Case Study

Accenture Federal Services Delivers Reliability, Speed, and Flexibility to Federal Agencies with Cribl Stream




The team at Accenture Federal Services (AFS) are working on a large scale data project at a major federal agency, and they’re using Cribl Stream to help them deliver the high standard of reliability, speed, and flexibility required by their client to power fast, accurate decision making, reducing Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR).

Gared Seats is a Security Engineer at AFS, with a specialization in Splunk. His deep expertise in Splunk data ingestion is especially crucial to the team’s project. Getting the correct data into Splunk quickly means their client can identify and solve issues of potentially national importance more quickly as well.

A High Standard of Reliability

As part of the project, the primary federal client is aggregating data feeds from several other agencies across 90 separate sites, including Bro/Zeek, Palo Alto Networks, and InfoBlox traffic as well as a variety of types of custom sensor data. Current traffic levels are at around 5TB a day, and are expected to increase significantly during the project implementation. The team at AFS are using Stream to ensure the quality of the data coming in is clean and formatted as required for the client’s use. Stream’s internal metrics mean they can confirm the fidelity of that data with visibility into the integrity of the content being acquired and processed.

“Our clients require a guarantee of accuracy. We capitalize on Stream’s ability to get the right data in and formatted properly, and have confidence that things aren’t getting dropped at ingest.”

A High Standard of Speed

When it’s literally a matter of national security, rapid identification and resolution of issues is of critical importance. Analysts at many federal agencies use Splunk to dig into and clarify potential anomalies, and AFS brings Stream into the mix to ensure those analysts get the best performance possible.

“Analysts were building many searches just to build lookup tables; we had hundreds of searches scheduled just to build out IP lookups. Using Stream makes Splunk more efficient by letting you save your search resources for faster searching instead of having to build metrics to search.”

With Stream inline, analysts at the agency will be alerted instantly on notable events and be able to respond just as quickly, because their data will be rapidly enriched with notability indicator intelligence, threat actor, classification level, and other supporting data before it’s indexed by Splunk, accelerating time to investigate, understand and resolve.

"There are so many ways to improve the quality of the data coming in: renaming fields, adding fields that are more useful, making fields SIEM-compliant, cleaning out unneeded content, fixing timestamps--you can do it all at the Stream layer, making Splunk more efficient, more affordable and the resulting data more actionable!”

A High Standard of Flexibility
Anyone who has had to bring in data from multiple disparate external systems and make it play nice together knows the challenges of ensuring the resultant events are standardized and can be correlated easily. With Stream, the AFS team can flexibly accept the data and bend it to their client’s will on the fly without wasting time trying to convince other parties to cooperate. Instead, they can redirect their energy toward making their customer successful.

“I can definitely get 100% more done with Stream in the mix. No more having to go to individual systems to figure something out; no more having to talk to vendors to get them to fix their timestamps — we can do it ourselves in Stream. It’s also easy because we run all of our Cribl deployment in our AWS GovCloud environment.”

Get what they have, and get control over your data
Ultimately, what makes the difference in a high-volume, high-stakes environment is control over the outcome. With Stream in their toolset, the folks at Accenture Federal Services are delivering just that to their clients.

“I don’t have to worry how people send me data. Stream gives me so much control I don’t need to care about how it comes in. I can just say: “When I get done with this data, it will look like this, it will go into the right index, and the analysts will have what they need to make good decisions, fast.”

Learn how your organization can utilize the Data Engine for IT and Security to route, restructure, and enrich data in flight while cutting costs and simplifying operations. Get Cribl, and take control of your data.

About Cribl

Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables tech professionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.

Pixel Mask

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?