Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and centralize access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Watch On-Demand
3 ways to fast-track your data lake strategy without being a data expert
Watch On-Demand ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›December 7, 2021
We’ve all been there. That harrowing moment at the restaurant when the waiter comes to the table and asks that fateful question: “Are you ready to order?”
I don’t know about you, but I am almost never ready. Do I want chicken or steak? I’ve eaten a lot of meat this week… Should I opt for fish or a vegetarian option instead? Oh, God. I forgot to check the reviews online. What do other people like the best? Cue heart palpitations.
What’s worse, the internal anxiety begins to manifest externally: sweaty palms, fidgeting, the whole nine. Many of the federal agencies (and the channel partners that work with them) I’ve had the pleasure of talking to over the past several months feel the same way about Biden’s executive order on cybersecurity.
For those of you who aren’t familiar, in May 2021 the Biden Administration announced Executive Order (EO) 14028: Improving the Nation’s Cybersecurity. As the name suggests, it emphasizes cybersecurity as a national priority and mandates each federal agency to adapt to today’s continuously changing threat environment. In this blog post, I’ll walk through the key points in the EO.
According to the fact sheet on the EO put out by the White House, Executive Order 14028 ensures that IT service providers are able to share information with the government. It also requires them to share certain breach information. This is super important; IT service providers aren’t always willing to share info about a compromise, especially regarding their own security breaches.
It’s a lot like the restaurant reviews I mentioned earlier. Let’s say some folks get food poisoning from your favorite Italian spot, and a few upset (in both stomach and countenance) customers leave bad reviews on Instagram. The restaurant may choose to delete the comments because it paints them in a bad light, but what’s in the best interest of the community? It’s important to share this information, even when it doesn’t benefit the restaurant or the provider.
The same is true when it comes to security breaches, and ultimately, as a customer, I’m going to want to engage (and dine) with providers who are transparent. To bring it full circle, federal agencies need to know breach information that may impact government networks. It’s necessary to enable more effective defenses of federal departments, and to improve the nation’s cybersecurity as a whole.
We’ve all heard it before: zero-trust architecture. The EO also helps move the federal government to secure cloud services via a zero-trust architecture, mandating the deployment of multifactor authentication and encryption on a specific time period.
I can’t count the number of times I’ve been to a restaurant with AMAZING word-of-mouth and online reviews, only to find that the food and experience are subpar. The lesson is clear: Trust no one.
For those of us in the observability space – and yes, that includes security – it’s essential that you have a way to encrypt your data in flight and make sure certain logs, metrics, and events are only accessible to those with the appropriate roles, and that the aforementioned access updates as roles shift over time.
Next on the list: Establishing baseline security standards for software development for tools being sold to the government. The EO demands visibility into this sort of software, as well as public visibility into their security data. You’d want to know if your dinner choice for the evening is up to code, wouldn’t you?
As new tools are being developed for use by federal agencies, it’s essential that the providers’ development and operations teams are transparent regarding how secure their tools are. Once these tools are implemented, the teams behind these tools need to continue that transparency as standards and regulations change. This EO holds them accountable.
If (and when) something happens, you need a game plan. And what exactly qualifies as “something?” The Executive Order creates a standardized playbook and set of definitions for cyber incidents and the subsequent response by federal departments and agencies. The idea is simple: Our government doesn’t have the luxury of waiting until a breach happens to figure out who should or how to respond to it.
Let’s return to our very unfortunate restaurant example. If a patron gets food poisoning, the team in charge of the response often has a significant influence on what the response will be. The restaurant executive team might shell out additional cash to cover any needed medical bills and court costs. Kitchen staff may choose to switch up their menu or BOH practices. And the front of the house? Bring on the apologies and coupons.
When considering something as vital as the federal government, the response simply cannot vary in this way. The Executive Order signifies a cybersecurity safety review board and insists on a playbook for incident response, giving stability to events that could otherwise be earth-shattering.
And Joe Schmoe getting food poisoning is a lot different than Drake getting food poisoning. Think of the bad press! What if you could tell who was going to walk into your restaurant ahead of time?
Lastly, the Executive Order – to quote it directly – “improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response (EDR) system and improved information sharing within the Federal government.” It also creates cybersecurity event log requirements for federal departments and agencies with the goal of detecting intrusions, mitigating those in progress, and assessing the damage after the fact.
Robust and consistent logging practices solve much of this problem. Agencies don’t necessarily need to channel Ms. Cleo, but the EO gives these groups a leg up on proactively identifying malicious actors and responding accordingly. Better safe than sorry.
The Biden Administration’s May 2021 Cybersecurity Executive Order establishes cybersecurity as a national priority and lays out new requirements for logging maturity and retention. Hopefully, this blog post helped you better understand the specifics.
Wondering how your agency will comply with the EO? Cribl LogStream can help. Join us for an exclusive session on Wednesday, December 15, where we’ll walk through how Stream can help federal agencies:
I hope to see you there!
In our next blog post, we’ll break down the follow-on guidance in the accompanying memo from the Office of Management and Budget (OMB), M-21-31.
The fastest way to get started with Cribl Stream is to sign-up at Cribl.Cloud. You can process up to 1 TB of throughput per day at no cost. Sign-up and start using Stream within a few minutes.
Rick Salsa Apr 17, 2024
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?