![](/sites/default/files/styles/teaser_265_x_175/public/2024-01/shutterstock_1096148960.jpg?itok=Zf1xGdr5)
Finding security threats with DataBee from Comcast Technology Solutions
Last week, DataBee™ announced the general availability of DataBee v2.0. Alongside a new strategic technology partnership with Databricks, we released new cybersecurity and Payment Card Industry Data Security Standard (PCI DSS) 4.0 reporting capabilities.
In this blog, we’ll dive into the new security threat use cases that you can unlock with a security, risk, and compliance data fabric platform.
DataBee for security practitioners and analysts
In security operations, detecting incidents in a security information and event management (SIEM) tool is often described as looking for a needle in a haystack of logs. Another fun (or not-so-fun) SIEM metaphor is a leaky bucket.
In an ideal world, all security events and logs would be ingested, parsed, normalized, and enriched into the SIEM, and then the events would be cross-correlated using advanced analytics. Basically, logs stream into your bucket and the SIEM, and all the breaches would be detected.
In reality, there are holes in the bucket that allow for undetected breaches to persist. SIEMs can be difficult to manage and maintain. Organization-level customizations, combined with unique and ever-changing vendor formats, can lead to detection gaps between tools and missed opportunities to avert incidents. Additionally, for cost-conscious organizations, there are often trade-offs for high-volume sources that leave analysts unable to tap into valuable insights. All these small holes add up.
What if we could make the security value of data more accessible and understandable to security professionals of all levels? DataBee makes security data a shared language. As a cloud-native security, risk, and compliance data fabric platform, DataBee engages early in the data pipeline to ingest data from any source, then enriches, correlates, and normalizes it to an extended version of the Open Cybersecurity Schema Framework (OCSF) to your data lake for long-term storage and your SIEM for advanced analytics.
Revisiting the haystack metaphor, if hay can be removed from the stack, a SIEM will be more efficient and effective at finding needles. With DataBee, enterprises can efficiently divert data, the “hay,” from an often otherwise cost-prohibitive and overwhelmed SIEM. This enables enterprises to manage costs and improve the performance of mission-critical analytics in the SIEM. DataBee uses active detection streams to complement the SIEM, identifying threats through vendor-agnostic Sigma rules and detections. Detections are streamed with necessary business context to a SIEM, SOAR, or data lake. DataBee takes to market a platform inspired by security analysts to tackle use cases that large enterprises have long struggled with, such as:
SIEM cost optimization
Standardized detection coverage
Operationalizing security findings
SIEM cost optimization
Active detection streams from DataBee provide an easy-to-deploy solution that enables security teams to send their “needles” to their SIEM and their “hay” to a more cost-effective data lake. Data that would often otherwise be discarded can now be analyzed enroute. Enterprises need only retain the active detection stream findings and security logs needed for advanced analytics and reporting in the SIEM. By removing the “hay,” enterprises can reduce their SIEM operating costs.
The optimized cloud architecture enables security organizations to gain insights into logs that are too high volume or contain limited context to leverage in the SIEM. For example, DNS logs are often considered too verbose to store in the SIEM. They contain a high volume of low-value logs due to limited information retained in each event. The limited information makes the DNS logs difficult to cross-correlate with the disparate data sources needed to validate a security incident.
Another great log source example is Windows Event Logs. There are hundreds of validated open-source Sigma detections for Windows Event Logs to identify all kinds of malicious and suspicious behavior. Leveraging these detections has traditionally been difficult due to the scale required both for the number of detections and volume of data to compare it to. With DataBee’s cloud-native active detection streams, the analytics are applied as the data is normalized and enriched, allowing security teams new insights into the potential risks facing their organization. DataBee’s power and scale complement the SIEM’s capabilities, plugging some of the holes in our leaky bucket.
Analyst fatigue can be lessened by suppressing security findings for users or devices that can reduce reliability of a finding. With DataBee’s suppression capability, you can filter and take actions on security findings based on the situation. Selecting “Drop” for the action ignores the event, which is ideal for events that are known to be false positive in the organization. Alternatively, applying an “Informational” action reduces the severity and risk level of the finding to Info, still allowing the finding to be tracked for historical purposes. The Informational level is perfect for tuning that requires auditability long term. The scheduling option uses an innovative approach that gives you a way to account for recurring known events like change windows that might fire alerts or additional issues that could lead to false positives.
By applying the analytics and tuning to the enriched logs as they are streamed to more cost-effective long-term storage in the data lake, security teams can detect malicious behavior like PowerShell activity or DNS tunneling. Additionally, DataBee’s Entity Resolution not only enriches the logs but learns more about your organization from them, discovering assets that may be untracked or unknown in your network.
Standardized detection coverage
With the ever-evolving threat landscape, detection content is constantly updated to stay relevant. As such, security organizations have taken on more of a key role in content management between solutions. Compounded by the popularization of Sigma-formatted detections with both security researchers and vendors, many large enterprises are beginning their journey to migrate existing custom detections to open-source formats managed via GitHub. Sigma detection rules are imported and managed via GitHub to DataBee to quickly operationalize detection content. Security organizations can centralize and standardize content management for all security solutions, not just DataBee.
Active detection streams apply Sigma rules, an open-source signature format, over security data that is mapped to a DataBee-extended version of OCSF to integrate into the existing security ecosystem with minimal customizations. DataBee handles the translation from Sigma to OCSF to help lower the level of effort needed to adopt and support organizations on their journey to vendor-agnostic security operations. With Sigma-formatted detections leveraging OCSF in DataBee, organizations can swap out security vendors without needing to update log parsers or security detection content.
