Palo Alto Networks processes terabytes of network security events daily, requiring a system that can efficiently correlate and analyze millions of events per second. To reduce operational costs and complexity, they opted to eliminate the traditional message queue (Kafka) and use their existing low-latency NoSQL database (ScyllaDB) for real-time event correlation. This approach allowed them to enhance performance and lower operational overhead while maintaining high throughput and robust data correlation capabilities.
Table of contents
Background: Events, Events EverywhereEvolving from Events to StoriesImplementation 1: Relational DatabaseImplementation 2: NoSQL + Message QueueImplementation 3: NoSQL + Cloud-Managed Message QueueImplementation 4: NoSQL (ScyllaDB), No Message QueueFinal ResultsSort: