Cribl Inc. is redefining how organizations manage and utilize machine-generated data by transforming Amazon S3 from a traditional archival tool into an operational powerhouse.

The company leverages Amazon S3 for efficiently storing operational data in the current artificial intelligence age, thanks to its robust features and cost-effectiveness, according to Myke Lyons (pictured), chief information security officer of Cribl. 

“First and foremost, many of our partners are customers of AWS and customers of Cribl,” he said. “One of the major things that they are using on their back end is those S3 technologies. It’s a really great place to put data that used to just be for archival purposes, but now it’s becoming much more operational. Cribl allows you to put data, mostly machine-generated data, into these S3 buckets very efficiently, as well as quickly.”

Lyons spoke with theCUBE Research’s Dave Vellante for theCUBE’s “Cloud AWS re:Invent Coverage,” during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Cribl uses Amazon S3 for enhanced operations. (* Disclosure below.)

How Amazon S3 fits into the SIEM migration picture

Security Information and event management migration is essential for organizations to enhance their cybersecurity posture and ensure the efficiency of their IT security operations. Cribl aids in SIEM migration with the help of Amazon S3, enabling enterprises to keep pace with the dynamic cybersecurity landscape, according to Lyons. 

“There’s been a lot of SIEM migration,” he said. “Cribl is uniquely posed to be able to help people with specifically that migration, but even those POCs and those testing of the next SIEM technology that you’re using. It allows you to better leverage things like a security data lake, like with the AWS Security Lake. We’re helping our customers take some of that data and we put it over in an S3 bucket.”

Cribl makes threat intelligence a reality, given that it’s crucial for faster and efficient investigations in cybersecurity. This is because it transforms raw data into actionable insights, allowing organizations to respond swiftly, Lyons pointed out.

“As a security person, one of the most exciting use cases that I have is we can go back into some of our logs and apply and better leverage our threat intelligence information to find out whether this IP address existed in our environment at some point in the past,” he said. “Today, what a lot of companies are doing is they’re looking at it in real time right through their SIEM. Do we have a detection based on this particular watch list? At Cribl that we can do those things a lot faster than ever before.”

Addressing emerging threats, such as deepfakes and phishing attacks, requires a multifaceted approach. As a result, collaboration and incident response plans are needed, according to Lyons. 

“Phishing still has a super high rate of return for these attackers,” he said. “The cost of generating these deepfakes, whether they’re a voice-based attack or a video-based attack, the cost is not increasing massively. Being able to capture those pieces of information and being able to understand and have a clean, concise process to take them in from our user population. ‘Hey, did you just call me and record this video of yourself saying, ‘Please give me a bunch of gift cards?’”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s “Cloud AWS re:Invent Coverage”:

(* Disclosure:Cribl Inc. sponsored this segment of theCUBE. Neither Cribl nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE