When CrowdStrike Inc. launched its Falcon Fund investment vehicle in 2021, one of the first companies it chose to support was Cribl Inc. Three years later, that investment is making an impact in a number of ways.

Aside from the most recent collaboration between the two firms to leverage Cribl’s data streaming expertise, the companies have been focused on giving customers full control over their data at a time when IT and security teams need to make better decisions.

“At the heart of it, Cribl is an integrations company,” said Abby Strong (pictured, left), senior vice president of customer experience and marketing at Cribl. “Where is all the data and how do we get it to all the various destinations? We were formed to help customers overcome this problem.”

Strong spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. She was joined by Daniel Bernard (right), chief business officer of CrowdStrike, and they discussed the evolving partnership between the two companies and how the security market is being transformed by data. (* Disclosure below.)

Demand for Cribl

CrowdStrike invested in Cribl after it noticed a distinct trend in how customers were moving data to support security information and event management products.

“Some of the best partnerships actually start organically,” Bernard said. “Seventy percent of the data that we’d see in legacy SIEM products was coming from CrowdStrike. How was it getting to these SIEM products? It was going via Cribl. It was really easy for us to listen to our customers and see this demand for the Cribl technology.”

Bernard and Strong are both experienced contributors in the technology industry. Bernard holds a patent in an online content management service and Strong started her career as a network security engineer for XO Communications.

The two executives now have plenty of opportunities to apply their tech knowledge as they tackle the challenge of observability data in complex security and IT operations for the customers of their respective companies. A key part of that solution has been to create CrowdStream, an easy-to-use functionality to facilitate the movement of data to Falcon LogScale, CrowdStrike’s observability and log management solution.

“We have a very easy and intuitive interface with a thousand integrations for all the different source types that they might have,” Strong said. “Which sources am I interested in moving to the Falcon LogScale platform? Just drag and drop and say: ‘Send it to LogScale now.’ We’ll automatically process it, parse it, forward it and then format it in the right way so we can land it there.”

Moving to XDR

A key element in the partnership’s success will rely on customer interest in moving beyond Endpoint Detection and Response. CrowdStrike defines this new journey as a movement to XDR.

“Enterprises are sitting there and saying: ‘Wait we want to do it beyond the endpoint, we want this protection layer, this visibility layer across everything,’” Bernard said. “That’s where the X comes in, Extended Detection and Response. If you’re trying to move to XDR, it really becomes more of a data-based, a data-defined problem. How do you get visibility over the data? How do you bring it to one place? We are the one place.”

Being the one place for observability data involves cultivation of a series of strategic partnerships, such as the one launched last month. In addition to the streaming arrangement with Cribl, CrowdStrike has announced expanded collaborations with Google LLC, Dell Technologies Inc. and the Kroll LLC consulting firm in recent months.

“What’s nice about XDR is it’s a team sport, we can’t do it alone,” Bernard noted. “It’s not just about the attack surfaces that we protect at CrowdStrike. It’s also about integrating with other third-party products. When we all work together, our customers get a better cybersecurity outcome.”

Event-driven urgency

Observability matters because data can unlock insight for a business at the most critical time. Strong noted that even something as common as the purchase of a plane ticket can involve many different actions behind the curtain, especially if something goes wrong.

“That looks like one transaction, but behind the scenes there’s hundreds of things that folks are watching,” she said. “How fast did that website respond? Did my services actually work? Observability is about saying that data may have near zero value until it is the most valuable data because something happened, and you have to be able to get to it.”

Accessibility and observability are likely to become even more important because of one simple fact. Data is growing exponentially, and organizations will be challenged to manage it as time moves on.

“Data is growing at a 25% CAGR,” Strong said. “That means in five years you’re going to have 250% more data than you have today. We’re all about choice. Customers should choose where they want their data to go.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

Check out these highlights in Strong and Bernard’s segment:

1:05 – Bernard and Strong announce CrowdStream collaboration.

3:27 – Strong describes how the new service will work for customers.

4:22 – Bernard explains why XDR is a significant opportunity in cybersecurity.

6:38 – Bernard describes an evolution in the SIEM market.

9:50 – Strong outlines why data access and observability are more important now than ever.

(* Disclosure: Cribl Inc. sponsored this segment of theCUBE. Neither Cribl nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE