Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Lean security teams don't need a smaller version of an enterprise SOC. They need a different approach entirely. Graylog Director of Product Management, Rich Murphy, joins Logs and Lattes to explain why 2-to-4-person security teams are the most underserved segment in cybersecurity and what needs to change.

Most folks build their SIEM the same way they load a junk drawer: by shoving in whatever they already have—Active Directory, firewalls, and a whole lot of “eh, why not.” But at Graylog, we think you deserve better than a glorified log toilet. In this talk, we’ll flip the script: start with the problems you’re actually trying to solve, then figure out what you need to know, then what data supports that. And with Graylog’s Intelligent Data Routing, you can now act on that plan—sending high-value data to hot storage and archiving the rest to standby storage for when (and if) it’s needed. Build your SIEM like it has a brain—and a budget.

Follow Joel Duffield while he talks about why some systems just don’t want to be logged. Whether it’s your backup tool that only sends email alerts, your budget IoT device that wasn’t built for enterprises, or that one SaaS app stuck on the free tier—there’s no clean way to get their messages into your SIEM.

Lean security teams operating in hybrid and regulated environments are not just fighting threats. They are fighting time. When evidence is scattered across email, identity, VPN endpoints, cloud, and network tools, even a solid detection means nothing if triage slows to a crawl. In this episode of Logs and Lattes, host Palmer Wallace and Graylog Solutions Architect Kyle Pearson break down the top ten security threats hybrid organizations are actually dealing with in 2026 and the single common failure behind most of them: fragmented telemetry that delays investigation when it matters most.

Security teams spent 2025 operating at maximum load. Alert volume kept rising, analysts pivoted across too many tools, AI arrived faster than governance could support, and cloud costs shaped what data teams felt safe keeping. In this episode of Logs and Lattes, host Palmer Wallace and Jeff Darrington break down what actually happened inside real SOCs and how those lessons are already guiding 2026.

Security teams spent 2025 operating at maximum load. Alert volume kept rising, analysts pivoted across too many tools, AI arrived faster than governance could support, and cloud costs shaped what data teams felt safe keeping. In this episode of Logs and Lattes, host Palmer Wallace and Jeff Darrington break down what actually happened inside real SOCs and how those lessons are already guiding 2026.

How much value are you really getting from your logs, and what are you giving up to stay on budget? In this episode of Logs and Lattes, host Palmer Wallace sits down with Seth Goldhammer, VP of Product Management at Graylog, for a candid conversation about the hidden cost of traditional SIEM pricing. Seth explains how ingest-based and resource-heavy licensing models pressure security teams into tough tradeoffs, such as dropping logs, tuning down detections, or limiting retention just to avoid budget overages.

Graylog earned recognition from both Gartner and GigaOm, and it is reshaping how teams think about SIEM. In this episode of Logs & Lattes, host Palmer Wallace talks with Kimber Spradlin, Chief Marketing Officer at Graylog, about what this dual recognition means for customers, analysts, and the future of security operations.

Graylog earned recognition from both Gartner and GigaOm, and it is reshaping how teams think about SIEM. In this episode of Logs & Lattes, host Palmer Wallace talks with Kimber Spradlin, Chief Marketing Officer at Graylog, about what this dual recognition means for customers, analysts, and the future of security operations.

Security teams are overwhelmed by alerts, but which ones really matter? In this episode of Logs & Lattes, host Palmer Wallace talks with Rich Murphy, Senior Product Manager at Graylog, about how smarter security operations help teams cut through the noise and focus on what truly reduces risk. From alert fatigue to risk-first response, they unpack practical ways to prioritize real threats, automate with context, and make incident response faster and more effective. Learn how modern SOCs are evolving beyond alert overload to focus on meaningful, risk-based action.