Overview

Observo AI is excited to announce that we have partnered with AWS and our solution is now available on the AWS Marketplace. This will make it easier for AWS customers to quickly adopt the AI-Powered Security and Observability Pipeline to help control costs, manage data sprawl, boost productivity, and identify and resolve critical incidents faster.

Customers can now purchase Observo AI through the AWS Marketplace. Buying through the AWS Marketplace provides a number of compelling benefits for AWS customers. It streamlines procurement and accelerates the vendor onboarding process by allowing organizations to leverage existing agreements with AWS. It also will enable customers to fulfill a portion of their contractual AWS spend commitment allowing you to offset a significant portion of the Observo AI cost against dollars you’ve already committed to spend.

Observo AI is a powerful tool for helping DevOps and Security teams manage the rapidly growing deluge of telemetry data that they use for Security and Observability efforts in their organizations. Observo AI enables organizations to cut SIEM and observability costs by more than 50% by reducing infrastructure costs, and limiting license growth in the future. Observo helps maximize observability and security efforts while minimizing risk. Observo AI can reduce data volume by 80% or more, helping make room for additional data sources without impacting daily ingest limits or expanding budgets. These new data sources give customers a more holistic view of security and observability. Observo AI also helps protect sensitive data, resolve incidents before they spiral, and stay in compliance. It routes data where it has the most value to limit vendor lock-in and adds context to data for more efficient queries. By surfacing and prioritizing potentially critical incidents in the stream, they can be resolved more than 40% faster and this also eliminates false positives and alert fatigue.

‍“Observo AI, available on the AWS Marketplace, offers an AI-powered observability pipeline that goes beyond static, rules-based tools. By providing advanced features such as log optimization, data routing, anomaly detection, and sensitive data discovery, Observo AI empowers organizations to optimize observability costs, enhance incident response, and ensure robust security and compliance with an integrated purchase experience through the AWS Marketplace.”

– Jenni Wu, Solutions Architect, Startups at Amazon Web Services

Create a Full-Fidelity Data Lake in AWS S3

Observo AI can help customers create a full-fidelity data lake in AWS S3. This data is stored in Parquet making it highly compressed and searchable. This allows users to retain data for much longer periods at a much lower cost - data stored in AWS S3 Infrequent Access can cost as little as 1% of the cost to store the same data in block storage as part of a logging or SIEM index. This allows customers to maintain a very lean index of only the most recent, relevant data, retaining the rest in an AWS S3 data lake.

Observo’s Large Language Model enables natural language queries in the S3 lake, so you don’t need to be a data scientist to retrieve insights. If you ever need to analyze this data, Observo AI can search, retrieve and “rehydrate” this data on-demand and stream it to a suitable analytics platform.

Analyze All of the Data From Your AWS Environment

AWS generates a myriad of data to monitor how applications and workloads are running. Companies can use this data for much deeper visibility into the security and observability of their environment. Getting all of these disparate data types into a SIEM or log analytics platform can be challenging and the sheer volume of this data can make analyzing it very expensive. Let’s take a look at some of these data types. Observo AI integrates with AWS CloudWatch, S3, and Kinesis Firehose for ease of data ingestion.

AWS CloudTrail Logs

CloudTrail logs capture detailed records of API calls made in an AWS account, including who made the request, the services used, the actions performed, and the parameters for those actions. They provide a comprehensive audit trail of all API activities, enable detection of suspicious activities, and help maintain compliance requirements. The volume of CloudTrail logs can stress ingest limits and because so much of what they measure is benign, they can make it difficult to find critical incidents that need to be dealt with swiftly.

VPC Flow Logs

VPC Flow Logs capture information about the IP traffic going to and from network interfaces in a virtual private cloud, including source and destination IP addresses, ports, and the amount of data transferred. VPC Flow logs are useful for network traffic analysis, compliance and auditing, and performance monitoring. They are also, however, very verbose and noisy - containing a lot of information about normal events that may dilute more suspicious activity.

ELB (Elastic Load Balancing) Data 

ELB distributes incoming application or network traffic across multiple targets, such as EC2 instances, containers, and IP addresses. ELB generates various logs and metrics that capture information about the traffic and the performance of the load balancer and its targets. ELB data provides useful information on traffic patterns, monitoring for performance and security incidents (DDoS attacks, etc.), and access to detailed request level information for troubleshooting. For high traffic environments, the volume of this data can overwhelm SIEM and logging tools. The variety of load balancers are in multiple formats that may not easily map to most analytics schemas.

EKS (Elastic Kubernetes Service) Data

EKS manages Kubernetes clusters on AWS. It generates various logs and metrics related to the operation and performance of the Kubernetes control plane and worker nodes. EKS data types include K8s Audit logs, Control Plane logs, cluster metrics, and Container logs. EKS is vital for monitoring cluster health, security auditing, resource optimization, and troubleshooting. The complexity and variety of data types make it a challenge to normalize formats and analyze EKS data. As with other AWS data, these data types are often very high volume and can stress budgets and daily ingest limits. 

Wrapping up

AWS offers a massive amount of data that can bolster security and observability efforts, but this data is often voluminous, noisy, and comes in a wide range of difficult to ingest formats. Fortunately, Observo AI can transform any of those AWS data types into the right format and route to the tools security and DevOps teams need to analyze it. Observo AI also optimizes and reduces the volume of this data allowing these teams to fit it into their tight budgets - most data types can be reduced by 80% or more by eliminating duplicate or low value, noisy data, and summarizing normal events into a single event for maximum volume reduction. Observo AI can also surface anomalies in the telemetry stream before indexing the data. By shifting analytics into the stream, Observo AI can enrich security AWS with sentiment analysis.  Using AI models this groups “out-of-bound” or very unusual and suspicious activity and marks it with negative sentiment. This helps teams prioritize critical events and tune out more routine alerts for faster incident resolution.

AWS + Observo AI unlocks your true potential for security and observability while controlling costs and boosting efficiency. Buying Observo AI on the AWS Marketplace offers an integrated buying experience that can unlock flexibility and allows you to use credits that you already own.

Visit Observo AI on the AWS Marketplace. Schedule your custom demo of Observo AI today.