Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Jackie McGuire is a Senior Market Strategy Manager at Cribl, focused on the security mark... Read Moreet. Prior to joining Cribl, Jackie was a Research Analyst with S&P Global, writing, speaking, and providing thought leadership on information security and Web3. Jackie has also worked as a data scientist in cybersecurity, developing behavior analysis and anomaly detection models, been co-founder, CEO, and CFO for several startups, and before her work in technology, was a licensed securities broker and SEC Registered Investment Advisor. Read Less
My introduction to the world of data science was writing anomaly detection for a SIEM that catered to banks and credit unions. Some of these places were running on 50-year-old IBM core banking servers — meaning that someone trying to turn off a light in a server room could take down an entire bank with a literal flip of the wrong switch.
While some companies take their time updating infrastructure, others still embody the move-fast-and-break-things philosophy of the early dot-com era giants. Spoiler alert — neither one of them is good for security. Outdated technology and innovation-at-all-costs have both led to the current chaotic state of data.
We’re seeing the effects of not having found a happy medium — breaches are on the rise across healthcare, technology, finance and pretty much every other industry. With the constant push and pull around this complex problem, a simple, one-size-fits-all solution is unlikely.
Part of the problem is that data is the smallest unit of measurement in security. Trying to resolve an issue so big at the cellular level is bound to be overwhelming. While improvements in DLP have begun to address the management side of the equation, we still haven’t scratched the surface of the data creation side.
A recent study shows that enterprises create over 64 zettabytes (ZB) of data, an amount that’s growing at a 28% CAGR. Most organizations are overly permissive with all of that data — in part so they don’t have to monitor access requirements, but also because data has to be convenient in order for people to be productive with it.
Once they get access to it, people don’t always understand the sensitivity of the information that they’re dealing with. We’ve gotten better with obvious things like dates of birth, SSNs, and other PII — but how many people outside of security know that access tokens shouldn’t be shared, or even know what a token is?
The kind of data that’s considered valuable has also changed. Social engineering attacks are on the rise, so hackers are likely to hack into Slack channels or photos stored in the cloud to find out your pet’s name or favorite brand of coffee. People are too often willing to exchange security for convenience without full knowledge of the trade-off they’re making.
Ideally, we could address the data problem at the point of creation — but this is easier said than done. It’s much more difficult and expensive to classify data up front than to add controls after the fact, but it might be worth it to give it a try.
If each byte of data represents an actual data point — a date, timestamp, or other value — then we could capture the unique value, make sure it’s created only once, and then allow customers of that value. This way, you can track the path each data point takes and who touches it on the way to its destination.
This would help not only with access controls but also for those times when people forget to ask before they park a bunch of data somewhere. The next time someone accidentally dumps 400 TB of data into a data lake, you’d know exactly what all of it is, who has the right to hold it, and for how long. As we pass more regulations around PII, enterprises could use this approach to avoid the fines that come from non-compliance.
This approach will save enterprises enormous amounts of money in the long run if we can figure it out. Think about it — how often the same piece of data is created, multiple times throughout an organization? Creating data once and distributing it from there saves quite a bit of storage space, computing power, and more.
So, can we do it? Absolutely. Are we willing to commit the time and resources to doing it? I guess we’ll have to wait and see.
As hot as AI and machine learning are right now, it’s still in many ways a solution in search of a problem — but this may be the perfect use case. AI can likely identify files and apply naming conventions much more quickly and reliably than humans.
New advancements are giving us the ability to create internal LLMs that can help categorize data specific to an enterprise, helping it learn and apply the training. We’re headed in the right direction, but if we’re being real — most enterprises don’t even require MFA, so we’re probably not going to jump right into intelligent data categorization and file naming right away.
The goal should be to establish best practices, so things gradually improve as companies set themselves up from scratch over the next couple of decades. But financial regulations are generally what causes things to change.
We would never have known about breaches like Clorox and Johnson Controls without the new SEC disclosure rule, and the same thing will happen with data categorization and identification. Cyber insurance is getting significantly more expensive because actuaries aren’t experts in data, and the way they value a company’s data and its potential loss hasn’t necessarily been accurate.
Once they catch up, how we value data as an asset and liability is going to change — and categorization/identification will be critical for that. A social security number is a lot more valuable than a port number, so there will be a clear distinction between insuring X zettabytes of random data versus the same amount of critical data.
The answer for starting to address tech debt is actually the same one I would give as a financial advisor for addressing your actual debt. First, you have to change how you do things right now and going forward. Then you have to start to go backwards and address the problems that you created.
We need to develop significantly better policies around data creation. Enterprises can use something like Google Drive to sync and categorize data on cloud endpoints. Once you have better policies in place for how you’re creating data, you can go back through the data that you’re storing and decide if you still need to be storing it. If you do, decide how many different copies exist. Do they all actually need to exist?
As big of a problem as this is, it’s only going to get worse. Until organizations have better visibility into what data is flowing where they’ll continue to be at increased risk for cyber attacks.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?