category that is crucial for security.

Not just that, but that we have some unique features that solve problems that other SIEMs don’t. Cryptographically guaranteed log integrity is one. Our searchable encryption is another one (that we developed in order to make customers feel safer when sharing logs with our cloud service). Our flexible storage implementation that allows us to offer practically unlimited retention is a third one (and that’s for a reason – audit logs need to be stored for much longer than typical network logs, and we had customers require access to their audit logs for 2-3 years for compliance reasons).

Of course, a SIEM nowadays is more than that, it has to support many other use-cases, like consuming threat intelligence feeds, supporting automation, file integrity monitoring, phishing detection, honeypots, and more. And we took our time to properly design, implement and test these features and we’ll share our design for some of them in upcoming blog posts.

Our initial value proposition still stands (and we kept a dedicated service for new projects that want to use an external, secure audit trail service instead of building something from scratch), but LogSentinel SIEM is what has come naturally out of our efforts to secure the logs of not just of the large enterprise, but also of the mid-market companies as well as small and medium businesses.


We are proud to have evolved to a state where we can offer a solution that was previously thought to be only fit for large enterprises, to customers that could not have afforded it, and who are left vulnerable because of that – due to licensing costs, implementation complexities, the need for full-time security analysts to get value out of it, or lack of support for their legacy systems.

We believe we have a great offering precisely because we have combined our strive for simplicity with the implementation of complex cryptographic and machine learning elements. And we’ll be happy to have LogSentinel SIEM help small and medium enterprises in their cybersecurity and compliance efforts.

Our vision of improving security for everyone must include those that are disproportionately affected by security breaches – the small and medium enterprises. The architecture and flexibility of our product allow us to give them an enterprise security tool in a way they can afford and manage. Because the world won’t be more secure if a few large enterprises buy every security product out there. It will be more secure if every enterprise has access to the best tools.


Like this article? Share it with your network!