Operationalizing security findings
One of DataBee’s core principles is to meet you where you are with your data. The intent is to integrate into your existing workflows and tools and avoid amplifying the “swivel chair” effect that plagues every security analyst. In keeping with the vendor-agnostic approach, DataBee security findings generated by active detection streams can be output in OCSF format to S3 buckets. This format can be configured for ingestion to immediate use in major SIEM providers.
Leveraging active detection streams with Entity Resolution in DataBee enables organizations to identify threats with vendor-agnostic detections with all the necessary business context as the data streams toward its destination. DataBee used in conjunction with the SIEM allows security teams visibility out of the box into potential risks facing their organization without the noise.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2024-01/abstract_purple_fingerprints.jpg?itok=U5ztNu4I)
DataBee and Databricks: Business-ready datasets for security, risk, and compliance
In today's fast-paced and data-driven world, businesses are constantly seeking ways to gain a competitive edge. One of the most valuable assets these businesses have is their data. By analyzing and deriving insights from their data, organizations can make informed decisions, manage organizational compliance, optimize resource allocation, and improve operational efficiency.
Better together: DataBee and Databricks
As part of DataBee™ v2.0, we’re excited to announce a strategic partnership with Databricks that gives customers the flexibility to integrate with their data lake of choice.
DataBee is a security, risk, and compliance data fabric platform that transforms raw data into analysis-ready datasets, streamlining data analysis workflows, ensuring data quality and integrity, and fast-tracking organizations’ data lake development. In the medallion architecture, businesses and agencies organize their data in an incremental and progressive flow that allows them to achieve multiple advanced outcomes with their data. From the bronze layer, where raw data lands as is, to the silver layer, where data is minimally cleansed for some analytics, to the gold layer, where advanced analytics and models can be run on data for outcomes across the organization, let DataBee and Databricks get your data to gold.
In the past, creating gold-level datasets was a challenging and time-consuming process. Extracting valuable insights from raw data required extensive manual effort and expertise in data aggregation, transformation, and validation. Organizations had to invest significant resources in developing custom data processing pipelines and dealing with the complexities of handling large volumes of data. Lastly, legacy systems and traditional data processing tools struggled to keep up with the demands of big data analytics, resulting in slow and inefficient data preparation workflows. This hindered organizations' ability to derive timely insights from their data and make informed decisions.
DataBee's integration with Databricks empowers customers to take their gold-level datasets up a notch by leveraging advanced data transformation capabilities and sophisticated machine learning algorithms within Databricks. Regardless of whether the data is structured, semistructured, or unstructured, Databricks' unique lakehouse architecture provides organizations with a robust and scalable infrastructure to store and manage vast amounts of data and insights in SQL and non-SQL formats. The lakehouse architecture from Databricks allows businesses to leverage the flexibility of a data lake and the analysis efficiency of a data warehouse in a unified platform.
The integration between DataBee and Databricks involves two key components: the Databricks Unity Catalog and the Auto Loader job.
The Databricks Unity Catalog is a unified governance solution for data and AI assets within Databricks that serves as a centralized location for managing data and its access.
The Auto Loader automates the process of loading data from Unity Catalog-governed sources to the Delta Lake tables within Databricks. The Auto Loader job monitors the data source for new or updated data and copies it to the appropriate Delta Lake tables. This ensures that the data is always up to date and readily available for analysis within Databricks. When integrating DataBee with Databricks, the data is loaded from the Databricks Unity Catalog data source using the Auto Loader, ensuring that it is easily accessible and can be leveraged for analysis.
This seamless integration, combined with DataBee's support for major cloud platforms like AWS, Google Cloud, and Microsoft Azure, enables organizations to easily deploy and operate Databricks and DataBee in their preferred cloud environment, ensuring efficient data processing and analysis workflows.
Connecting security, risk, and compliance insights faster with DataBee
It’s time to start leveraging your security, risk, and compliance data with DataBee and Databricks.
DataBee joins large security and IT datasets and feeds close to the source, correlating with organizational data such as asset and user details and internal policies before normalizing it to the Open Cybersecurity Schema Framework (OCSF). The resulting integrated, time-series dataset is sent to the Databricks Data Intelligence Platform where it can be retained and accessible for an extended period. Empower your organization with DataBee and Databricks and stay ahead of the curve in the era of data-driven decision-making.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-12/shutterstock_2302776197.jpg?itok=NpRi6cYo)
Five Benefits of a Data-Centric Continuous Controls Monitoring Solution
For as long as digital information has needed to be secured, security and risk management (SRM) leaders and governance, risk and compliance (GRC) leaders have asked: Are all of my controls working as expected? Are there any gaps in security coverage, and if so, where? Are we at risk of not meeting our compliance requirements? How can I collect and analyze data from across all my controls faster and better?
From “reactive” to “proactive”
Rather than assessing security controls at infrequent points in time, such as while preparing for an audit, a more useful approach is to implement continuous monitoring. However, it takes time to manually collect and report on data from a disparate set of security tools, making “continuous” a very challenging goal. How can SRM and GRC teams evolve from being “reactive” at audit time, to “proactive” all year long? Implement a data-centric continuous controls monitoring (CCM) solution.
