Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›In this live stream, CDW’s Brenden Morgenthaler and I discuss a foundational issue with many security programs — having the right data to detect issues and make fast decisions. Data drives every facet of security, so bad or incomplete data weakens your overall program. Watch the video or continue reading below to learn about these issues and the strategies we use to solve security’s data problem.
As the amount of data, tools, systems, and clouds continue to increase, the threat to enterprises’ security posture has risen as well. It simply doesn’t matter what kind of SIEM you have anymore — even if it’s as good as Splunk or its alternatives. If you don’t have the right data, you’ll run into problems.
Budgets can no longer keep up with the amount of data that needs to be processed, so organizations are forced to get by without collecting and analyzing everything they should. As a result, security teams are forced to turn off data sources that could provide them valuable insights into credible threats.
One client that Brenden and the team at CDW worked with got a firsthand look at the effects this has during a pen test they performed. They tested some common detections and were surprised to find that their red team engineer was able to completely compromise the domain and gain full control — simply because they had turned off all audit events on Kerberos.
Situations like this are much too common and are just the tip of the iceberg —which is why it’s so critical to have visibility into all areas of your network. You also need someone who knows all the different attack vectors so they can help you set up your infrastructure to avoid them.
Data sources like Powershell, Sysmon, and Windows DNS debug logs are generally more difficult to work with. In the past, you’d have to rely on the heavy forwarder on the Splunk side or a ton of manual fine-tuning of things on the source side to handle the flood of data coming in from all these different systems and formats.
This is where a tool like Cribl Stream can help — you can turn on a data source, send it to Stream, and then route to null by default. Then you can pull out specific streams and send them to your other tools as necessary. Other data won’t need to be processed but will need to be kept for regulatory compliance issues, so you can keep it offline in raw, unmodified form in a data lake or send it to an object storage like an S3 bucket for as long as you need. Then if you need to recall it to investigate a data breach, you can use the replay feature in Stream to ingest it back through to whatever source you want without having to use your license or processing power.
You can also use Cribl Stream to take advantage of EDR data. We see a lot of companies make enormous investments in EDR tools that also produce very accurate data, especially around assets — but then they don’t take that data and put it into their SIEM because it’s just too expensive. With Stream, you can take the majority of that EDR data and route it to a data lake, and then get value from the other 10-15% by routing it to your SIEM in the exact format you need it.
To get the most value out of your data for security, you need to know what regulatory compliance you have to meet — what type of logs do you have to retain, and for how long? It also helps to have a good understanding of all the tools you have, what systems are in place, and what the limits are on your ingestion licenses.
From there, securing your perimeter is the best place to start. You want your authentication sources, MFA sources, and VPN set up first, and then you can start bringing in all your security tools. The Mitre Attack framework is incredibly helpful to figure out what vertical you’re in and see the common threat actors or attacks right you might encounter so you can decide which sources and services you’ll need visibility from.
Having had a long career in IT, I became used to constraints and compromise — which is why I was caught off guard when I first saw Cribl Stream back before I joined the company. Not having to make concessions on which data to pull in, where I could send it, what format it was in, or what my vendor would support was unexpected, to say the least. This choice and control is giving security teams the ability to have faster detections and even better responses to cyber threats.
Be sure to watch the full conversation between Brenden and I, and connect with us in our Cribl Slack community if you have any questions or want to continue the discussion!
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?