BrontoBronto
All customer stories
Nitro logo

How Bronto became a key part of Nitro's security toolkit

Nitro centralized security logs, expanded retention beyond compliance requirements, and made critical Microsoft and Cisco security data far easier to search and operationalize for AI-driven analysis.

365+ day retentionCentralized security logsBroader AI-ready data window

What Bronto did for Nitro

365+ days

Security log retention

1 layer

Centralized security logging

4 standards

HIPAA, DORA, ISO 27001, SOC2

100%

MS Defender, Entra ID & Meraki coverage

Business context

Nitro operates a global document productivity platform serving over 3 million licensed users across 157 countries, including 67% of the Fortune 500. As they transition their PDF and workflow solutions from on-device applications to a comprehensive SaaS model, their distributed infrastructure generates massive log volumes across Azure cloud services — requiring robust logging for security monitoring and compliance with HIPAA, DORA, ISO 27001, and SOC2 at enterprise scale.

Security logs: before and after Bronto

Before BrontoAfter Bronto
Security logs scattered across Datadog, Azure Log Analytics, and S3 bucketsCentralized logging layer with streamlined Azure Event Hubs integration
Only 3–30 days retention in Datadog due to cost constraints365+ day retention meeting and exceeding compliance requirements
Limited retention meant data was only available for AI initiatives in a very short windowLonger retention makes log data available for a wider set of AI use cases
High-volume logs excluded from monitoring due to Datadog pricingComprehensive ingestion of MS Defender, Entra ID, and Cisco Meraki logs
Manual log restoration from cold storage when neededInstant searchability enabling threat hunting and forensic analysis
Limited security visibility due to fragmented log storageFull incident forensics, timeline reconstruction, and behavioral baseline analysis

How Bronto helped

Nitro implemented Bronto as their unified security logging layer, moving away from costly Datadog retention and fragmented Azure storage. Their Azure integration streams MS Defender and Entra ID logs through Azure Event Hubs directly to Bronto, while a custom Azure Container Instance with Fluent Bit collects Cisco Meraki syslog events via dedicated EventHub and Azure Function App processing.

  • Implementation: rapid initial deployment with phased rollout across all enterprise log sources
  • Team adoption: deployed for security and compliance workflows, with broader engineering rollout planned
  • Cost: significant reduction in logging costs compared to extending Datadog retention
  • Retention: expanded from as low as 3 days to 365+ days, meeting HIPAA, DORA, ISO 27001, and SOC2 requirements
  • Coverage: comprehensive ingestion of MS Defender, Entra ID, and Cisco Meraki logs through centralized Azure Event Hubs
  • Performance: improved search and interface responsiveness compared to Datadog for security analysis workflows
Bronto's long-term always-hot days mean we can access data with sub-second search, whether it's from last week or last year. This is huge for our security and AI strategy as we continue to revolutionize how we work at Nitro. For AI-powered analysis of our logs, data availability is key — it's just not possible with only a few days of retention. Bronto has become a key part of our toolkit when we think of log data and how it will play an important role for engineering, security and product teams going forward.

John Fitzpatrick

CTO, Nitro

Ready to centralize security logs and extend retention?

See how Bronto can unify your security data and unlock it for AI-driven analysis.