Logspect's AI Log Analysis Agent 'LogEater' Adopted by BRIDGED PURPLE SOC: Halves Costs via Hybrid Architecture with Elastic Security

Logspect Inc. (Headquarters: Shibuya-ku, Tokyo; CEO: Hisashi Hibino) announced that its log analysis AI agent 'LogEater' has been adopted by BRIDGED Inc. (Headquarters: Chiyoda-ku, Tokyo; CEO: Kotaro Takahashi) for its generative AI-driven SOC service, 'BRIDGED PURPLE SOC'. The service features a 'Purple Team' approach that links both the defensive (Blue Team) and offensive (Red Team) sides using generative AI, incorporating 'LogEater' as the log analysis engine integrated with Elastic Security's SIEM capabilities. This hybrid architecture reduces log infrastructure costs by approximately 50% compared to a standalone Elastic Security setup, enabling 24/365 SOC service delivery that optimizes infrastructure costs while eliminating the steep learning curves and human-dependency of SOC analysts.

◾️ Background: Two Structural Challenges Facing SOC Providers

As cyberattacks become more sophisticated and detection targets expand, SOC providers are required to maintain stable 24/365 operational quality. However, they face structural challenges of ballooning operational costs and the difficulties in securing and training analyst talent.

First is the optimization of SOC operational costs. SIEM products easily rack up costs for licensing, storage for retaining logs, and computing infrastructure for search and analysis. The costs of maintaining a 24/365 analyst workforce and continually training new analysts are also major burdens. Specifically, storage costs to meet long-term log retention requirements severely pressure service profitability. Consequently, valuable communication logs (firewalls, proxies, VPC Flow Logs) are often abandoned from SIEM ingestion due to these licensing and storage costs.

Second is the difficulty in mastering advanced log analysis and accumulating knowledge. Each SIEM product requires learning proprietary query languages like SPL (Search Processing Language) or ES|QL (Elasticsearch Query Language), which takes significant time before efficient queries can be designed. Furthermore, understanding various log field structures and analysis methods aligned with attack patterns often depends on individual analysts, making it difficult to standardize and transfer as organizational knowledge.

For BRIDGED, finding solutions to these exact two challenges was the most critical theme in designing their new SOC service.

◾️ Why BRIDGED Selected 'LogEater'

When selecting the log analysis engine for BRIDGED PURPLE SOC, BRIDGED evaluated standalone SIEM setups, multiple log management solutions, and generative AI integrations before finalizing 'LogEater'. The decision was driven by the following factors:

First, the optimization of total log infrastructure costs through a hybrid architecture of Elastic Security and 'LogEater'. Because 'LogEater' connects to Elastic Cloud via the Elasticsearch MCP Server, a hybrid design is possible: managing the current day's logs needed for real-time detection on Elastic Security, while consolidating other long-term logs into the 'LogEater' data warehouse. Using ultra-high compression technology, the 'LogEater' warehouse achieves long-term log retention at costs comparable to archive storage.

Second, the reduction of learning costs for SOC analysts through generative AI log analysis. Analysts can perform log analysis and generate visual reports using simple natural language prompts, without learning proprietary query languages like SPL or ES|QL. Additionally, because the underlying generative AI model (based on Anthropic's Claude) applies pre-trained cybersecurity and log analysis knowledge directly to operations, it supplements senior analysts' judgments and enables junior analysts to participate in operations much earlier.