Today, the Comcast Technology Solutions (CTS) cybersecurity business unit announced DataBee®, a cloud native security, risk and compliance data fabric platform. DataBee marks the first “home grown” product from this business unit and – like the other great products and platforms offered across the CTS suite – brings to market a solution originally developed for Comcast’s own use.
A security data fabric built by security professionals for security professionals
At its essence, DataBee weaves together disparate security data from across your technology stack into a single fabric where it is standardized, sharable, and searchable for analyses, monitoring, and reporting at scale. While the concept of a data fabric has been around for some time, you may not have yet come across a “security data fabric.” That’s because it’s time to bring security into the data fabric equation.
DataBee was inspired by Comcast’s internal security and compliance teams. The proliferation of cybersecurity tools and voluminous amounts of data made it difficult to combine for a unified view, creating silos while being costly to store and analyze. In much the same way a data fabric is used for streamlining access to and sharing data in distributed data environments, DataBee security data fabric combines data sources, data sets, and controls from various security tools to bring security data to the organization’s global data strategy.
After data is taken in from all the various feeds, DataBee aggregates, compresses, standardizes, enriches, correlates and normalizes it before transferring a full historical, time-series dataset to a data lake where data is stored. Enter Snowflake…
DataBee delivers a security data fabric for customers on the Snowflake Data Cloud
With Comcast Technology Solutions’ launch of DataBee, we’re proud to announce a strategic partnership with Snowflake, the Data Cloud company. DataBee is integrated with Snowflake, enabling customers to quickly and easily connect DataBee to their Snowflake instance where data is stored and processed.
The unique architecture of the Snowflake platform separates “compute” from “storage”, enabling organizations to scale up or down as needed, and store and analyze large volumes of data in a cost-effective way. This not only reduces costs but also provides flexibility, speed, and scalability, making it an ideal choice for storing security data.
After DataBee parses, flattens, and normalizes data for analysis, Snowflake’s platform is able to store substantial volumes of data for an extended period of time—historically a big challenge for cybersecurity solution providers—while driving down costs and maintaining high performance. The robust analytics enables teams across the organization to leverage the same dataset for high fidelity analysis, decisioning, response, and assurance outcomes without worrying about retention limits.
Normalized and enriched data from Snowflake can be exported into a customer’s business intelligence (BI) tool such as Tableau or PowerBI, generating more actionable reporting and metrics. Threat hunters also experience enhanced capabilities by using the same, clean data with tools of their choice, such as Jupyter Notebooks, enabling them to identify real threats faster as they conduct their investigation across large-scale datasets. Further, the enriched data from DataBee can be joined with additional datasets from the Snowflake Marketplace to derive additional insights.
DataBee provides security, risk and compliance capabilities for customers looking to create a security data lake strategy with their cloud data platform.
Cloud-native security and compliance data fabric at scale
Enabling a unified global data strategy with DataBee
DataBee combines the business context needed by security, risk and compliance teams to protect an organization’s people and assets. These teams include threat hunters, data scientists, security operations center (SOC) analysts, compliance and audit specialists, and incident responders. This unified view of critical security data with business context enables people in these roles to rapidly identify real threats and manage compliance.
Some use cases include:
- Compliance: For continuous controls assurance for security controls such as Endpoint Detection and Response (EDR) coverage, asset management, vulnerability management, and more. DataBee provides near real-time visibility into an organization’s compliance and risk posture.
- Threat Hunting: Designed for faster time-to-detection by enabling threat hunters to conduct automated and deeper searches with the ability to run multiple hunts at once.
- Data Modeling: For supporting and building machine learning models. DataBee provides threat detection teams with time-series analytics to create machine-learning based detection.
- SIEM Decoupling: Separate the storage of data that typically goes into a SIEM solution from your analytical layer. Cleansing data at the upstream results in SIEM cost reduction and highly performative analysis.
- Behavior Baselining with Anomaly Detection: With your data in a clean, sharable, and usable format, security teams can easily understand user and device behavior and to rapidly detect and take action on any anomalies.
The real-world benefits of a security data fabric
The security data fabric architecture built and implemented by Comcast’s security team has yielded impressive results for the broader security, risk and compliance teams across the organization. In our own use we saw:
- Daily data throughput reductions in our SIEM resulting in a 30% decrease in the cost of our security operations
- 3x faster threat detection
- 35% noise reduction in the data sets users work with
- Faster compliance answers as a result of streamlined compliance reporting and automated queries
These results validate the very positive impact that bridging the worlds of data and security can have on an organization, and that we want other enterprises to benefit from through DataBee. When organizations have clean, sharable data to leverage that adds business context to security events, security teams can identify and detect real threats quickly and compliance teams can validate and achieve continuous compliance assurance while reducing costs for data storage and SIEM throughput. By bringing data fabric to the enterprise security tool chest, DataBee improves their security, risk and compliance posture.
Indeed, security is now all about the data. Businesses have made significant investments in their security teams and the solutions they use to protect the business. However, if all of these tools are working in silos and independent of the larger business context, they will still be inadequate at detecting and protecting an organization from cyberthreats.
By bringing security under their global data strategy, organizations will have more actionable insights, reduced false positive findings, the ability to conduct threat hunting across large-scale data sets, and achieve near real-time visibility into their compliance and risk posture.
Meet DataBee at RSA
The DataBee team will be hosting exclusive events and meetings during the RSA Conference in San Francisco. Check out our itinerary:
- A Recipe for Security Data Lake Success, a breakfast event on April 26, 2023 at 8:30am
- Request a meeting with the DataBee executive team
- Learn more about DataBee and download our data sheet
- The Future of Cybersecurity Brought Me to Comcast, a blog by Nicole Bucala, VP & GM, Cybersecurity Suite