According to Gartner®, CCM tools are described as follows:
“CCM tools offer SRM leaders and relevant IT operational teams a range of capabilities that enable the automation of CCM to reduce manual effort. They support activities during the control management life cycle, including collecting data from different sources, testing controls’ effectiveness, reporting the results, alerting stakeholders, and even triggering corrective actions in the event of ineffective controls or anomalies. Furthermore, the automation they support enables SRM leaders and IT operational teams to gain near real-time insights into controls’ effectiveness. This, in turn, improves situational awareness when monitoring security posture and detecting compliance gaps.” Gartner, Inc., Innovation Insight: Cybersecurity Continuous Control Monitoring, Jie Zhang, Pedro Pablo Perea de Duenas, Michael Kranawetter, 17 May 2023
The use of a CCM solution offers significant advantages over point-in-time reviews of multiple data sources and reports. This blog identifies five of the key benefits of using a CCM solution.
Share the same view of the data with all teams in the three lines of defense.
A shared and consistent view of data facilitates better coordination between operations teams that are accountable for compliance with organizational security policy, the process owners who manage the tools and data used to measure compliance, and the GRC team that oversees compliance.
A set of CCM dashboards can provide that common view. Without a shared view of compliance status, teams may be looking at different reports, or reports created similarly, but at different points in time, resulting in misunderstandings; in effect, a cybersecurity “Tower of Babel.” Consistent reporting based on a mutually recognized source of truth for compliance data is an essential first step.
Furthermore, without a consistent view of compliance data, it will be challenging to have a productive conversation about the quality of the data and its validity. If operations teams are pulling their own reports, or even if they are consuming reports provided by the process owners or GRC team, inconsistencies in data are likely to be attributed to differences in report formats, or differences in the dates when the reports were run. If all the teams are looking at the same set of CCM dashboards displaying the same data, it is easier to resolve noncompliance issues that may be assigned to the wrong team, or to find other errors, such as missing or incorrect data, that need to be fixed.
Bring clarity to roles and responsibilities.
Job descriptions may include tasks such as, “Ensure compliance with organizational cybersecurity policy.” But ultimately, what does that mean, especially to a business manager for whom cybersecurity is not their primary responsibility? In contrast, a set of CCM dashboards that an operations level manager can access to see what specifically is compliant or noncompliant for their department provides an easily understood view of that manager’s responsibilities. Managers do not need to spend unproductive time trying to guess what their role is, or trying to find the team that can provide them with information about what exactly is noncompliant for the people and assets in their purview.
Compliance documents and frameworks typically include requirements for documenting “roles and responsibilities,” for example, the n.1.2 controls (e.g., 1.1.2, 2.1.2, etc.) and 12.1.3 in PCI-DSS v4.0. Similarly, the “Policy and Procedures” controls, such as AC-01, AT-01, etc. in NIST SP 800-53 state that the policy “Addresses… roles, [and] responsibilities.”
Ultimately, roles and responsibilities for operations managers and teams can be presented to them in an understandable format by displaying compliant and noncompliant issues for the people and assets that they manage. This is not to say that cybersecurity related roles and responsibilities should not be listed in job descriptions. However, a display of what is or is not compliant for their department will complement their job description by making the manager’s responsibilities less abstract and more specific.
Making compliance and security a shared responsibility
Cybersecurity is Everyone’s Job according to the National Initiative for Cybersecurity Education (NICE), a subgroup on Workforce Management at the National Institute of Standards and Technology (NIST). At the operations level, a manager’s primary responsibility for the business may be to produce the product that the business sells, to sell the product, or something related to these objectives. But the work of the business needs to be done with cybersecurity in mind. Business operations managers and the staff that report to them have a responsibility to protect the organization’s intellectual property, and to protect confidential data about the organization’s customers. So, even if cybersecurity is not someone’s primary job responsibility, cybersecurity is in fact everyone’s job.
At times, business managers may take a stance that “cybersecurity is not my job,” and that it is the job of the CISO and their team to “make us secure.” Or business managers may accept that they do have cybersecurity responsibilities, but then struggle to find a team or a data source that can provide them with the specifics of what their responsibilities are.
A CCM solution can give business managers a clear understanding of what their cybersecurity “job” is without requiring them to track down the information about the security measures they should be taking, as the data alerts them to security gaps they need to address.
Enhance cybersecurity by ensuring compliance with regulations and internal policies
Compliance may not equal security, but the controls mandated by compliance documents are typically foundational requirements that, if ignored, are likely to leave the organization both noncompliant and insecure. An organization that has good coverage for basic cybersecurity hygiene is likely to be in a much better position to achieve compliance with any regulatory mandates to which they are subject. Or, conversely, if the organization has gaps in their existing cyber hygiene, working to achieve compliance with their regulatory requirements, or an industry recognized set of security controls, will provide a foundation on which the organization can build a more sophisticated, risk-based cybersecurity program.
The basics are the basics for a reason. Using a CCM tool to achieve consistent coverage for the basics when it comes to both compliance and cybersecurity provides a more substantial foundation for the cybersecurity program.
Creating a progressive and positive GRC feedback loop using CCM
A CCM solution does not take the place of or remove the need for a GRC team and a GRC program. But it is a tool that, if incorporated into a GRC program, can help by saving time formerly used to manually create reports, and by facilitating coordination and cooperation by providing teams a consistent view of their compliance “source of truth.” Implementing a CCM solution may uncover gaps in data (missing or erroneous data), or gaps in communication between teams, such as the business teams that are accountable for compliance, and the process owners who are managing the tools and data used to track compliance. Uncovering any such gaps provides the opportunity to resolve them and to make improvements to the program. As gaps in data, policy or processes are uncovered and resolved, the organization is positioned to make continuous improvement in its compliance posture.
