Microsoft Azure + Cribl - Better together
Cribl: The Stream Life
In this episode of The Stream Life Podcast, and join the show to discuss , Cribl's solutions for Microsoft Azure customers, and much more. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We offer , certifications, and a ....
info_outline
A Two Way Door
Cribl: The Stream Life
In this episode of The Stream Life Podcast, joins the show to discuss Cribl’s recent Series E round, how customers find value in our products, why they need a Data Engine for IT and Security, and how our products integrate seamlessly—without ever locking data in. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the...
info_outline
Navigating the Data Current
Cribl: The Stream Life
In this episode of The Stream Life Podcast, joins the show to talk about Cribl's new research report, Navigating the Data Current 2024: Exploring Cribl.Cloud Analytics and Customer Insights. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We...
info_outline
Cribl University Update
Cribl: The Stream Life
In this episode of The Stream Life Podcast, Bradley chats with Cribl's about the second birthday of Cribl University and the new Cribl Certified Admin course. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We offer ,...
info_outline
CriblCon 2024 Recap
Cribl: The Stream Life
In this episode of The Stream Life Podcast, Bradley chats with Cribl's about everything announced at CriblCon 2024! Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We offer , certifications, and a . Our features Cribl...
info_outline
Exploring Cribl Copilot!
Cribl: The Stream Life
In this episode of The Stream Life Podcast, Bradley Chambers chat with l about Cribl Copilot turbocharges efficiency and bridges the skills gap, ushering in the next generation of AI-augmented workforce empowerment for IT and Security. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice,...
info_outline
Keep Scalin'
Cribl: The Stream Life
In this episode of The Stream Life Podcast, I chat with Nick Romito about the journey to building support for 50k nodes in customer deployments. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We offer , certifications, and a ....
info_outline
Customer Choice and Technical Alliances
Cribl: The Stream Life
In this episode of The Stream Life Podcast, joins the show to discuss all the news about Cribl's new Technical Alliance Partner program and why customer choice for data will be the decade's theme in IT and Security. Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to...
info_outline
The State of OCSF
Cribl: The Stream Life
In this episode of The Stream Life Podcast, Nick Heudecker joins the show to talk about his recent LinkedIn article about OCSF (Open Cybersecurity Schema Framework). Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We offer ,...
info_outline
Join Cribl at RSA Conference 2024!
Cribl: The Stream Life
In this episode of The Stream Life Podcast, I chat with a host of goats: , , and about all the excitement around ! Resources If you want to automatically get every episode of the Stream Life podcast, you can . Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs. We offer , certifications, and a . Our features Cribl...
info_outlineIn this Livestream conversation, I spoke with John Alves from CyberOne Security about the struggles teams face in modernizing a SIEM, controlling costs, and extracting optimal value from their systems. We delve into the issues around single system-of-analysis solutions that attempt to solve detection and analytics use cases within the same tool. We explored the strategic limitations of this type of security architecture, presenting alternative options for effectively mixing and matching data platforms. Be sure to watch the full conversation to get on the path toward achieving the optimal combination of data management and cost control capabilities.
If your security architecture is centered around a SIEM that houses all your security and operational data, it’s time for an upgrade. Data quantities, cyber attacks, and regulatory requirements are all on the rise, so having a single destination for your data leaves too much room for vulnerabilities. Until recently, buying a SIEM meant deploying its agents, putting all your data into it, and going on your merry way. You were almost 100% confined to that one framework — if you wanted to use UEBA, your vendor or one of their partners provided it. Operating outside your SIEM or bringing in third-party vendors was very limited.
Observability Pipelines to the Rescue
About five years ago, the concept of an observability pipeline emerged, allowing organizations to funnel their observability and security data through a consistent data plane. The idea of controlling where your data gets stored was born, and vendor-neutral considerations began gaining popularity. Admins can now make copies of events for their SIEM, data lake, UEBA solution, or someone else's data lake — easily turning one event into four events that power different parts of their security stack. By moving data into a data lake instead, admins can analyze data and build dashboards for operations teams without bloating their ingest. Teams have more choice and control over their data than ever before, so they can consider their specific needs when building out their infrastructure.
The Benefits of a Data Security Lake
During our discussion, John mentioned how this flexibility is no longer a wish-list item for his clients, but a necessity. As the industry transitions to cloud infrastructure and cloud-based computing, organizations require vendor-neutral data that supports their scalability efforts. There are a host of benefits you get from modernizing your security architecture.
Reduced License Costs
Routing data that isn’t needed for security to object storage is one of the best ways to reduce SIEM license costs. Ingest costs go down, and you avoid the upsell for archive data — around a 4- 8x markup — as opposed to using your own object storage or your SIEM cloud platforms archive. You can also store it in a vendor-neutral format, giving you enormous flexibility that you wouldn’t get otherwise. We recently worked with a developer team and their debug logs, routing them to a lower-cost S3 bucket instead of their SIEM. All we had to do was create a rule in Cribl Stream to route them to the data lake, and now they’re available to be restored whenever necessary. This is just one example of many where we can set customers up to meet their simultaneous need for availability but lower cost and overhead.
Increasing Security While Decreasing Engineering Time
When you can reduce your SIEM license costs, you no longer have to choose which data sources you can afford to collect. By removing the constraints for engineers that come from not having the raw data when needed, security teams can focus on security and not just moving data around. No more time spent on tasks like going out to a server to manually zip up and pull in logs. The result? Better detections, analytics, and security.
Shared Data Within the Organization
Each team has a different use case for the data the organization collects — having different pipelines to transform and send data to different sources is invaluable. Putting firewall, threat, traffic, and systems logs into a single destination is a great way to bloat your ingest. And not all logs from a single data source are security relevant. Routing some of them into a storage account or data lake will not only save on ingestion costs and create less noise for security teams, but you can also give access to relevant logs to your infrastructure, firewall, and other teams. Route your threat logs straight into the SIM, but send traffic and other logs straight into the data lake for your infrastructure network team.
Compliance With Retention Requirements
Another benefit of keeping raw copies of data is complying with retention requirements. If you're manipulating data before it goes into your SIEM, then you’re not adhering to some necessary standards. Transform events to get what you need for your SIEM, but keep unmanipulated, raw copies in your data lake. Your IR or legal counsel can control forensic copies.
Meet Cyber Insurance Requirements
As insurance companies get more sophisticated and start hiring engineers as auditors, they’ll dive deeper into your architecture than before. They’ll ensure you have a SIEM in place but also check to see if you’re putting the right data in and using it appropriately. Government auditors will want to see all your data sources and detections. They’ll be ready to write findings if you’re not following best practices. The prevalence of bad data or an overwhelming amount of data leads to various issues with detection, and drives costs higher and higher. It is extremely common to witness a year-over-year cost increase of up to 35%, which is clearly unsustainable. Watch the full livestream to hear John and I talk about alternative options for your SIEM platform, so you can be empowered to re-architect your data strategy. With the right strategies, SIEM platform challenges can be overcome, and we’re here to help as you embark on this transformative journey.