cancel
Showing results for 
Search instead for 
Did you mean: 

Advance Analytics: cloud storage need

AlfaBane
New Contributor II

For those of you that are leveraging Adv Analytics, what has been your real-world need for the cloud storage period for records? 7 days with a Splunk data collection looks to be feasible (if this data, indeed, feeds to Splunk). 30 days is likely where we'd want it capped but I'd like to hear from current users. 

1 ACCEPTED SOLUTION
ematchey
Netskope
Netskope

 

Hello Alphabane,

 

The sweet spot for many customers is the 3months/90 day data retention plan. This amount of data allows you to understand your environment - where is your data going and why and how is behavior changing over time. It offers the ability for customers to both do the investigative and troubleshooting work as well as have the ability to monitor trends. Longer data retention also gives AA more information about persistent problems.  It allows AA to tell the difference, for instance, between a user who has been constantly violating rules for months versus a user who had their first incident ever this week. Below is a table that breaks down the data retention by persona, key use cases and relevant dashboards. Please let us know if you have further questions!



Data Retention Period

Persona

Key Use Cases

Relevant Views/Dashboards

24hrs - 7 Days

Hands-on:

- Security operations/management

- Information Security Engineers

- Security Architect

- App/user activity discovery

- Policy tuning

-Tenant configuration troubleshooting

- Incident investigation

- Risk Management

- DLP Policies

- Coaching Policy

3 Months

- Usage and performance

- Short term trends

- Threat hunting

6 Months

Hands-off:

- CISO

- CIO

- VP of Security Infrastructure & Operations

- IT Director


- Providing security strategy for organizations as a whole

- Needs data to make business decisions and backup strategies

- Needs the 'Big Picture'

- Demonstrating value of security investments

- CISO Dashboard

- Insider Threat Dashboard

- Cloud Risk Assessment - QBR

13 Months


Elena

View solution in original post

1 REPLY 1
ematchey
Netskope
Netskope

 

Hello Alphabane,

 

The sweet spot for many customers is the 3months/90 day data retention plan. This amount of data allows you to understand your environment - where is your data going and why and how is behavior changing over time. It offers the ability for customers to both do the investigative and troubleshooting work as well as have the ability to monitor trends. Longer data retention also gives AA more information about persistent problems.  It allows AA to tell the difference, for instance, between a user who has been constantly violating rules for months versus a user who had their first incident ever this week. Below is a table that breaks down the data retention by persona, key use cases and relevant dashboards. Please let us know if you have further questions!



Data Retention Period

Persona

Key Use Cases

Relevant Views/Dashboards

24hrs - 7 Days

Hands-on:

- Security operations/management

- Information Security Engineers

- Security Architect

- App/user activity discovery

- Policy tuning

-Tenant configuration troubleshooting

- Incident investigation

- Risk Management

- DLP Policies

- Coaching Policy

3 Months

- Usage and performance

- Short term trends

- Threat hunting

6 Months

Hands-off:

- CISO

- CIO

- VP of Security Infrastructure & Operations

- IT Director


- Providing security strategy for organizations as a whole

- Needs data to make business decisions and backup strategies

- Needs the 'Big Picture'

- Demonstrating value of security investments

- CISO Dashboard

- Insider Threat Dashboard

- Cloud Risk Assessment - QBR

13 Months


Elena