If there are aspects of the organization’s current GRC program that have not achieved their intended level of maturity, a CCM solution like DataBee can help by providing a consistent view of compliance data that all teams can reference. CCM can be the focus that teams use to facilitate discussions about the current state, and how to move forward to a more compliant state. Over time, the organization can draw on additional sources of compliance data and display it through new dashboards to continue to build on their compliance and cybersecurity maturity.
Get started with DataBee CCM
For more insights into how a CCM solution can ease the burden of GRC teams while improving an organization’s security, risk and compliance posture, read the recent interview of Rob Rose, Sr. Manager on the Cybersecurity and Privacy Compliance team here at Comcast. Rob and the Comcast GRC team use the internally developed data fabric platform that DataBee is based on, and they’ve achieved some remarkable results.
The DataBee CCM offering delivers the five key benefits described here and more. If your organization would like to evolve its SRM and GRC programs from being “reactive” to “proactive” with continuous, year-round controls monitoring, be in touch and let us show you how DataBee can make a difference.
Download the CCM Solution Brief to learn more, or request a personalized demo.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-12/Snowflake-NextGen-CS-Apps_0.jpg?itok=WWGVVH-y)
DataBee is a Leader in Governance, Risk, and Compliance in Snowflake's The Next Generation of Cybersecurity Applications
Today, Snowflake recognized DataBee, part of Comcast Technology Solutions, as a Leader in the Governance, Risk & Compliance (GRC) Category in Snowflake’s The Next Generation of Cybersecurity Applications. As the Director of Strategic Sales and Go-to-Market Strategy, I am proud to help joint customers achieve fast, accurate, and data-driven compliance answers and resolutions that measure risks and controls effectiveness.
The inaugural, data-backed report identified five technology categories that security teams may consider when building their cybersecurity strategy. In addition to the GRC category, the other categories included: Security Information and Event Management (SIEM), Cloud Security, Data Enrichment and Threat Intelligence, and Emerging Segments.
DataBee puts your data at the center for dynamic, detail-rich compliance metrics and reports. The cloud-native security, risk and compliance data fabric platform weaves together security data sources with asset owner details and organizational hierarchy information, breaking down data silos and adding valuable context to cyber-risk reports and metrics.
By being a connected application Powered by Snowflake partner, DataBee makes continuous controls monitoring (CCM) a reality by enabling customers to securely and quickly access large, historical datasets in Snowflake while driving down costs and maintaining high performance. DataBee’s robust analytics enables teams across the organization to leverage the same dataset for high fidelity analysis, decisioning, response and assurance outcomes without worrying about retention limits. From executives to governance, risk and compliance (GRC) analysts, DataBee on Snowflake delivers a dynamic and reliable single source of truth.
Thank you to Snowflake for partnering with DataBee! As Nicole Bucala mentioned in our press release, DataBee makes it faster, easier and more cost effective for GRC teams to combine and share the security and business data and insights that their constituents need to stay compliant and mitigate risk. Our strategic partnership with Snowflake is an essential part of our solution, providing a powerful, flexible, and fully managed cloud data platform for our customers’ data regardless of the source.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-11/shutterstock_111983141.jpg?itok=jUjXDU_y)
DataBee appoints Ivan Foreman for EMEA expansion leadership
You may be surprised to know this, but the security data issues that challenge US-based security teams are issues felt ’round the world. Of course, I’m kidding: These challenges have been worked on, talked about, and written about for years and continue to eat up news cycles because it’s still too hard to correlate and analyze all of the security data generated by the tools and technologies that live in most enterprise security stacks.
Comcast Technology Solutions’ (CTS) DataBee™ Suite and security data fabric platform have been created to help bring order, ease, and clarity to security data chaos in the enterprise. Having focused this first year of business on our US home turf, we’re very happy now to expand into EMEA with a cybersecurity veteran at the helm — Ivan Foreman. Based out of London with work and life experience in Israel and South Africa, Ivan brings to his new role as Executive Director and Head of EMEA Sales, DataBee a deep understanding of the unique needs of customers and partners from across EMEA, and a true passion for ensuring the security of both people and organizations.
Let’s learn a little bit more about Ivan and his background…
[LC]: Ivan, you’ve joined CTS DataBee to lead Sales and Business Operations in EMEA. Talk to us about your charter there and what you hope to accomplish in your first several months.
[IF]: I’m very excited to join CTS DataBee and the opportunity to build the business in EMEA. My first month was spent learning as much as possible about Comcast, the value a security data fabric has brought to the organization, and the commercialization of this innovation through DataBee. I was fortunate enough to travel to HQ in Philadelphia and meet the leadership team who have been building DataBee for the past year. My next couple of months will be spent building the DataBee brand in the EMEA region and helping organizations there get more from their security data. So far, the response has been fantastic, and almost everyone I’ve spoken to about DataBee is keen to learn more and seems to have an interest in putting me in touch with their colleagues.
[LC]: How did you learn about the opportunity with CTS DataBee, and what ultimately attracted you to this position?
[IF]: I worked with Nicole Bucala (VP & GM of DataBee) at a previous company, and during the summer, I saw her post on LinkedIn about DataBee and was intrigued. As I was in the process of looking for a new role, I reached out to learn more.
There were ultimately three things that attracted me to the role:
The company: DataBee is part of Comcast Technology Solutions, whose parent company, Comcast, is one of the largest companies in the US. Having worked for small cybersecurity startups in the past, I understand the challenges of building a brand from scratch; here, I have the support of the Comcast brand and an amazing internal use case that validates how well equipped we are to solve the enterprise security data problem.
The product: Listening to the story of how Noopur Davis, Comcast’s CISO, built a security data fabric internally to help her answer the very difficult questions asked by Comcast’s board and regulators, whilst at the same time saving money and improving the company’s security posture, was very compelling.
The people: It has always been very important for me to work with people I like and respect. Nicole has done an amazing job of hiring some of the best and brightest talent in the industry. Throughout my interviews, I was impressed by the quality of the people I met and was excited by the prospect of so many successful people all working together.
[LC]: What is it about DataBee the product that excites you and that you think will resonate with enterprises in EMEA?
[IF]: What is resonating is our Continuous Controls Monitoring (CCM) offering — the ability to see real-time dashboards relating to the company’s security, risk, and compliance posture. Every single company has different data sources and security metrics that they need to monitor, and our CCM capability provides both standard and customizable dashboards that make it possible for an organization to track their specific security controls and compliance requirements.
In EMEA in particular, keeping up with regulations is such a challenge, and every industry and country seems to have different cybersecurity-related regulations they need to adhere to. In the UK, the ‘network and information systems,’ or NIS, is the main framework to look out for. Telecommunications companies, or Telcos, are grappling with the UK’s Telecommunications (Security) Act, whose requirements need to be in place for Tier 1 Telcos by March 2024. PCI DSS 4.0, which applies globally to any organization that processes payment cards, is another one to review. DataBee can ease the challenge of keeping up with these and other regulations by giving CISOs and GRC teams an easier way to continuously monitor their controls and keep ahead of their annual audits.
[LC]: Tell us a bit about your background in cybersecurity — you’ve been in this industry for most, if not all, of your career, correct? Share with us some of your experiences and what’s kept you hooked on the security space.
[IF]: I grew up in South Africa and graduated from university in Durban, but my professional cybersecurity experience began when I went to live in Israel. There, I worked for a company called Aladdin, which, at that time, was the market leader in combatting software piracy.
Eventually I moved to the UK, and other roles there included:
Business development manager for Softwrap, which had a very innovative secure envelope solution for helping to securely distribute software online (long before there were App Stores).
Progressive channel management and leadership roles at ScanSafe, pioneer in SaaS web security. I was one of the first employees and helped the company grow and expand until it was sold to Cisco in 2009 for $183 million. I stayed with Cisco for another four years and was promoted to lead the company’s security business in the UK, selling its full security portfolio (firewalls, IDS, email security, web security, VPN, identity services, etc.).
VP of sales EMEA and VP of sales Asia Pacific for Wandera, where I was reunited with the original founders of ScanSafe, who were focused this time on enterprise mobility security and data management.
VP of sales EMEA for Illusive Networks, an Israeli deception security company. I started as their first EMEA hire, helping them grow and expand the business there.
Senior director of global channel sales for Nozomi Networks (an OT security company), where I led their global channel business and was purely focused on developing relationships with hundreds of partners around the world.
Whilst working in the security industry, it is not just about selling products; you actually feel as if you are positively contributing to society by helping to keep companies and people safe from bad actors. I guess that’s what has really kept me interested in this space and why I believe I’ll probably stay in cybersecurity until the end of my career.
[LC]: What are some of the key data and/or cybersecurity challenges that are unique to enterprises in EMEA?
[IF]: One of the most interesting challenges I have seen in the UK specifically is the very short tenure of CISOs. I recently read a Forrester report, which highlighted that the average tenure for a UK CISO (working for the FTSE 100 companies) was 2.8 years. This means that they are not likely able to invest in long-term projects, but rather focus on short-term wins before they move on to a new challenge. It’s therefore critical to understand where the CISO is in their tenure as a key success factor, which may make or break a potential sale.
[LC]: Looking ahead into 2024, what are some of your security and/or security business predictions for the year ahead in EMEA? Any threats/challenges/opportunities you see on the near-term horizon?
[IF]: No doubt AI and ML is going to play a huge role in 2024 and beyond. Ensuring these technologies are used correctly and morally is going to be a huge challenge as bad actors and malicious hackers can also use them to attack enterprises and states.
The other challenge I see is finding skilled cybersecurity professionals who are available to help implement policies and keep companies safe. As reported by ISC2 in their 2023 Cybersecurity Workforce Study, there are roughly four million empty cybersecurity positions in companies and organizations globally. The people who work in the industry need to find a way to ensure children at school learn about the importance of these jobs and are encouraged to consider careers in this field.
[LC]: Will you be working to build channel partnerships in EMEA? If so, what types of partners are you hoping to create relationships with?
[IF]: Yes, DataBee is a channel-friendly organization, and we love working with our partners to help our customers achieve fast time-to-value. The only way to really grow and scale our business quickly throughout EMEA is to embrace the channel. I believe, however, that it is critical to focus on a few key strategic partners; it’s not quantity, it’s quality, and ensuring that there’s a good overlap of our target customers and the customers served by our partners.
I’ve already started discussions with a few strategic partners who have expertise in this space and see the value of what DataBee is bringing to market. The most critical element from my perspective is finding partners who can help deliver the professional services that will ensure a successful DataBee implementation and faster time-to-value.
