How August Schell is helping customers leverage Cribl
Secure and Flexible Mission-Driven Operability:
August Schell Cribl Certified Engineers provide support across a variety of enterprises. Our experience and expertise enables us to provide unparalleled service to our customers. Using Cribl, our team makes open operability a reality for Public Sector agencies, giving them the freedom and flexibility to make choices instead of compromises.
Here are just some of the real world use cases August Schell is using Cribl to solve for customers.
Cribl Stream Use Case #1
Example Customer: State Government Customer
This customer is responsible for the entire IT infrastructure for the State Government. But the State is split up into several agencies and departments. Each agency has their own flavor of Firewalls, Servers, Laptops, and Applications, etc.
Use Case:
Localized Optimization, Aggregation, Enrichment and Compression of data sets before sending over the WAN/Network and/or into the Cloud.
Why this matters?
From a networking perspective, sometimes smaller agencies or business units are given smaller bandwidth capabilities. Being able to do all the Stream functions locally, and being able to send Compressed data over the wire alleviates the network pipe from being saturated.
Cribl Stream Use Case #2
Example Customer: Federal Government Customer
This Agency has several collection tools such Elasticsearch, Splunk, AWS Security Lake, Databricks, S3 Buckets, Azure Blob Storage, GCP Storage.
Use Case:
Customer is actively using multiple tools that require different formats. Cribl Stream has toggles to reformat its entire Pipeline to support Splunk’s Common Information Model (CIM), Elastic Common Schema (ECS), Databricks’ Parquet format, and AWS Security Lake’s Open Cybersecurity Schema Framework.
Why this matters?
Having multiple data streams sending various formats for vendor-specific value propositions can be frustrating. Being able to use an easy toggle button to determine which Data Schema you want to use allows you to control your data plane at ingress and egress. Helps prevent further vendor lock.
Cribl Stream Use Case #3
Example Customer: Federal Government Customer
This Agency has many security boundaries including unclassified and classified networks. This could also include several other smaller non-connected networks. The idea of “swivel chairing” between networks takes time away from a User’s ability to react to alerts and events with haste.
Use Case:
Aggregation of data such as Threat Intelligence data like Recorded Future, Virus Total, or GreyNoise etc. Your enrichment subscriptions paired with Cribl Stream allows the collected data to be packaged and sent to higher sensitive or classified networks for further “enhanced” analysis.
Why this matters?
Using Cribl Stream’s engine to collect and transform your Threat Intelligence to enrich. Once pre-enriched data is received on the higher sensitive or classified environment, additional techniques can be applied to the collection.
Cribl Search
Example Customer: Non-Federal Government Customer
Agency has several collection tools such Elasticsearch, Splunk, AWS Security Lake, Databricks, S3 Buckets, Azure Blob Storage, GCP Storage.
Use Case:
Cribl Search uses a common query language to search the various data repositories while the data is at-rest. It pulls the relevant data back and presents it in the Cribl interface.
Why this matters?
This allows you to search multiple tools using a Federated Approach and not worry about which Vendor is in the chain. No ingestion of data, no storage requirements. Query the data where it resides. Means very little egress costs, if any.
Cribl Edge Use Case #1
Example Customer: Federal Government Customer
Agency has several agent-based logging tools deployed in the environment such as ElasticSearch, Splunk, ArcSight, FluentD, Syslog Servers
Use Case:
Cribl Edge uses a single agent ship logs to their chosen destination, while having the full Cribl Stream arsenal at its disposal. Meaning there’s a bit of pre-processing and optimization done on the Server locally before it leaves and traverses the network.
Why this matters?
Adding 1 agent instead of 3 agents helps to reduce the footprint while also remaining vendor-neutral. Also having the ability to pre-process data before it leaves the host.
Cribl Edge Use Case #2
Example Customer: Federal Government Customer
Agency has 100’s of Kubernetes Pods/Clusters and is struggling with scaling.
Use Case:
Centralized Config Management practices for all containers in the environment.
Why this matters?
Ease of management and useability while continuing to scale out will only help the environment as it grows. Edge also provides the ability and backing from Cribl Stream at the same time for processing and routing compliance standards.