01732 759725 36 OBSERVABILITY ...continued and they help us from an adoption and consumption standpoint, by making sure that we are selling to people that have real issues and that they actually utilise the software day to day. “I would like to see us at 80% to 90% channel as we go forward – even for channel leaders a little healthy tension is not a bad thing – and I want to make sure that as we build out a direct sales team they will be highly motivated and encouraged to use the channel in every aspect of the sales campaign to get true velocity and scale.” To this end, Cribl has hired Mathew Edwards to lead its EMEA push, which will include marketing and operations, as well as a sales engineering team, plus follow-the sun-support and ongoing product development, including a cloud version of Cribl Logstream (already launched in the US), in addition to the existing on-premises solution. www.cribl.io spend in the account to even get a PoC or a demo to the customer.” Bauer cites another example, that of an MSP deploying a new technology, like Exabeam. “Typically, a lot of time is spent putting in hardware or a cloud instance behind that to set it up. We can now go in and use their existing SIEM and re-route some of that data to the new platform. This reduces dollars being spent on hardware and reduces time to market for the MSP,” he said. Channel-first The channel is a key route to market for Cribl that Bauer says will be essential as it expands its business in EMEA, starting with the UK, Germany and the Nordics. “We are a channel-first organisation and have seen the value partners bring – they help us gain access to new accounts with problems we can address; they help us from a sales campaign standpoint; opportunities for channel partners, who benefit not only from a growing addressable market but also from the ability to add additional capabilities to their offering. “There are two big use cases we see with our partners, from a managed services perspective. One is to include Cribl Logstream in a package because it helps them optimise the licensing that they are selling for other products. For example, if they were already going to sell an analytics product like Splunk or Grafana or sumo logic, they can use us to optimise getting data into those tools. “The other one is a migration use case. If the partner is selling an additional tool into the account, maybe they were using an analytics tool and now want to add a separate SIEM tool like Exabeam or QRadar, they can use our solution in the middle to take all the data that was already going to one of those other analytics solutions and send it off to this SIEM, so it cuts down the amount of time they have to Cribl Senior Director of Market Strategy Nick Heudecker outlines three trends in observability Observability trends q Observability moves in-house There are dozens of products with complex machine learning models aiming to capitalise on observability data. Many assume they’re the only tool in the stack, which makes them hard to integrate with other tools or with adjacent business processes; and many use generic models that may not be applicable to specific problems faced by operations teams. As a result, operations teams will shift away from monolithic, generic automation solutions towards more home-grown implementations built to solve the most pressing security and operational challenges. Rather than focusing on a single tool and data silo, teams will build tools with a mix of technologies accessing data from across the enterprise. w Security teams drive observability maturity Much of the conversation around observability has targeted developers on the basis that they are also the operators of their code. This view is popular in Silicon Valley, but outside the Bay Area developers are expensive and having them spend time on operational tasks they’re not experts in is seen as a waste of time and effort. Instead of developers driving the observability discussion, cybersecurity teams will take the driver’s seat and lead transformation in their companies. Security teams are heavy users of monitoring already, deploying a range of tools to uncover known threats. These tools fall short in three ways. First, they take a one-size-fits-all approach to the data they ingest, ignoring different levels of data quality and value. Second, current pricing models make broad security monitoring cost-prohibitive – ingest-based pricing penalises users for every byte ingested, while workloadbased pricing penalises users for every search they run. These limitations hamper investigations and slow remediation. Finally, no tool or platform owns all the data, resulting in a fragmented data picture. An observability-based security architecture must weave all these fragments into a coherent picture. Observability helps security professionals uncover governance and compliance gaps; route data to multiple destinations for advanced analysis across a range of tools, e.g. routing the same data to Splunk ES to drive detection and case management and to Google Chronicle for threat hunting; conduct faster, more accurate post-mortems on security events; enrich data with additional context; and filter out low-value data. Security teams will demand more accessibility to observability data and better tools to manage it. e Adoption of cloud-based monitoring and observability decelerate There was a massive expansion of cloud-based monitoring and observability offerings in 2021, spurred by pandemic-driven digital transformation efforts. These frequently came with high costs and unpredictable performance. Most monitoring and observability workloads are surprisingly constant and consistent, with data processed growing at a more or less linear rate. This predictability makes them ideal for onprem processing. The cloud might seem the ideal place to house growing volumes of observability data, but volumes are such that cloud-based object storage can be expensive. Many companies are ingesting over 40TB of data each day; some scale up to 100TB or more. Add in required retention periods, data transfer costs and API calls and it’s easy to see how the cost of cloudbased observability data can run into millions of dollars per year. As costs climb, organisations will experience invoice shock and pump the brakes on cloud-based monitoring and observability migrations. Nick Heudecker
RkJQdWJsaXNoZXIy NDUxNDM=