Organizations leverage many different cybersecurity and observability tools for different departments. It’s common to see the IT department using Splunk Enterprise, while the SOC uses Exabeam. Both of these tools use separate agents, each feeding different data to their destinations. Normally this isn’t a problem unless you’re talking about domain controllers. Domain controllers only allow a single agent, meaning you can’t feed two platforms with data.
One year ago, we launched Cribl.Cloud as a cloud-hosted option for our industry-leading data pipeline product, Cribl Stream. Customers had a choice of either deploying on-premises with a subscription-based tiered license model or opting for our cloud service with a similar tiered billing model. Fast-forward one year, and Cribl is now a multi-product company with several unique observability products (Stream, Edge, AppScope, and soon Search) to offer our customers.
The Core Splunk platform is rightfully recognized as having sparked the log analytics revolution when viewed through the lenses of ingest, search speed, scale, and usability. Their original approach leveraged a MapReduce approach, and it still stores the ingested data on disk in a collection of flat files organized as “buckets.” These immutable buckets are not human-readable and largely consist of the original raw data, indexes (.tsidx files), and a bit of metadata.
Consumers expect their personal information to be safe in your hands as they use your apps, services, and stores. Even in-person retailers collect customer data for loyalty programs, shopping history, and more. In addition, regulators and auditors — and while we’re at it, let’s add investors, board members, and partners to the list of people who expect all customer data to be secure at all times.
In the last five years, Cribl has gone from 3 employees to more than 400 employees — it’s been an incredible, crazy, difficult, tiring, fucking awesome ride. It’s also been an emotional roller coaster with all the ups and downs, but despite all the challenges, things have been trending upwards.
Although we’ve encouraged employees to take plenty of time off this summer to relax, recharge, and enjoy time with family, Cribl certainly hasn’t been on a summer holiday as a company. After the big announcement in late May with Cribl Search and our Series D funding round, we moved right into the announcement of Cribl Stream 3.5, Cribl Edge 3.5, massive upgrades to Cribl.Cloud, and the launch of our Cribl Certified Observability Program.
CrowdStrike is a class-leading endpoint monitoring solution. It collects a wealth of activity data from each managed endpoint that can be fairly voluminous. This includes network connectivity, DNS request, process activity, health checks, and the list goes on. In fact, there are over 400 event types reported by CrowdStrike! These events are a gold mine for threat hunters and blue teams looking for unusual or malicious activity. It can be extremely costly to place all this data in a SIEM.
