In the original post in this series, we discussed the benefits of adopting Workspaces within your Cribl Cloud organization to create isolated Cribl instances for your clients. This time around, we’re going to look at how Cribl Edge can smooth the edges of your security operations. Sorry, I had to say it. I’ll see myself out.
Cribl Edge can factor into MSSP/MDR operations by enabling better tools monitoring, hosting infrastructure monitoring, observability data collection for security use cases, and even helping with log exploration. Let’s dig in!
The boundaries of security are expanding, not only from an attack-surface perspective but from an observability standpoint as well. With this expanded attack surface, more tools are necessary to defend against attacks, and those tools need to be observed to ensure they’re able to do their respective jobs. Cribl Edge can collect and send telemetry to your monitoring or observability platform of choice to help identify where problems might be occurring. After all, if your security tools are not performing at their best, your security posture may take a hit. When your security posture is effectively your client’s security posture, getting it right matters.
As an MSSP, you may be hosting enterprise software for both customers and yourself. You are likely hosting these applications across multiple OSs and cloud provider platforms. Monitoring all of this infrastructure is part of your security operations and allows you to keep your commitments to your clients. Cribl Edge offers the ability to easily deploy thousands of nodes across multiple platforms with simple management and upkeep. With Cribl Edge, this monitoring data can be easily routed to data analysis and visualization tools to help your teams keep an eye on things.
Next, let’s consider another use for all of this observability data: security. After all, isn’t observability data part of the security equation? Anomalous performance trends can be a leading indicator of an attack. Being able to easily grab this data and integrate it into your security operations is what Cribl Edge can deliver. The fact that Cribl Edge can collect this data once and route it to multiple destinations—such as your security platform and your observability tools simultaneously—also helps reduce tool sprawl and administrative overhead.
I know what some of you are thinking: “Enough, we’re overloaded with data.” We at Cribl hear you, and in response, we present the Cribl Edge Disk Spool destination. With the disk spool destination, you can save recent events to disk, at the edge, and those events are searchable with Cribl Search. If you’d like to have some troubleshooting data, or maybe just some recent metric data to quickly search for context during an investigation, now you can have that data at your disposal—while keeping it at the edge until you need it. This helps keep your analysis platform and storage overhead in check.
When working with clients, it can be cumbersome to help them identify and find the logs on their systems that you require to power your service. Cribl Edge, with its teleporting feature, can help by interrogating logs, metrics, and application data at their egress points. In the Explore section of Cribl Edge, you will be able to see what processes are running on the node, all the containers running on that node and their metrics, what files are actively being written to by applications running on the node, and a healthy serving of system state data. Finding and going through this data before sending it to its destination saves time and reduces the need to pivot between tools to check your work constantly.
If you want to get your hands dirty with Cribl Edge, check out the Introducing Cribl Edge Sandbox. If you’re ready to dive deeper, explore the Cribl Certified Edge Admin certification along with all Cribl certifications at Cribl University.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.