August 5, 2022
The best part of my job is talking with prospects and customers about their logging and data practices. I love to talk about everything they are currently doing and hope to accomplish so I can get a sense of overall goals and understand current pain points. It’s vital to come up with solutions that provide broad value across the enterprise and not just a narrow tactical win with limited impact. In that spirit, I spent a good bit of time meeting with prospects and customers on the west coast in the past few weeks. A few themes were very clear:
The consistent theme I heard over and over again was the need for choice and control over data and tools. Teams are tired of vendors getting in the way, and Cribl enables them to achieve their goals. This reality is such a change from a few years ago. The pattern used to be to put all your data in one tool and use it for all your analytics, operations, and security. This approach has some value since everyone has a common skillset and access to the same data, but this approach can be incredibly expensive to build and maintain plus, you are limited to the capabilities the tool offers and cannot quickly expand outwards to use new tools to meet new requirements. Let’s be honest, this is more about vendor lock-in than anything else.
Teams have had enough and are looking for options. One customer is currently implementing Cribl Stream so they can safely move to a new SIEM. The new SIEM comes with a data lake product, but I was very interested to see how the customer was also sending a copy of all data to its cloud storage. This serves two purposes, they can maintain retention requirements in cloud object storage which is 5x cheaper than maintaining retention in its new SIEM, and the CISO was very clear they want to have the capability to use this data in other tools on demand. They want advanced analytics/ML options using a platform like Snowflake or an ad hoc threat hunt in the cloud. They know they can use the Cribl Stream Replay feature to pull data from their data lake and then send that data almost anywhere. It was a decisive moment to see up close. The team understood once the data goes into their vendor’s cloud, they lose choice and control, and now the team got it back by running their own data lake.
Cost control was a big topic as well as we spoke with VPs and CISOs. They know what is coming and want to be ready. The customer using their own object storage to lower retention costs by 5x was a good example. They were excited to both save a lot of money and open up new capabilities. As with so much about Cribl tools, you can optimize your spending and get more options/capabilities. You don’t often get value in so many ways. During a meeting with a prospect, we spent a lot of time reviewing how they could use Cribl’s suite of products to collect and optimize data to get the most value possible while controlling growth. The prospect shared they were seeing 40% growth year over year and could not sustain this level of growth. After a data review, we determined we could lower growth to 15% year over year, which helped the prospect slow down budget growth and have the ability to forecast critical spending. It is not that companies have to stop all spending, but they have to show value. They cannot consume data into their tools that have no value, they have to control growth and be able to forecast spending over time. Unbudgeted spending will not be tolerated. The prospect was so excited to see a clear path to optimize spending and get better results from their data.
Finally, staffing was the subject of every meeting. No one has enough engineering time to get work done, much less tackle new projects. We spent time talking about how teams spend time and where Cribl tools could save time by simplifying workflows, automating everyday tasks, and providing tools to tackle the future. Easier workflows are a big deal. It is very common to use open source tools like rsyslog and Kafka to get data to analytics systems. Cribl tools streamline this standard workflow to be one framework with one UX with global monitoring. One common savings is Cribl Stream enables the whole team to manage syslog data when before it was the one engineer that really knew rsyslog or syslog-ng. Cribl Stream’s easy-to-use UX helps users learn everyday tasks quickly and scale the whole team to get work done faster. Finally, Stream gives team options for quickly addressing new needs such as migrating to a new SIEM, consuming logging from a new cloud, or enabling your team to use SnowFlake to detect fraud. With Cribl, you get fast solutions to time-consuming issues that solve business challenges.
It was great to spend time with so many impressive teams. We met engineers and architects who know their challenges and are ready to innovate with Cribl tools. I look forward to working with the teams to help solve real-world issues, and free up time to help innovate their security and observability practices. I cannot wait to see the new ideas they are going to share with the Cribl community.
Ready to get started for yourself? Try Cribl’s free, hosted Stream Sandbox. I’d love to hear your feedback; after you run through the sandbox, connect with me on LinkedIn, or join our community Slack and let’s talk about your experience!