x

Empowering Security Teams: The Importance of Data Control and Freedom of Choice

Written by Ed Bailey

May 2, 2023

Enterprises are getting increasingly tired of feeling locked into vendors, and rightfully so. As soon as you put your observability data into a SaaS vendors’ storage, it’s now their data, and it’s difficult to get it out or reuse it for other purposes. As a result, strategic independence is becoming increasingly important as organizations decide what data management tools they’re going to invest time and resources into.

The amount of time it would take individual teams to build and support their own tools is way beyond the engineering effort to justify it, which is why we’re taking on that challenge — Cribl Stream, Cribl Search, and Cribl Edge are giving organizations the flexibility they need and allowing them to get more capability from their existing infrastructure.

Decouple Your Data Lake, Analytics, and Retention From Your SIEM

A lot of our early adopters are beginning to take advantage of more sophisticated use cases, particularly from a security lens. One of the biggest things they can accomplish is decoupling their data lake, analytics, and retention from their SIEM platform.

These days, SIEM platforms are typically cloud-based and extraordinarily expensive — so it doesn’t make a lot of sense for incident response or threat hunting teams to do deep analytic searches in them. If you have an unlimited budget and don’t mind accelerating storage and CPU costs, then it’s a great strategy. Otherwise, it’s probably better to send the data you need for detection into your SIEM and split the rest into your own cloud object storage.

Build and Control Your Own Data Lake

Why give vendors complete control over your data when you can have your own data lake with unlimited possibilities? With one of our clients, we were able to replace a vendor’s archive storage with the customer’s own AWS storage, giving them an immediate 10x return on investment. Now that they have their own data lake, they have full control over it — they can use Cribl Search to query their data or use Stream to pull data out and put it somewhere else.

The flexibility and cost savings here are enormous — a lot of our customers will take a snapshot of their data and put it into Snowflake or into Databrick. They also can send it off for a cyber fraud use case or to a third-party IR company for analysis.

Consumption Pricing to Help Forecast Costs

We invested a lot of time in making sure customers have dashboards to track spending because things can be very frustrating otherwise. Some license models exist specifically to make it difficult to forecast your costs and boost vendor revenue. That type of structure was a nightmare for me as a consumer and something I’m happy to say we avoid altogether at Cribl. Click here to learn more about our pricing.

We’ve always operated from first principles — ease of use, rapid adoption, and fast time to value — which are important to us because our customers come first, and it’s our job to make their jobs easier. In part 2 of this post, we will discuss how we’ve implemented these principles and how they allow our customers to thoughtfully build out their security stack and navigate migrations with minimal risk.

The fastest way to get started with Cribl Stream, Edge, and Search is to try the Free Cloud Sandboxes.

Questions about our technology? We’d love to chat with you.