
How Bronto became a key part of Nitro's security toolkit
Nitro centralized security logs, expanded retention beyond compliance requirements, and made critical Microsoft and Cisco security data far easier to search and operationalize for AI-driven analysis.
What Bronto did for Nitro
365+ days
Security log retention
1 layer
Centralized security logging
4 standards
HIPAA, DORA, ISO 27001, SOC2
100%
MS Defender, Entra ID & Meraki coverage
Business context
Nitro operates a global document productivity platform serving over 3 million licensed users across 157 countries, including 67% of the Fortune 500. As they transition their PDF and workflow solutions from on-device applications to a comprehensive SaaS model, their distributed infrastructure generates massive log volumes across Azure cloud services — requiring robust logging for security monitoring and compliance with HIPAA, DORA, ISO 27001, and SOC2 at enterprise scale.
Security logs: before and after Bronto
| Before Bronto | After Bronto |
|---|---|
| Security logs scattered across Datadog, Azure Log Analytics, and S3 buckets | Centralized logging layer with streamlined Azure Event Hubs integration |
| Only 3–30 days retention in Datadog due to cost constraints | 365+ day retention meeting and exceeding compliance requirements |
| Limited retention meant data was only available for AI initiatives in a very short window | Longer retention makes log data available for a wider set of AI use cases |
| High-volume logs excluded from monitoring due to Datadog pricing | Comprehensive ingestion of MS Defender, Entra ID, and Cisco Meraki logs |
| Manual log restoration from cold storage when needed | Instant searchability enabling threat hunting and forensic analysis |
| Limited security visibility due to fragmented log storage | Full incident forensics, timeline reconstruction, and behavioral baseline analysis |
How Bronto helped
Nitro implemented Bronto as their unified security logging layer, moving away from costly Datadog retention and fragmented Azure storage. Their Azure integration streams MS Defender and Entra ID logs through Azure Event Hubs directly to Bronto, while a custom Azure Container Instance with Fluent Bit collects Cisco Meraki syslog events via dedicated EventHub and Azure Function App processing.
- Implementation: rapid initial deployment with phased rollout across all enterprise log sources
- Team adoption: deployed for security and compliance workflows, with broader engineering rollout planned
- Cost: significant reduction in logging costs compared to extending Datadog retention
- Retention: expanded from as low as 3 days to 365+ days, meeting HIPAA, DORA, ISO 27001, and SOC2 requirements
- Coverage: comprehensive ingestion of MS Defender, Entra ID, and Cisco Meraki logs through centralized Azure Event Hubs
- Performance: improved search and interface responsiveness compared to Datadog for security analysis workflows
Bronto's long-term always-hot days mean we can access data with sub-second search, whether it's from last week or last year. This is huge for our security and AI strategy as we continue to revolutionize how we work at Nitro. For AI-powered analysis of our logs, data availability is key — it's just not possible with only a few days of retention. Bronto has become a key part of our toolkit when we think of log data and how it will play an important role for engineering, security and product teams going forward.
John Fitzpatrick
CTO, Nitro
See how Bronto can unify your security data and unlock it for AI-driven analysis.



