x

Case Study

Creating a Common Operating Picture and Speeding Up Outage Restoration Efforts at a Leading Utility Provider With Cribl Stream

star-round-framed
Highlights

“FROM A DATA PIPELINE PERSPECTIVE, WE'RE VERY HAPPY THAT WE DON'T HAVE TO PAY AS MUCH MONEY TO DOWNSTREAM PARTNERS.”

DIRECTOR OF ENTERPRISE SECURITY

“THE FIRST PHASE WHERE WE DEPLOYED THE CRIBL SOLUTION WAS INCREDIBLY SUCCESSFUL. WE HIT EVERY MILESTONE WE SAID WE WOULD.”

DIRECTOR OF ENTERPRISE SECURITY

“WE CAN BUY COMMODITIZED TECHNOLOGY AND HAVE TRANSACTIONAL RELATIONSHIPS WITH ANYBODY. WITH CRIBL, WE FOUND A PARTNER TO HELP CREATE A PROGRAMMATIC APPROACH TO HOW WE DO MONITORING AND SOLVE HARD PROBLEMS“

DIRECTOR OF ENTERPRISE SECURITY

Share:

This energy utility company directly serves nearly one million customers, using a variety of fuel sources to generate and deliver power to the residents of their community. They rely on high-quality data and effective monitoring solutions to make business decisions and quickly restore power during outages.

When their Director of Enterprise Security took over the monitoring, network, and telecom groups, he noticed significant reliability and visibility issues within their architecture. To address this, he initiated a complete redesign of their monitoring program, starting with physical adjustments to their office and a reorganization of leadership.

The company then transitioned to an audit of its legacy tools and the implementation of Cribl Stream as its data pipeline.

“It’s financially untenable to use some of the bigger monitoring solutions because they essentially charge per event — but we still need to collect all of our important data. From a pipeline, capability, and architecture perspective, Cribl Stream was the only tool that met every one of our use cases.”

A Common Operating Picture for Streamlined Operations

The goal of this monitoring transformation project was to create a common operating picture (COP) between all parties across the business, changing the way that the organization operates. The team follows the model set forth in the Department of Energy’s Cybersecurity Capability Maturity Model (C2M2) to drive situational awareness.

“Instead of being a bunch of IT people wearing hoodies, typing away on our keyboards, and operating in silos — we're using Cribl Stream to provide data that allows everyone to understand what's happening in our environment, and use it to make decisions.“

Now that everyone has easy access to the data they need, this utility company can use it to drive business decisions for things like restoration activities. When their monitoring indicates that power and/or communications are down at one or more locations, that information can be quickly communicated to the appropriate teams. Activity can begin promptly and at the right locations, this is especially valuable in times when extreme weather may be affecting their service territory and customers.

“We don't look at a Cribl Stream as a tool — it’s a platform that enables our growth. All the blinking lights and dashboards in data centers are worthless without being able to see what we need to see and operationalize processes. It’s completely changed how we communicate and operate.”

Easy Integration of Disparate Data Sources
One of the requirements for the project was the ability to easily integrate any new tools and data sources. Cribl Stream delivers on that requirement. The team’s monitoring architecture now includes more than 50 disparate data sources — ranging from commoditized, broad solutions to very specific data sources used for utility-based operations. They expect to have 80 different data streams connected to their data pipeline by the end of the year, including ones that were previously too difficult to integrate.

“Ten years ago, we would have to go write collectors or parsers to make integrations between data sources. Getting telemetry from a Linux box to your main monitoring system shouldn't be hard — but it is. Having the integration piece done by Cribl Stream has been invaluable.”

In the past, integrating all of these sources would have required an investment in additional engineering resources. The utility’s enablement team was able to spend minimal time focused on creating integrations, and more time making sure that the system kept functioning as necessary. With Cribl as part of the data platform, the project was completed faster than expected.

“It's pretty rare to set this type of goal and then to actually hit every milestone. Two-week deployments become risky when they aren't finished six months later. We executed everything exactly as we needed to, and Cribl was a big part of that.”

Higher Quality Data to Feed AIOps Tools
The new, fully-integrated pipeline feeds cleaned-up data from all their sources to the organization’s downstream AI Ops engine. Over time, the predictive AI will help teams within the company to improve coordination on restoration projects.

“A monitoring center is often only as good as an on-site analyst. With Cribl Stream’s automations, we don’t have to constantly rely on one superstar. All of our analysts are equipped to follow documented procedures, and we don’t miss a beat. We're not dependent on one person, so it's easier to plug and play resources giving the team more opportunity for learning and growth.”

There is a lot of skill required to operate a monitoring center — by making the job less difficult, the electric utility can expand the profiles for recruiting. The team’s playbooks and well-documented processes, as well as Cribl’s free education helps to nurture less experienced talent to get them productive quickly. They don’t have to worry about finding a unicorn that knows everything about the industry, the technology, and security.

Sending Logs to Data Lake for Retention Savings
This utility is also taking advantage of one of Cribl Stream’s biggest value-adds — forking historical data off to cheaper storage instead of eating up license space in a SIEM or AIOps tool. Security events can be much more thoroughly investigated now that they can look back at more than 2 weeks or 90 days’ worth of events.

“If a big event occurs, we know we’ve got a longer tail of data that we can go back and investigate further. That peace of mind Cribl gives us has been really helpful to have.”

Faster Outage Response Times via Event Enrichment
This utility also uses Cribl Stream’s enrichment capabilities to add standard information like asset names and IDs to events. They include tags for physical locations, circuits, types of communication paths, and other data that gives a fuller picture of a given incident to resolve issues and restore systems faster.

“We’ve got lots of great telemetry and visibility from enriching our data with Cribl Stream. Our custom tags help us determine if particular circuits or communication pathways are affected, and who can address these issues the fastest.”

Information that the security team thinks is interesting today may be radically different than in the future, so they’re also happy to have the flexibility to adjust these events if necessary.

The organization’s biggest challenge today is making sure to squeeze all the juice out of its new infrastructure. They’re working on new integrations with their physical security stack, finding new ways to filter data to avoid downstream license spend, and working with the support team at Cribl to find other ways to improve their common operating picture.

TL;DR

About Cribl

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s vendor-agnostic solutions to analyze, collect, process, and route all IT and security data from any source or in any destination, delivering the choice, control, and flexibility required to adapt to their ever-changing needs. Cribl’s product suite, which is used by Fortune 1000 companies globally, is purpose-built for IT and Security, including Cribl Stream, the industry’s leading observability pipeline, Cribl Edge, an intelligent vendor-neutral agent, and Cribl Search, the industry’s first search-in-place solution. Founded in 2018, Cribl is a remote-first workforce with an office in San Francisco, CA.

Learn more: cribl.io
Try now: Cribl Sandboxes
Join us: Slack community
Follow us: LinkedIn and Twitter

Pixel Mask