Cyber Security
It’s Time to Bring Digital Transformation to Cybersecurity
Recently, I’ve been thinking a lot about cybersecurity in the age of digital transformation.
As enterprises have implemented digital transformation initiatives, one of the great—albeit challenging—outcomes has been data: tons and tons of data, often referred to as “big data”. Storing, managing and making all of that data accessible to many different users can be expensive and non-trivial, but all that big data is gold. I know first-hand how valuable big data is to understand the health of the business; the insights provided by all this data enables an enterprise to continually adapt as needed to meet customer needs, to remain competitive, and to innovate.
Security has largely been left behind when it comes to digital transformation. While our counterparts in other areas of the business are using data lakes and mining rich data sets for actionable intelligence, security leaders and teams are still having to work way too hard to piece together a comprehensive view of threats across the organization. Data is the currency of the 21st century – it helps you examine the past, react to the present, and predict the future. Yet, too many security products are producing too much security data in silos; it’s difficult, at best, to bring all of this data together for a unified view of what’s really happening. Because of the constantly-changing threat landscape—exacerbated by everything from the global pandemic to the Russian/Ukraine war to new technology developments such as generative AI (which can also be used for good)—new security tools and capabilities to address the latest threats just keep getting added to the mix, like band aids on new wounds.
If you do a search for “the average number of security products in the enterprise security stack”, you’ll get answers that range from 45, to 76, to 130 – the number is large and the tools are many. (Tempting as it is, I won’t share how many externally developed security tools we’re using in the Comcast environment.) There are products for data protection, risk and compliance, identity management, application security, security operations, network, endpoint and data center security, cloud security, IoT and more. (While a few years old, the Optiv cybersecurity technology map provides a glimpse at how big and daunting this space is.) A security information and event management (SIEM) solution can help by collecting and analyzing the log and event data generated by many of these security tools. SIEMs are wonderful and provide essential functions, but they are expensive, not ideal for simultaneous, parallel compute, and do not really “set the data free” for long term storage, elastic expansion, and use by multiple personas.
“Digitalisation is not, as is commonly suggested, simply the implementation of more technology systems. A genuine digital transformation project involves fundamentally rethinking business models and processes, rather than tinkering with or enhancing traditional methods.” (ZDNet)
No more security data silos… it’s time for us to apply the tenets of digital transformation to security. We tackled that challenge here at Comcast and the results have been impressive. With a workforce of over 150,000, tens of millions of customers, and critical infrastructure at scale, we have a lot to secure. We also have millions of sensors deployed through our ecosystem, providing potentially rich insights. As digital transformation demands, we took a fresh look at our cybersecurity program and came up with a new approach to consolidating, analyzing and managing our security data that has resulted in millions of dollars in cost savings and, even more importantly, the ability to bring together vast amounts of clean, actionable and easy-to-use security data. And not just security data – we enrich security data with lots of other enterprise data to enable even deeper insights.
How did we do it? We built on the idea of a data fabric – “an emerging data management design for attaining flexible, reusable and augmented data integration pipelines, services and semantics.” The outcome is a cloud-native security data fabric that has integrated security data from across our security stack and millions of sensors, enriched by enterprise data, enabling us to cost-effectively store over 10 petabytes of data with hot retention for over a year and allowing us to provide a ‘single source of truth’ to all of the functions that need access to this data for security, risk and compliance management.
By 2024, data fabric deployments will quadruple efficiency in data utilization, while cutting human-driven data management tasks in half. Source: Gartner, Understand the Role of Data Fabric ebook, Guide 4 of 5, 2022
Comcast’s security data fabric solution ingests data from multiple feeds, then aggregates, compresses, standardizes, enriches, correlates, and normalizes that data before transferring a full time-series datasets to our security data lake built on Snowflake. Once that enriched data is available, the use cases are endless: Continuous controls assurance, threat hunting, new detections, understanding and baselining behaviors, useful risk models, asset discovery, AI/ML models, and much more. The questions we dare to ask ourselves become more audacious each day.
My dream was to have vast amounts of relevant security data easily actionable within minutes and hours—not days or weeks—and we’ve achieved that using a security data fabric. We’re able to do continual “health checks” on our business and security posture and adapt quickly as threats and business conditions change. Security is a journey, and we are always looking for ways to improve – our security data fabric helps us in that journey. And in doing so, it has made us a part of the digital transformation journey of our entire corporation.
The security data fabric that has proven so beneficial to Comcast’s cybersecurity program is being commercialized and offered to large enterprises in a solution we call DataBee™, available through Comcast Technology Solutions. If you’re interested in taking a fresh look at your cybersecurity program with an eye towards digital transformation, check out DataBee and consider using a security data fabric to deliver the big data insights you need to stay ahead of the ever-evolving threat and compliance landscape.