challenge
Cribl's security team found it difficult to track resources, collect information, and associate them with specific risks.
To support its rapid growth, Cribl developers were able to exploit resources as needed, but the team also had to ensure that unused resources were removed.
To work more efficiently, the company's small security team sought to consolidate multiple security use cases into a single solution while maintaining optimal outcomes for each use case.
solution
Cribl uses Wiz as a single pane of glass to view, manage, and prioritize processing across its cloud environments.
With this improved visibility, Cribl can identify unused resources, have more informed conversations with developers about what is being used, and prevent resource sprawl.
The Cribl team relies on Wiz CNAPP to manage multiple security use cases — from monitoring cloud misconfigurations and vulnerabilities to real-time threat detection — in one place.
Reduce your cloud footprint and costs
By removing unused resources
Days to minutes
Reducing the time required for identification and processing, and improving the overall security posture
Standardize the tool
In a single security solution, improving interoperability while reducing integration costs
Data security for discerning cloud security professionals
As an organization that provides products and services to IT and other cloud security teams, Cribl has to ensure that its cloud security infrastructure is top-notch. The company provides enterprise organizations with a data engine that collects, processes, routes and analyzes data to support the ever-changing data needs of IT and security teams. Founded in 2018, Cribl has grown its team from dozens to over 600 people. At the same time, securing its infrastructure has become more complex.
We cannot compromise on security, especially because we ask other security teams to trust us. We have an executive team that is security-first, and they understand that we need active monitoring, secure configurations, vulnerability scanning, and everything in between to serve ourselves and our customers.
Rory McEntee, Senior Director of Product Security, Cribl
The company's small security team relied on native security features from cloud providers to monitor their environment. However, they sought more scalability as they looked towards a more complex, multi-cloud future. “When we were a 30-person company, we were focused on rapid growth,” says Steve Litras, senior director of IT and security at Cribl. “But as we expanded, the focus began to shift toward solutions that could support our growth.”
As the enterprise cloud environment evolved, the team found that tracking resources, gathering information about them, and associating all that information with specific risks took hours of manual work. “I needed to see things that would take a long time to put together,” says Randy Reinhart, lead product security engineer at Cribl. “Without a way to get real-time data about what's happening in your cloud, especially as you're growing very quickly, you run the risk of missing something.”
In addition to monitoring and remediation, the team also set goals to reach more stringent compliance frameworks. “Every one of these frameworks — from NIST to ISO — requires you to know exactly what resources you have available, so we needed a solution that provides that visibility. With Wiz, everyone at Cribl is more aware of what they're doing in the cloud,” Reinhart adds. .
Provide real-time visibility across a rapidly expanding environment
After implementation, the Cribl team began building Wiz into the core of its cloud security strategy. The first step was to continue to understand the full cloud inventory. Using the security graph, the team can see the entire environment, pull asset inventories, scan for vulnerabilities in one place, and pull IP ranges for pen testers. “I expected that we would need multiple security tools because I only knew the limitations of other CSPM solutions,” says Rory McEntee, senior director of product security at Cribl. “But I was wrong. Right away, Wiz gave us a clear view of our environment and valuable metadata about the entire cloud.”
Asset review was a vital first step, but the team also wanted to automate aspects of the security workflow. “We've connected Wiz to JIRA because that's how we issue tickets to our engineers, and we've integrated Wiz with Slack to share updates directly with specific teams,” Reinhart says. “We also have a few larger channels that reach out to groups because the more interest there is in risk, the more It's even better. Likewise, the team uses Wiz Projects to create access-based tasks, so users can get the necessary information without sifting through redundant data.
Wiz enables us to enforce patch management because we have better visibility. We can find, understand and communicate risks, and then act on them, without having to spend valuable time collecting data. It helps me sleep at night knowing that our systems are automatically correcting.
Randy Rinehart, Principal Product Security Architect, Cribl
Cribl has also built specific configuration rules into Wiz, ensuring that alerts sent via these automated channels are mission-critical to the organization. Combining improved visibility with these automations enables the security team to easily track, discuss, and remove unused resources. “Previously, developers found it easier to kill a virtual machine than to address an issue in pre-production or a sandbox,” Reinhart says. This insight not only reduced the attack surface, but also helped reduce overall cloud costs. “Since we operate on an overhead cost base, it is easy to spin a resource, forget it exists, and end up paying for something we don't need. With Wiz, workloads are down by a few thousand as more forgotten and unused resources are deactivated.
With improved monitoring, the security team can provide developers with more freedom and flexibility to confidently build, test, and deploy new features quickly while maintaining security. “Our developers and engineers now feel empowered to build what they want, and we can still clearly see what resources are being built and where they are, so we can protect them,” McEntee adds. Going forward, the team works with specific teams writing Infrastructure as Code (IaC) that want to gain insights before deployment. Using Wiz Code Cribl helps you shift left by building security steps sooner and later into the development process.
Create a cohesive security environment by integrating security tools
The team continues to carefully evaluate each part of its security tools before making any choice. “We don't like having to adopt more tools, but we don't choose Wiz solutions just because of that bias. It's still a great fit,” says Reinhart. By having access to a wide range of security solutions in one place, Cribl has gradually found more And more ways to use Wiz across its cloud. Recently, it deployed the Wiz Runtime Sensor in its Kubernetes clusters for real-time detection and response. “It helps us detect real-time attacks,” says Reinhart anomalous events and return that information to Wiz, so we can process it.” Next, the team plans to deploy the Linux sensor, the value of which they have already seen in the preview.
It also leverages Wiz CDR and cloud-native forensics capabilities to investigate threat detections quickly and accurately. “A few months ago, we had an incident involving cryptocurrency miners in one of our sandboxes,” Reinhart says. “I had to do all the investigating manually to understand the situation. The next time we had a similar incident, we had Wiz Forensics, and we were able to send a snapshot to a new account in minutes.
With Wiz, our cloud security process is more unified; It is easier for others to step in to see, understand and treat everything. Now, when our lead product security engineer leaves, we miss him, but Cribl hasn't collapsed.
Steve Litras, Senior Director of IT and Security at Cribl
“With all of these tools working together, it's easier to see what's going on and identify and remediate problems because we know what we were dealing with very quickly,” says Litras. And integrating its security suite with Wiz makes reporting and sharing information easier than ever. “When we pose an issue to someone, if they understand what we're saying, they try to deal with it very quickly,” says Litras. “The security graph in Wiz helps us explain why it's important The problem for developers is information in one place.”
Partner with Wiz to expand security coverage
Cribl continues to work with Wiz's sales and support teams to implement new features as they are released, provide feedback on existing products, and even set up monthly calls to stay on top of launches. “It's hard to keep up with all the new features, but if something is released and we see the value, we'll turn it on right away,” Reinhart said. One example is Wiz Forensics, which helped Cribl reduce a lengthy manual investigation to minutes.
“With Wiz, we can give our customers confidence that we will secure their data which has reduced our sales cycle. We will continue to invest in it because we see the impact,” McEntee adds.
