Cribl Becomes Default Security Router
Cribl at $200M ARR
These partnerships turn Cribl from a cost cutting utility into a control point for where security data lands. Once a team already uses Cribl to clean, reduce, and route logs, the easiest next step is often to send that data into the destinations with the best supported connectors and joint workflows, which gives partners like CrowdStrike and Wiz a distribution advantage inside the customer’s security stack.
-
CrowdStrike made Cribl part of its Falcon Next-Gen SIEM ecosystem in May 2024, and Cribl offers a dedicated Falcon Next-Gen SIEM integration and data connector. In practice, that means a security team can collect logs once in Cribl, reshape them, and forward them straight into CrowdStrike without building custom plumbing.
-
Wiz positions Cribl as an integration layer that enriches, deduplicates, and transforms Wiz data before sending it onward. That makes Cribl useful to the customer, but it also nudges Wiz into the default set of systems that receive high value cloud security data flowing through the pipeline.
-
This is similar to the role Segment played in customer data. The router becomes sticky because ripping it out means redoing many downstream connections. Cribl is extending that position by adding its own storage with Lake, so it can both decide where data goes and capture more of the spend itself.
The next step is a battle to own the default path for machine data before it reaches the SIEM, lake, or analytics tool. If Cribl keeps adding first class integrations while expanding Lake, it can become the neutral traffic manager for security telemetry, with partners gaining demand through Cribl even as Cribl captures more of the stack around them.