[LC]: Who is resonating with the DataBee story and value proposition right now?
[IF]: Initially, anyone involved in security, risk, and compliance management. Our CCM solution is ideal for CISOs and GRC and compliance executives because of the real-time reporting it can provide, and it’s great for GRC analysts and audit teams who need that ‘single source of truth’ — connected and enriched data.
We have an aggressive product roadmap for the DataBee data fabric platform that we hope will make it very relevant and important to other cybersecurity, privacy, data management, and business intelligence roles early in 2024 and beyond. Within Comcast, the data fabric platform that DataBee is based on is being used by everyone from the Comcast CISO and CTO to GRC analysts, data scientists, data engineers, threat hunters, security analysts, and more.
[LC]: Where are you based, and what’s the easiest way for people to reach you?
[IF]: I’m based in London. It is best to reach me via email ivan_foreman@comcast.com or via LinkedIn.
Additional information
We believe that DataBee is truly unique, providing a comprehensive approach to bringing together security and enterprise IT data in a way that improves an organization’s security, risk, and compliance posture.
As Comcast CISO Noopur Davis has said, “Data is the currency of the 21st century — it helps you examine the past, react to the present, and predict the future.” It is a universal currency that all organizations should be able to use, whether for deep security insights and improved protection, or to propel the business forward with a better understanding of customer needs.
Learn how your organization can take full advantage of its security data by requesting a personalized demo of DataBee or reaching out to Ivan. He can’t wait to talk to you.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-12/shutterstock_625003559.jpg?itok=1ZJ9VOdP)
Putting your business data to work: threat hunting edition
Detectives, bounty hunters, investigative reporters, threat hunters. They all share something in common: When they’re hot on a scent, they’re going to follow it. In the world of cybersecurity, threat hunters can use artifacts left behind by a bad actor or even a general hunch to start an investigation. Threat hunting, as a practice, is a proactive approach to finding and isolating cyberthreats that evade conventional threat detection methods.
Today’s threat hunters are technologists. They are using an arsenal of tools and triaging alerts to pinpoint nefarious behaviors. However, technology can also be a barrier. Pivoting between tools, deciphering noisy datasets and duplicative fields, assessing true positives from alerts, and waiting to access cold data repositories can slow down hunts during critical events.
Threat hunters that I have worked with here at Comcast and at other organizations have shared that data, when enriched and connected, can be a crucial advantage. Data helps paint a picture about users, devices, and systems, and the expansive lens enables threat hunters to have a more accurate investigation and response plan. However, data is expensive to store long term, and large, disparate datasets can be overwhelming to sift through to find threat signals.
Threat hunting in the AI age
The broad adoption of artificial intelligence (AI) and machine learning (ML) opens the door to data-centric threat hunting, where a new generation of hunters can execute more comprehensive and investigative hunts based on the continuous, automated review of massive data. Threat hunters can collaborate with data engineers and analysts to build AI/ML models that can quickly and intelligently inspect millions of files and datasets with the accuracy, scale, and pace that manual efforts cannot match.
When companies are generating terabytes and petabytes of data every day, using AI/ML can help security teams:
Collect data from multiple security tools and aggregate it with non-security insights.
Scrutinize network traffic data and logs for indicators of compromise.
Detect unknown threats or stealthy attacks, including the exploitation of zero-day vulnerabilities and lateral movement activities.
Alert on multiple failed log-in attempts or brute force activity and identify unauthorized access.
At Comcast, having clean, integrated data allows AI/ML to improve operational efficiency and fidelity. For the cybersecurity team, operationalizing AI/ML to scrub large datasets led to a 200% reduction in false positives; for the IT team, AI/ML highlighted single-use and point solutions that could be reduced or eliminated, leading to a $10 million cost avoidance.
Creating more effective threat hunting programs with your data
Threat hunters want access to data and logs — the more the merrier. This is because clever malware developers are deleting or modifying artifacts like clearing Windows Events Log or deleting files to evade detection, but fortunately for us, threat hunters know packets don’t lie.
Analyzing all that data can quickly become a challenging task. DataBee™ takes on the security data problem early in the data pipeline to give data engineers and security analysts a single source of truth with cleaner, enriched time-series datasets that can accelerate AI operations. This enables them to utilize their data to build AI/ML models that can not only automate and augment the review of data but also achieve:
Speed and scale: Security data from different tools that have duplicative information and no common schemas can now be analyzed quickly and at scale. DataBee parses and deduplicates multiple datasets before analysis. This gives data engineers clean data to build effective AI/ML models directly sourced from the business, increasing visibility and early detection across the threat landscape.
Business context: Threat hunting needs more than just security data. Security events without business context require hours of event triaging and prioritization. DataBee weaves security data with business context, including org chart data and asset owner details, so data engineers and threat hunters can create more accurate models and queries. For Comcast, employing this model has led to more informed decision-making and fewer false positives.
Data and cost optimization: The time between when a security event is detected and when a bad actor gains access to the environment may be days, months, or years. This makes data retention important — but expensive. Traditional analytical methods and SIEMs put tremendous pressure on CIO and CISO budgets. DataBee optimizes data, retaining its quality and integrity, so it can be stored long term and cost-effectively in a data lake. Data is highly accessible, allowing threat hunters to conduct multiple compute-intensive queries on demand that can better protect their organization.
