Siddartha Dadana’s Security Engineering team maintains platforms for security across all of FINRA’s enterprise, and is responsible for all aspects of managing the data generated by their apps and infrastructure – from network, application, metrics, and security. This is no mean feat – the flow into their analytics platform alone reaches 4TB a day. When they were asked to figure out a way to stream much of that data to multiple different locations to meet archiving requirements, Dadana recalled a demo he’d seen a few months back and began an evaluation of Cribl Stream.
All of the Grownup Features, None of the Growing Pains
Right away, they were off to the races, getting the right data flowing to the right destinations, in the right formats – within just hours rather than the weeks or months that would otherwise have been needed.
“One of the primary things was how easy it was to set up, install, deploy, to just do the basics right. We didn’t expect it to be this straightforward!”
Siddhartha Dadana
Director of Information Security Engineering
Once those basics were in place, Dadana’s team quickly moved on to the nice-to-haves. With Stream, they are enhancing VPC Flow logs as they arrive from AWS with dynamic, contextual lookups of IP address ownership. This erases the need to manually update Elastic Network Interface (ENI) mappings whenever something changes. This metadata gets added before the data is delivered for analysis – without increasing the cost or complexity of their environment.
“We probably would have had to spin up and maintain multiple tens of servers and compute processes to do this otherwise. Stream takes that load from my team.”
Siddhartha Dadana
Director of Information Security Engineering
Planning for a Smarter Machine
Now that Stream is delivering on what they needed, the team at FINRA is expanding their usage to drive greater innovation:
“When we first evaluated Stream, we were just trying to solve a single problem...but now we are starting to up the game in terms of what we can do.”
Siddhartha Dadana
Director of Information Security Engineering
The team is planning to leverage Stream’s real-time processing engine to identify and examine unusual behaviors inside and outside their network, using their own machine learning (ML) to model data traffic and define what’s “normal” based on the huge volumes of data they see.
Empowering Other Teams
Many teams at FINRA work with high volumes of data, and Dadana wants them all to have access to the analytics tools they want to use without the hassle that typically goes along with supporting an array of different formats and destination requirements. The solution? Stream makes it so easy to onboard new data that they’re moving toward a self-service environment.
“We plan to leverage Cribl to democratize data parsing by other groups in the org, so we can tell those teams, ‘Any data you want to send, anywhere to anywhere – we can set you up to achieve that goal.”
Siddhartha Dadana
Director of Information Security Engineering
Find out how your business can implement an observability pipeline to route, restructure, and enrich data in flight, while cutting costs and simplifying operations. Get Cribl, and take control of your data.
