April 18th, 2023
Blumira speeds time to market by building with LimaCharlie
Learn how this cloud SIEM provider leveraged LimaCharlie to develop a new cybersecurity product for SMBs
Enterprise-grade security for SMBs
Like all cybersecurity providers, Blumira has had to respond to the rise of remote and hybrid work models. But given Blumira’s focus on SMBs and mid-market companies, they found many businesses in their target market priced out of mature endpoint monitoring solutions—or without the technical ability and infrastructure to run the endpoint agents a larger organization might use.
For this reason, Blumira decided to offer its own endpoint monitoring solution: a product that could collect Windows endpoint logs and send them to Blumira's cloud SIEM platform for analysis, detection and threat response without requiring additional infrastructure or management on the part of the customer.
However, after some initial planning, Blumira’s leadership team decided not to develop the endpoint agent independently. “We had the technical ability to build the entire product from scratch,” says Jake Payton, Director of Engineering at Blumira. “But getting an agent to maturity ourselves—on top of everything else we wanted to do on our timeline—just wasn’t realistic.”
Mature capabilities, delivered on demand
Blumira began looking for a technology that could support their proposed endpoint monitoring solution, Blumira Agent, while also integrating well with the rest of their platform.
“The biggest challenge was finding a mature enough solution that we could build on quickly and still end up with something as good as what we had elsewhere,” says Payton. “We also wanted a real partner during the development process. We didn’t want to just buy something off the shelf and have to read a manual hoping to figure things out at every step of the way.”
After considering NXlog, winlogbeat, Telegraf, and a number of potential agents, Blumira found that cybersecurity middleware vendor LimaCharlie offered the best balance of capabilities, cost, and support.
LimaCharlie takes an unusual approach to cybersecurity. The company offers users an ecosystem of 100+ mature capabilities and integrations as cloud-native primitives. Similar to the way AWS provides IT capabilities and web services, LimaCharlie uses an IaaS model in which everything is delivered on-demand, as-needed, and API-first—no contracts, price modeling, or fixed minimums required.
“LimaCharlie is like a box of Lego blocks for cybersecurity,” says company co-founder Christopher Luft. “There is no one-size-fits-all solution to cybersecurity problems. Our approach gives teams the flexibility to build and customize solutions as needed.”
Concept to GA in five months
As development began, Blumira soon noticed the advantages of working with an infrastructure-first, engineering-centric cybersecurity vendor.
One of LimaCharlie’s core capabilities is multi-source telemetry ingestion. On endpoints, this is accomplished via the lightweight, multi-platform LimaCharlie agent. Telemetry data is pulled into the LimaCharlie cloud and standardized to a common data format. From there, data can be exported to any destination. This functionality gave Blumira an agent that would offer excellent visibility into remote Windows endpoints without straining user resources—grabbing Windows events and log data from hosts and sending them on to the Blumira cloud for processing. In addition, because the LimaCharlie agent is able to take action on endpoints, Blumira would also be able to monitor and/or halt ingestion and take appropriate response actions as needed.
Access to cloud-native primitives meant that Blumira’s developers could integrate advanced capabilities into their existing SIEM infrastructure quickly and easily. This was often as simple as setting up an API call between the two platforms, and was essential in shortening time to market. Development work began in August 2022, and Blumira Agent launched in January 2023. In the time that most vendors would take to perform feasibility studies, Blumira had delivered an advanced remote endpoint monitoring solution for SMBs.
Blumira says that the product has been a resounding success. Agent is the powerful and easy-to-use solution that the company had envisioned. Users find the installation process to be fast and simple. After installation, management is hands-off, as intended.
As for the experience of building with LimaCharlie, Blumira was extremely satisfied:
“At every step of the way, the technology more than met our needs,” says Payton. “And in terms of the partnership, it was always easy to get information and guidance. If we had a question, we got the answers we needed very, very quickly. The LimaCharlie team was a joy to work with.”
A platform built for builders
For Blumira, one of the added benefits of working with LimaCharlie was that they could use just as much of the platform as they wanted—without being forced to purchase features and capabilities they didn’t need.
The LimaCharlie platform is extensive. Built on an advanced Detection, Automation, and Response Engine, it is designed for cybersecurity automation and sophisticated security disciplines such as detection engineering. Use cases are thus broad, and encompass MSSP, DFIR, and enterprise SOCs.
But in building Blumira Agent, the company’s developers were able to choose the capabilities that worked for them, and leave the rest aside for the future—a future that Payton views with optimism:
“We aren’t even close to using all of the capabilities in LimaCharlie. We're still just scratching the surface of our partnership together. I'm already excited about this partnership—and I’m excited about where it’s going to go in the years to come.”
In terms of their own vision for the future, LimaCharlie believes that the on-demand, engineering-centric model they’ve pioneered is the way to move the industry forward.
“LimaCharlie is security done differently—and our technology partners benefit from that difference,” says Luft. “It’s a very new approach, but we feel that in time cybersecurity professionals will stop asking “Should we do it this way” and will instead ask “Why would we do it any other way?”
LimaCharlie is cybersecurity middleware that gives teams full control and visibility over their security posture. Build on an advanced Detection, Automation, and Response Engine. Lower startup costs with our free tier and pay-per-use infrastructure. Shorten time to market by leveraging a public API and a powerful ecosystem of 100+ infrastructure components and integrations. Then scale with confidence by taking advantage of our transparent, predictable pricing and pure usage-based billing options.
Blumira makes security easy and effective, especially for mid-market and smaller companies, helping them detect and respond to cybersecurity threats faster to stop breaches and ransomware. Blumira's all-in-one SIEM platform combines logging with endpoint security and automated detection and response for better outcomes and consolidated security spend. Blumira was recognized by G2 as a Momentum leader, ranked as “Fastest Implementation,” “Easiest to Use,” and “Best Results” in the G2 Winter 2023 Grid® Reports. Meet compliance controls, save time on security tasks, focus on real threats and protect against a breach faster than ever with Blumira.