Zebrium bets on autonomous log monitoring for incident detection
Log management and observability is time-consuming and expensive, unless done autonomously. That’s the bet of 2017 startup Zebrium Inc., an autonomous monitoring platform that uses unsupervised machine learning to automatically detect and help resolve incidents.
“Zebrium was founded on the notion that we can just do all that automatically,” said Larry Lancaster (pictured), founder and chief technology officer at Zebrium. “We can take a pile of machine data, we can turn it into a database, and we can build stuff on top of that.”
Lancaster spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the virtual Vertica Big Data Conference. They discussed Zebrium’s belief that the future of monitoring is autonomous and how the startup is performing in this market. (* Disclosure below.)
To keep customers happy
Although the broader market for monitoring software has many participants, not all have the same approach. The market has been changing, and there is now an understanding that mean time to incident detection and resolution, which is a key metric for measuring the efficiency of cybersecurity, is what people need to focus on to keep their customers happy, according to Lancaster.
“If it is a known issue with a known symptom and a known root cause, then you can set up an automation for it,” he explained. “But the ones that really cost a lot of time in terms of service disruption are unknown unknowns.”
To face these unknowns resulting from the increasing complexity of applications, it is necessary to dig into a huge mass of data. “So, observability is about making tools to help you do that, but it’s still going to take you hours,” Lancaster pointed out. “And our contention is that you need to automate the eyeball; the bottleneck is now the eyeball.”
Making this monitoring effective depends on moving away from the notion that a person will be able to do it infinitely more efficiently and recognizing that it is necessary automated help. “When you get an alert agent, it shouldn’t be that: ‘Hey, something weird is happening; now go dig in,’” Lancaster explained. “It should be: ‘Here’s a root cause and a symptom,’ and that should be proposed to you by a system that actually does the observing.”
Zebrium is working mainly with two types of data: metrics and log files. After obtaining a stack of unstructured logs, the startup structures them into tables for event type and records every time it happens.
“If I have all my event types structured that way, everything changes and I can do real anomaly detection and incident detection on top of that data,” Lancaster said. “So that’s really how we go about being able to do autonomous monitoring in a way that is effective.”
Using Vertica’s column storage
To structure and load log data into tables, Zebrium uses Vertica‘s expanding relational column storage. At the same time, Vertica’s analytical performance and cloud-native flexibility allow Zebrium to scale up to meet demand, according to Lancaster.
“I think column stores are ubiquitous now in analytics,” he explained. “And being able to have ACID guarantees and everything else, like a normal mature database that can join lots of tables and still be fast, that is also necessary at scale.”
Zebrium is leveraging its business with a round of investments. The startup raised just over $6 million to invest in its operations. “In the last six to eight weeks, it’s just been this sort of pique of interest. It’s been an amazing start to the year,” Lancaster concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the virtual Vertica Big Data Conference. (* Disclosure: TheCUBE is a paid media partner for the Vertica Big Data Conference. Neither Vertica, the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.