NetAssist cuts threat times with Graylog SIEM refresh

NetAssist has rolled out Graylog Security across its security operations centres, saying the move has cut threat detection times and reduced costs while handling a sharp rise in log data volumes.

The Malaysia-based managed security services provider serves customers in regulated sectors including critical infrastructure, banking, and national payment networks. It runs multi-tenant SOC services and offers build-operate-transfer models, setting up and operating a SOC before handing it over to a customer.

NetAssist said the deployment reduced mean time to detect threats from about four hours to under 45 minutes, and absorbed 300% log volume growth without increasing SOC staffing.

It also reported a 50% reduction in SIEM licensing costs and a 30% saving in infrastructure resources. The company said guided workflows and SOAR integration also shifted analyst workflows, enabling Level 1 analysts to handle more complex investigations.

SIEM refresh

Security information and event management platforms sit at the centre of many SOC operations. They collect and normalise event data from systems and applications, then support searching, alerting, and investigations. As data volumes rise and security teams face pressure to respond faster, many organisations are revisiting these tools.

NetAssist framed its Graylog deployment as a response to more complex customer environments and growing log requirements. It also cited constraints it associates with older platforms, including slow search performance, caps on data ingestion, and rising licensing costs.

Hon Fun Ping, managing director of NetAssist, linked the change to the operational demands customers place on outsourced security teams.

"As customer security environments grow more complex, we prioritize technologies that allow us to provide holistic cyber resilience, and through our SOCs, to respond rapidly, scale securely, and deliver outcomes with consistency," said Hon Fun Ping, managing director of NetAssist. "Graylog gives us the performance and flexibility to do just that, without compromising on visibility or cost."

Operational impact

For MSSPs, ingesting and searching large volumes of logs can become a bottleneck. Pressure increases as customers add cloud services, endpoint tools, network sensors, and identity platforms. Each new data source can raise ingest rates and storage requirements, and increase the number of alerts analysts must triage.

NetAssist said it improved search performance after deploying Graylog Security, streamlined analyst workflows, and increased visibility across expanding datasets. This can be critical for providers that need consistent performance across multiple tenants while meeting regulated customers' requirements for auditability and data handling.

The staffing claim is also notable in the context of SOC economics, where MSSPs often weigh adding personnel against automating initial triage. NetAssist said guided workflows and SOAR integration expanded what Level 1 analysts could do during investigations.

Regional momentum

Graylog described the deployment as part of broader uptake among MSSPs and enterprise SOCs, and highlighted growing interest in Southeast Asia as managed security services markets expand alongside cloud adoption and regulatory requirements.

Gerald Lum, regional vice president of sales at Graylog, said the NetAssist relationship reflects demand among service providers for alternative SIEM approaches.

"NetAssist represents the kind of innovative security provider we're excited to support," said Gerald Lum, regional vice president of sales at Graylog. "Their ability to extend advanced security outcomes at scale reflects the growing demand for modern, cost-effective platforms like Graylog Security across global MSSP environments."

NetAssist also said it is preparing further changes to its SOC operations, including AI-assisted threat hunting and automated compliance reporting-common roadmap items for teams seeking faster investigations and more repeatable reporting for regulated customers.