Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Move from ELK to Coralogix Delivers Major Observability Boost for Claroty

  • 6 min read
case study
Key Stats
  • 3TB daily data volume
  • Over 3K Coralogix alerts used
  • Adopted by 200 Claroty employees
  • 3+ years useing Coralogix

About Claroty 

Claroty specializes in cyber-physical systems security across industrial, healthcare and enterprise environments. Their unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. 

The Challenge – A Time Consuming and Unstable Observability Setup

In order to assess potential risks and vulnerabilities, Claroty equips each customer with dedicated physical and cloud servers connected to their network. Different applications and Kubernetes clusters shared for all customers, record data such as the connected devices’ information, incoming and outgoing connections, the communication protocols in use, and the volume of traffic. The servers, clusters and applications themselves generate logs that inform on their health, performance and status.

Claroty’s Tech Ops team had initially implemented a DIY solution using ELK (Elasticsearch, Logstash, Kibana) to collect and analyze the data coming from those servers, clusters and applications. This included self-hosting Kibana and Elasticsearch, and reflected the company’s need for a flexible observability solution they had control upon.

However, as the company grew and their infrastructure expanded, maintaining ELK became increasingly difficult, especially without an in-house expert to handle the infrastructure complexities that come with self-hosted solutions. The breakdowns led to situations where Claroty had to delete and recreate instances, which was time-consuming and disruptive to their operations. With no dedicated support to answer their questions and help them fine-tune their DIY ELK solution to their needs, the team also struggled to manage their alerts effectively.

These challenges prompted Claroty to look for an out-of-the-box, managed solution that would allow them to spend less time grappling with infrastructure issues and alert handling.

The Solution – A Complete Observability Solution with Dedicated Support 

Three years ago, Claroty took the decision to transition from their self-managed ELK system to an out-of-the-box solution. After considering a few options, the DevOps team decided to set up a proof of concept for Coralogix and discovered a platform that not only met their immediate need for a reliable fully-managed system, but also offered unparalleled alert and incident management capabilities

The platform seamlessly integrated with Claroty’s infrastructure, managing the diverse data sources across physical and cloud servers, and accommodating both their text and JSON logs. Moreover, Coralogix’s flexibility meant that Claroty could use the platform as they saw fit, starting with log processing. Since the logs weren’t sent only to Coralogix but also to another storage solution for auditing purposes, the Tech Ops team decided to keep using Logstash as a processing pipeline before forwarding the logs to Coralogix via Coralogix’s dedicated integration. 

Claroty also made use of Coralogix’s Events2Metrics functionality to generate metrics from some of their logs. This enabled them to graphically represent critical data, such as fluctuating customer traffic over time, without the need for a specific dashboard visualization tool like Kibana. The addition of approximately 3000 alerts significantly expanded their monitoring capabilities and improved their ability to identify and respond to issues promptly.

Furthermore, the transition to Coralogix transformed the way Claroty manages incidents and alerts. Claroty uses Coralogix’s incidents screen, a unified means to visualize alerts, identify triggers, drill down into underlying logs and metrics, debug and efficiently manage incidents. The ability to organize, search, filter, and modify incident status allowed Claroty’s support team to prioritize and assign issues to different team members, ultimately eliminating the need for PagerDuty.

Coralogix is a complete solution, for both alerting on issues, debugging and incident management.

Or Bart, Team lead for Tech Ops

As explained by Or Bart, Team lead for Tech Ops at Claroty, the standout feature of Coralogix is the exceptional level of support. The Tech Ops team members actively engaged with the Coralogix support team during the migration and still do so now, seeking expert input for creating custom webhooks and refining parsing rules as well as more general guidance. But their trust in Coralogix extends beyond utilizing the standard features as they participate in alpha testing of new functionality, pushing the platform to its limits and providing valuable insights to further enhance its capabilities.

Today, over 200 Claroty employees across R&D, core and support teams, as well as the company’s Technical Account Managers use Coralogix.

Results and Benefits

Transitioning to Coralogix unlocked a range of benefits that improved Claroty’s operations and efficiency.

Operational Simplicity

Previously entangled in the intricacies of Kibana, Elasticsearch, and their underlying self-hosted infrastructure, Claroty now benefits from a fully managed solution that works for them, not against them.

Exceptional Support and Collaboration

The world-class support, featuring a 24/7 in-app chat service and a response time under 1 minute, became a cornerstone of Claroty’s success story with Coralogix. The Coralogix support team is committed to helping Claroty get the best out of the platform by providing expert assistance for every query, from custom webhooks to parsing rules. 

“Coralogix’s support team is super responsive and we are thrilled with their level of 24/7 availability. We also feel like we’ve influenced a lot of features. We feel heard and that the platform really reflects our needs.”

Or Bart, Team lead for Tech Ops

A Complete Observability Solution

Coralogix has emerged as Claroty’s holistic solution for alerting, debugging, and incident management, ensuring a cohesive strategy and improved efficiency in issue resolution.

Capable of Meeting High Observability Needs

Coralogix has proven its effectiveness in meeting Claroty’s high observability needs. With over 3000 alerts and a staggering 3TB of data sent daily, Coralogix handles the influx seamlessly, providing a robust and reliable platform to support Claroty’s operations.

Automated Alert Management

Coralogix’s API integration has empowered Claroty to automate alert management and reduce the load on their incident management team. The team can automatically delete/update alerts based on specific actions, optimizing the alert workflow to align with Claroty’s unique operational requirements.

Summary

Facing operational challenges with their DIY ELK solution, Claroty searched for a fully-managed, reliable observability platform. Coralogix emerged as the game-changer, offering operational simplicity and complete alerting and incident management features. The platform’s flexibility coupled with dedicated expert support led to a collaborative partnership that guides both companies toward continuous improvement.