Case Study: Sally Beauty achieves 41% EDR data reduction with Cribl

Sally Beauty Transforms their IT and Security Data Management, Switching from LogStash and Syslog-ng to a Superior Cloud-Based Data Engine

Sally Beauty, an international specialty retailer and distributor of professional beauty supplies, needed a better way to manage and filter its security data, especially Endgame EDR logs going into Elastic Cloud. The team wanted more control over what data was sent, better normalization to Elastic Common Schema (ECS), and less time spent maintaining legacy tools like Logstash and syslog-ng. Cribl.Cloud was used to help solve these data pipeline challenges.

Using Cribl, Sally Beauty parsed and routed Endgame data, dropped unnecessary fields, and converted it into the right format before sending it to Elastic. Cribl reduced daily EDR data from 9.25TB to just over 5TB, a 41% reduction, and extended retention from 7 days to 45 days. Sally Beauty also replaced syslog-ng and Logstash with Cribl workers, estimating the new setup takes one-quarter of the time to manage, while freeing security engineers to focus more on security work.

Sally

Sheldon Carmichael

Information Security Architect