Next-Generation Technologies & Secure Development , Security Information & Event Management (SIEM) , Security Operations

Cribl Raises $150M to Incubate New Observability Features

Cribl Plans to Develop Hosted Versions of the Company's On-Premises Technology
Cribl Raises $150M to Incubate New Observability Features
Cribl co-founder and CEO Clint Sharp (Photo: Cribl)

Cribl has raised $150 million to construct an incubation lab that drives the development of new features such as hosted versions of the company's technology.

See Also: Webinar | Accelerate your SOC with AI-driven security analytics with Elastic and Google Cloud

The San Francisco-based open observability vendor says the incubation lab will build out separate tools for each piece of the observability process rather than forcing customers to purchase a cumbersome bundle containing lots of features they aren't interested in, says Cribl co-founder and CEO Clint Sharp. The Series D funding round was led by Tiger Global Management and brings Cribl's total financing to $400 million.

"We're really just trying to respond to the needs of the customers, and not every customer needs everything," Sharp tells Information Security Media Group. "We believe in breaking the product up into smaller pieces so that customers can pick and choose what functionality it is that they want."

Cribl was founded in 2017, employs 325 people and has raised four rounds of outside funding. The company most recently closed a $200 million Series C founding round in August 2021 led by Greylock and Redpoint Ventures (see: Observability Vendor Gigamon Promotes Shane Buckley to CEO).

Building the Growth Engine

Sharp says Cribl's new incubation team will have less-defined roles, with the same person potentially tasked with carrying out design, engineering and user interface work. Having front-end engineers on the incubation team that can also do design work means that less communication will be needed to get the job done, and Sharp likes having no more than three to five people working on the initial version of a tool.

"By combining multiple roles into one single brain, you actually get a lot faster velocity," Sharp says. "Rather than having a designer who has to communicate with the developer, if you have a really great engineer who can do their own design work and really understands the problem and the solution that they're building, you can move a lot faster."

Once a product has been brought to market, Sharp says the team needs to scale to more than 30 people so that product managers can solicit feedback from customers and back-end engineers can solve the problems that exist in the initial version. For this reason, Sharp says, Cribl's team supporting existing products has more traditional product, design, testing, engineering and quality assurance positions.

But when building the first version of a product, Sharp says, the focus should be on doing one thing much better than anything else on the market even if the product is inferior in other ways. Future versions of the product can include features that are missing from the initial version so that the tool is competitive against incumbent options across the board.

"If you're not embarrassed by the first version that you ship, you shipped too late," Sharp says.

Cribl is hoping to develop hosted version of capabilities that customers are currently running on-premises themselves in response to significant client feedback, Sharp says. For instance, Sharp says customers would be interested in paying Cribl to host their observability lake or security lake rather than having to put the data in their own Amazon S3 bucket.

"We are not currently in the data-hosting business, but customers are asking us to do that," Sharp says. "So it's one that we are looking at developing because customers keep asking us."

Cleaning Up Security Clutter

Roughly half of Cribl's business is in the security space today, and Sharp says the company's data-routing capabilities make it easier for customers to onboard data onto their security information and event management, or SIEM, and user and entity behavior analytics, or UEBA, tools. Cribl can help security customers control costs by eliminating noise, waste and data that isn't particularly interesting to them, according to Sharp.

A lot of logging data isn't useful for customers, and Sharp says Cribl's technology can free up capacity for data they actually want to get into their SIEM by eliminating fields the customer doesn't care about. Even though CISOs don't spend much time on their logging tools, Sharp says they tend to eat up a significant portion of the department's budget.

Security customers occasionally use Cribl to replace log management or log processing tools such as rsyslog or syslog-ng, but Sharp says most new Cribl clients don't have anything in place to streamline the logging process. Cribl has a pretty clear business case for security customers and typically doesn't have to fight for budget since the tool can save them more money than they would spend to buy the software.

From a metrics standpoint, Sharp says, Cribl is closely monitoring revenue, employee satisfaction and adoption of the cloud product the company launched in October 2021. Cribl's cloud product reduces time to value for clients since they don't have to wait on infrastructure. It is billed on a consumption basis similar to the technology provided by Snowflake, Databricks, Amazon Web Services and Google.

"We help security customers out with routing use cases and cost control use cases," Sharp says.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.