Bad actors are evolving. They’re using advanced methods and AI/ML to improve their success rates. But cybersecurity teams are smart. Advanced threat hunters are expanding outside of generic out-of-the-box detections and using AI/ML to improve their success rate and operational efficiency. Plus, using AI/ML effectively also saves money by enabling threat hunting teams to scale, doing more hunts within the same set of resources in the same time frame.
Take your interest into practice and download the data-centric threat hunting guide that was created through interviews and insights shared by Comcast’s cybersecurity team.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-10/shutterstock_2155039897.jpg?itok=MrVtQb5W)
Trick or threat: 5 tips to discovering — and thwarting — lateral movement with data
We know ghouls and ghosts aren’t the only things keeping you up this spooky season. Bad actors are getting smarter with their attacks, using tactics and techniques that baffle even the most seasoned cyber professionals.
Discovering — and thwarting — lateral movement can be particularly difficult because of disjointed but established software security tools that cannot always identify unwarranted access or privilege escalation. Many behaviors, like pivoting between computer systems, devices and applications, can appear as if they’re from a legitimate user, allowing bad actors to go undetected in environments.
Threat hunters are critical to exposing lateral movement activities. But much like hunting monsters in the dark, threat hunting using manual detection processes against large datasets is a scary task — one that is time-consuming and tedious. With the help of advanced tools like AI and machine learning (ML), hunters can analyze massive amounts of data quickly to pick up the faintest signals of nefarious activities. Data breach lifecycles have proven to be up to 108 days shorter compared to organizations that do not use some form of AI/ML in their practice. 1
Best practices for using AI/ML to detect lateral movement
At the end of the day, your threat hunters can still have the advantage. No one knows your environment better than you do. By building AI/ML models fueled by data from your environment, your threat hunters can detect — and ultimately thwart — lateral movement before the bad actors escalate further in the cyber kill chain.
Models, processes, and procedures are often bespoke, but a few time-tested best practices can accelerate threat detections and response. For lateral movement, this might look like using data about your users, their assets, and their business tool access to identify activities that indicate data exfiltration and espionage. Let's take a look at these best practices in the context of a lateral movement use case:
Store as much relevant data as possible for as long as possible. Investigating and finding evidence of lateral movement may require analyzing months or years of data because adversaries can be present but undetected for days, months — or even years. Raw and processed data, which has been deduplicated and contextualized, should be stored in an accessible, cost-effective data storage repository for threat hunters to run their queries.
Create baselines based on business facts and historical actions. Data scientists who work with business data should collaborate with threat hunters to develop and define baselines based on the hypothesis for a given use case. Typically, this means describing the environment or situation ‘right now’ and searching for deviations to indicate malicious activity. Creating proper baselines requires expertise to know what attributes and data points to use and how to use them. Regarding lateral movement, baselines should be based on factual and historical data reflecting business goals, past scenarios, hypotheses or triggers, and infrastructure conditions. Baselines created without context are meaningless.
Use the data with the best tools. Even with AI/ML, human interaction and judgment are still required. But data analysis doesn’t happen by itself. Data is often compiled and aggregated in a data lake, only to be ignored or underutilized. SIEMs can provide short-term storage and analysis of security data, but when you are threat hunting, you need more than just noisy security data. To get the best of both worlds, data transformation needs to be performed early in the pipeline so threat hunters have clean, enriched data they can trust and tools they are familiar with.
Produce accurate, data-driven reports. Producing meaningful KPIs and reports helps executive sponsors find value in threat hunting activities and encourage ongoing program investment. KPIs also help validate the efficacy of hunts even if nothing is found. For example, investigating a suspected lateral movement breach may have found no bad actor activity. The proper reporting underscores and validates the hunt was done soundly and backed up the baselines and KPIs.
Allocate a budget. Threat hunting can be an expensive and active cyber defense activity. When a trail is hot, hunters want to follow it. It’s important to allocate a budget for data storage, internal and outsourced resources, and multiple, compute-intensive queries. Creating a budget ensures that security teams have the resources they need when they need it most. “After the fact” prioritization once a breach or lateral movement has been detected will not only leave the organization at risk but will likely be a slow process or provide inaccurate findings. So, planning, as with any cyber security initiative, pays off.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-10/shutterstock_203102404.jpg?itok=91meuFEN)
Expert Insights: GRC and the Role of Data
Since I joined Comcast Technology Solutions (CTS) and the DataBee™ team back in late March, I’ve been awed and challenged by how many different roles the DataBee data fabric platform is relevant to. Is it for security analysts? Threat hunters? Data scientists? GRC professionals? Yes, yes, yes and yes… essentially, DataBee is relevant to anyone in an organization who needs data to understand, protect and evolve the business.
Let’s get to know some of the amazing people who rely on data every day to do their jobs and help their organization be successful!
Governance, Risk & Compliance (GRC)
The function of GRC is critical – when it is correctly implemented, it is a business enabler and revenue-enhancer; when it is poorly managed or even non-existent, it can be a business inhibitor, leaving an organization vulnerable to compliance violations and increased cyberthreats.
GRC programs are set of policies and technologies that align IT, privacy, and cybersecurity strategies to their business objectives.
I recently had the good fortune of meeting Rob Rose, a Manager on the Cybersecurity and Privacy Compliance team here at Comcast, and I enjoyed my conversation with him so much that I immediately hit him up to be one of our spotlight experts.
Working to achieve a more secure privacy and cybersecurity risk posture
[LC] Rob, tell us about what you do as Manager, Cybersecurity and Privacy Compliance here at Comcast.
