Building the Yellow Brick Road to Data-Centric Security

Much like Dorothy and her friends on the Yellow Brick Road feared lions, tigers, and bears (oh my!), today’s organizations face security challenges on multiple fronts. Cyber threats, fraud, and physical security require attention across multiple departments. With the crew in Oz, the best results came when the brain, the heart, and the courage worked together. This kind of collaboration is also necessary to beat modern security challenges.

The fundamental issue is that security operations within organizations are siloed. Often, security teams don’t talk to the fraud teams or the physical security teams. The tools these teams use don’t interact or integrate either, even though these teams’ data are absolutely essential to completing the security picture for each. Solving this issue means a shift from today’s role-centric security to data-centric security.

Data-Centricity Requires Movement 

Being data centric means treating data as a strategic asset that everyone in the organization can get when needed. Data streaming is critical to this approach as it allows for curated data to be published from a source one time, durably, and then fed to anyone else in the organization who needs that data and has permission to see it. 

For security teams, this means that data can be made available for any security function that needs it and can be used with the variety of tools they are used to.

Data-Centricity Means SIEM Modernization

This concept, of course, is not new. Organizations have implemented security incident and event management (SIEM) and security orchestration, automation, and response (SOAR) tools to protect their environments and improve security operations. However, since threat vectors are creative and elusive, the existing tools struggle to detect and respond to new threats in a timely manner, and cannot always be effectively integrated end to end in order to respond to new threats as early as possible and at scale. 

SIEM and SOAR tools aggregate data from multiple log sources, enabling search and investigation of security incidents and specific rules for detecting attacks. These systems work by collecting event data from a variety of sources like logs, applications, network devices, servers, and firewalls, using various collection agents to bring it all directly into their centralized platform. 

However, SIEM and SOAR tools cannot handle the volumes and variety of data being collected. Data security teams often need to make the critical decision of prioritizing data feeds, potentially excluding anomalous events. Additionally, the more data, the longer the analysis takes and the more expensive it becomes. 

Data streaming allows for that collection and aggregation to happen before data gets to the SIEM or SOAR, greatly reducing the work required by the SOC analyst and significantly reducing the cost.  

Data-Centric Security in Action

Join me on October 12 for a webinar where we’ll talk through how to integrate data streaming into security operations for a more holistic approach to security. The presentation will include a demo showing how Confluent can handle all of the traffic when analyzing a complex network and all laptops connecting to it, then feed only the necessary data into SIEM tools, showing the impact of doing more data work upstream of the SIEM. 

We’ll also talk through several government examples of how incorporating data streaming into the security stack enables teams and the tools they use to be more efficient and proactive.  

Register for the October 12 webinar here to get a deep dive on how to get your organization to the Oz of data-centric security.