Cribl

How Sika AG Transformed Log Management and Cut Costs with Cribl Edge

Highlights

  • Consolidated log processing infrastructure by 50%

  • Deployed Cribl Edge across tens of thousands of endpoints in days using an application deployment and management solution

  • Gained centralized agent management with fleet-wide controls for consistent configuration and policy enforcement

  • Reduced data ingestion volume by 50% through pre-filtering at the edge

  • Accelerated onboarding of new data sources from 2 days to a few hours

  • Integrated cleanly into existing pipelines, including XDR and S3

Read case study

As Sika AG, a worldwide leading specialty chemicals company, expanded its global cybersecurity operations, it needed a flexible, efficient way to manage the growing volume and variety of security data from its business units. With over 100 production sites worldwide and a rapidly evolving threat landscape, the team needed a solution that could normalize and route data at scale without disrupting existing tools or workflows. Enter Cribl.

Managing a sprawling log environment

Before Cribl, Sika AG relied on an open-source log processing stack to collect and process logs. The system was powerful, but had high infrastructure demands. Just running the processing service demanded large servers, each packing 16 CPU cores. As log volume increased, so did the complexity and costs.

The real challenge wasn’t just technical; it was operational. The company’s security team had to manage a sprawling log environment as a side responsibility. Onboarding new data feeds was a time-consuming process, requiring editing text configurations and reloading services. Any formatting inconsistency could cause system problems and troubleshooting could take quite long.

The turning point came as the existing setup increasingly reached its limits – with growing effort required for configuration and troubleshooting, alongside recurring challenges in data ingestion and stability. Introduced by a trusted security partner, Sika turned to Cribl Stream.

“Managing the previous log processing solution required significant time and effort, and occasional SaaS service interruptions added to the challenge. We needed something lighter, faster, and easier to manage.”

Vladimiras Popovas,
Senior Cyber Security Engineer at Sika Information Systems AG

The contrast between Cribl Stream and Sika’s existing tools stood out at once. Where their previous log processing solution required the manual editing of configuration files and restarting services, Cribl offered a visual interface, with centralized controls and a more intuitive workflow. It was a major shift, but one that made immediate sense. With Cribl, the team can now bring new data sources online in just a few hours.

“Cribl felt modern. You’re not editing text files, you’re building pipelines with a UI that actually makes sense.”

Vladimiras Popovas,
Senior Cyber Security Engineer at Sika Information Systems AG

Infrastructure consolidation and cost reduction

Once deployed, Cribl Stream had a significant positive impact on Sika’s architecture. The team was able to reduce its infrastructure footprint by 50% while at the same time processing even more data than before.

Next, the Sika AG team deployed Cribl Edge. By collecting telemetry closer to the source, Sika could filter out non-essential data before it ever left the device. That change alone halved their ingestion volume, and with it, their associated costs.

Today, Edge is deployed across tens of thousands of Windows workstations at Sika. It collects event logs, Active Directory data, and runs PowerShell scripts where needed without compromising performance.

“By filtering at the edge, we were able to significantly reduce ingestion costs. We now send only the data that truly matters and avoid paying for unnecessary volume.”

Vladimiras Popovas,
Senior Cyber Security Engineer at Sika Information Systems AG

Seamless global deployment

Deploying software at this scale is rarely simple, but Cribl Edge fit neatly into Sika’s existing software distribution ecosystem. Using an application deployment and management solution, the team packaged and rolled out Cribl Edge in a phased approach.

They started with a 400-device test group. After observing performance for two weeks, they expanded the rollout globally, completing the deployment in a matter of days.

Some initial friction, such as Fastboot-related conflicts on certain workstations, was quickly addressed in a Cribl update. The team noted the reliability and responsiveness of Cribl’s support throughout.

“Deploying Cribl Edge was straightforward. We first introduced it in one region, closely monitored performance, and after confirming smooth operation, extended the rollout seamlessly across our global environment.”

Vladimiras Popovas,
Senior Cyber Security Engineer at Sika Information Systems AG

Gaining control with centralized fleet management

Cribl Edge not only simplified deployment, it also elevated the operational efficiency of Sika’s data collection. Logically grouping Edge nodes with Cribl's fleet management enabled Sika to push updates, enforce policies, and maintain consistent configurations across tens of thousands of nodes.

The team uses Cribl’s fleet management capabilities to send specific event types to different destinations, including their extended detection and response (XDR) platform and Amazon S3 buckets. Pre-processing happens at the edge, ensuring only relevant telemetry is passed downstream. This reduces ingest volume and sharpens the quality of the data used in detection and investigation.

“Centralized management of Cribl Edge fleets is essential, as it ensures consistent control and oversight of configurations.”

Vladimiras Popovas,
Senior Cyber Security Engineer at Sika Information Systems AG

Built to perform

For Sika, the move to Cribl went far beyond simplifying log management – it enabled the creation of a resilient, scalable architecture that provides the team with greater control, clearer insights, and faster results. It’s a platform that delivers on its promises, integrates with existing tools, and adapts to the evolving needs of global-scale enterprises.

“Cribl can handle huge amounts of data with ease.”

Vladimiras Popovas,
Senior Cyber Security Engineer at Sika Information Systems AG

TL;DR

  • Sika AG replaced a complex log processing stack with Cribl, reducing server infrastructure by 50%

  • Cribl Edge deployed to tens of thousands of workstations using an application deployment and management solution

  • Ingestion volume reduced by 50% via edge-side filtering of irrelevant data

  • Data onboarding times dropped from two days to a matter of a few hours

  • Centralized fleet management with Cribl Edge gave efficient and consistent control across global endpoints

  • Integrated pre-processed telemetry directly into XDR and S3 for cleaner analytics

About Cribl

Cribl makes open observability a reality for today’s tech professionals. The Cribl product suite defies data gravity with radical levels of choice and control. Wherever the data comes from, wherever it needs to go, Cribl delivers the freedom and flexibility to make choices, not compromises. It’s enterprise software that doesn’t suck, enables tech professionals to do what they need to do, and gives them the ability to say “Yes.” With Cribl, companies have the power to control their data, get more out of existing investments, and shape the observability future. Founded in 2017, Cribl is a remote-first company with an office in San Francisco, CA. For more information, visit cribl.io or our LinkedIn, Twitter, or Slack community.

get started

Choose how to get started

See

Cribl

See demos by use case, by yourself or with one of our team.

Schedule a demo
Interactive Demo Center

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Try a Sandbox
Start a Cloud Trial

Free

Cribl

Process up to 1TB/day, no license required.

Cribl.Cloud account
Download