[RR] At the highest level, my role at Comcast is to help the company achieve a more secure privacy and cybersecurity risk posture. This takes shape as leading an initiative called ‘Controls Compliance Framework’ (CCF) which is broken down into two sister programs: ‘Security Controls Framework’ (SCF) and ‘Privacy Controls Framework’ (PCF). The team I lead creates a continuous controls monitoring (CCM) product that business units across Comcast can use to monitor their adherence to privacy and cybersecurity-related controls.
Creating, and maintaining, this product includes collaboration with multiple different teams in the company, starting with the process owners of each control activity that helps to mitigate risk (e.g., the Corporate User Access Review team):
Collaboration with process owners: My team first works with the process owners to understand how the process is designed and should operate, and what actions the various Business Units across Comcast are expected to complete.
Document requirements: We then learn from process owners how and where they store the data to support their control (e.g., Oracle Databases, ServiceNow, etc.) and from there we document requirements to bring to our development team.
Report on privacy and security posture: Once our development team has ingested all the disparate data from multiple process owners and developed our product based on the requirements we documented, we bring this product to Business Units, with the goal of providing them a single pane of glass view into their overall privacy and security posture.
GRC Challenges
[LC] What would you say are the 3 biggest challenges faced by GRC and compliance experts?
[RR] There are a few keys challenges that we run into as a GRC function, and fortunately, compliance data leveraged in the CCF program can address them.
Clean Data – the first issue is the cleanliness and usability of the data. As a GRC function, we rely on process owners throughout the company to provide us with data. Frequently, however, we see issues with both data cleanliness and ownership in the data that is provided to us. When we bring this data to Business Units, who work day in and day out with the assets they own, they often provide the feedback that there is something amiss in the data. This can be turned into a positive as we can bring this feedback back to the process owners, who can then clean up the data on their end, making the data quality better for the entire company.
Awareness – Often times when we alert Business Units of compliance actions that need their attention, we discover that they were unaware of these requirements. This awareness creates some ‘knowledge transfers’ that we must do to inform Business Units of the need for the actions, and the importance of the actions. This helps to increase the overall cybersecurity and privacy awareness of the Company.
Prioritization – Akin to point B, since Business Units are often not aware of the privacy and security related actions they need to take, they have not planned the resource capacity into their roadmap to complete those activities. Helping to prioritize which actions are ‘must do’ right now, as opposed to which actions can wait, has been something we’ve been working on with our program. To help with this, we’ve been driving towards risk-based compliance, noting that while all systems and assets need to meet cybersecurity requirements, certain systems and assets are a higher priority to meet these requirements based on the types of data that the system utilizes.
The rewards of the job
[LC] What are some of the most rewarding aspects of your job?
[RR] We’ve had some real success stories over the past few quarters where Business Units have gone from a non-compliant state to a highly compliant state. This has come from a combination of presenting Business Units with insights through data so they are aware of where they have gaps, and from helping them understand what actions they need to take. Seeing a Business Unit make this transition from non-compliant to compliant is incredibly rewarding, as we know that we’ve helped make the company more secure.
Collaboration
[LC] What other teams or roles do you interact with the most as you go about your job day-to-day?
[RR] As a GRC professional, we’re in a unique position where we interact with individuals at all levels of the business. This includes the first line of defense (Business Units), the second line of defense (process owners, Legal, other teams within Comcast Cybersecurity), and the third line of defense (Comcast Global Audit). We have the benefit of working with both very technical teams of developers and system architects, as well as with very process driven teams who define what requirements the company should be meeting. In addition, in our position, our team works with top level executives from a reporting standpoint, as well as the front line workers who are actually implementing changes to systems and applications to make the company more secure!
The role of data in GRC
[LC] How do you use data in your job, and what type of data do you rely on?
[RR] As a GRC professional, the ability to have clean data provided to us is the keystone to our success. The Controls Compliance Framework product my team and I work on is dependent on data coming in from disparate data sources so we can cleanse and aggregate it to provide meaningful insights to Business Units.
At the highest level, you can break down the types of data that we need into a few different categories:
Application data: What applications exist in the environment, who owns those applications, and what level of risk does the application present -- e.g., does the application use customer data, proprietary Comcast data, etc? Does the application go through User Access Reviews on a set frequency, and has it been assessed to confirm it was developed in a secure way?
Infrastructure: What underlying assets or infrastructure support those applications? What servers are used to run the application? Are they in the cloud or on-prem? What operating system is the server running? Is the server hardened, scanned for vulnerabilities, and does the server have the necessary endpoint agents on it (e.g., EDR)?
Vendor information: What vendors do we engage with as an aspect of our business, what data do we share with the vendor, and what assessments have been completed to confirm the vendor will handle that data securely?
For each of these types of data, we also need data to support the completion of the processes around that data. Have all assessments been done on the application, asset, vendor, and do they meet all the required controls?
As you can imagine, these data sources are all in different locations. One of the key aspects of the program we run is to pull all of this data into one location and provide it in a single pane of glass view for business units so they can have one easy location to go to to understand their risk posture.
The GRC questions that data helps answer
[LC] Can you give us an example of the kinds of questions you’re looking to answer [or problems you’re looking to solve] with data?
[RR] The biggest question I’m looking to answer as a risk professional is what the overall risk posture of the company is. Do we have a lot of unmitigated risk that could expose us to issues, or are we generally covered? This question is most easily answered with the data that was described above (the role of data in GRC).
GRC vs. Compliance
[LC] How would you describe the difference between GRC and compliance? