This resort and conference center is a premier, upscale resort destination, bringing in over $1B annually. Because they are also a casino, their cybersecurity team faces very strict regulatory reporting responsibilities and an enormous amount of data to manage. They’ve leveraged Cribl to dramatically reduce their SIEM spend, route regulatory data to appropriate destinations, and build a fully functional CSOC in 60 days.
When the resort changed ownership in 2022, its cybersecurity team moved away from their existing MSSP to re-imagine their security architecture, tooling and partners, the Executive Director of Cyber Security: Strategy, Architecture & Engineering, knew that Cribl Stream would be a critical element of the transition.
An Immediate Reduction in SIEM Spend
Inspired by an impending ownership transition, the Executive Director and his team resolved to shift their operational approach. They opted to move from a fully outsourced SOC model to a hybrid SOC, integrating an in-house tech stack with tier one MSSP support. To ensure the transition remained within budgetary constraints and presented a cost-effective solution, the team found it necessary to segregate high-value data intended for analysis and detection from the high-volume data needed for regulatory compliance. Recognizing Cribl’s pivotal role in achieving this objective, they determined that prospective vendors onboard with Cribl as a prerequisite.
To get started, they deployed Cribl Stream along with Packs from the Cribl Packs Dispensary to rapidly filter logs and normalize the data routing to their new Exabeam Fusion instance. Part of the Exabeam New-Scale SIEM™ product portfolio, Exabeam Fusion includes security log management, behavioral analytics, and automated threat detection, investigation, and response (TDIR).
Instead of just indiscriminately funneling syslog into their Exabeam Fusion, they worked directly with the Exabeam team, to send only the information needed to drive relevant detections. By normalizing and optimizing data across all of their sources, the resort’s team has saved money on data lake storage, while increasing the speed of reporting across the platform.
Ease of Compliance With Regulatory Bodies
Large reductions in data and improved performance are the norm for Cribl Stream users, but unexpected benefits are also very common. The Executive Director was pleasantly surprised when the opportunity presented itself to re-think solutions for complying with casino-related data regulation.
A Seamless Transition With Zero Loss of Cybersecurity Coverage
It took the Executive Director and his team 60 days from the time they kicked off implementation to stand up a fully functional SOC. Due to heavy industry regulations, they had to run simultaneous coverage during the transition from their old MSSP to the new MSSP.
Ultimately, the Executive Director mitigated the risk of data loss and maintained comprehensive coverage during the transition.
Saving on Costs and Engineering Time
Using Cribl Stream to migrate to a new hybrid MSSP model and the Exabeam product suite has created a snowball effect in terms of time and money saved. They were able to reduce their SIEM license, while limiting staff hours spent handling regulatory data, and focus those resources on taking on new initiatives to better service the business. The Executive Director believes that by providing new opportunities to his team–not keeping them mired in data onboarding and repetitive reporting–also helps to address the staff churn so often faced by security teams.
Top-Notch Support from Vendors
The resort’s new MSSP does a lot of QA and fidelity checks on the logs sent via Stream, so they’ve also learned a lot about Cribl along the way. The Executive Director describes the relationship between two of his most widely used partners:
Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables tech professionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit www.cribl.io or our LinkedIn, Twitter, or Slack community.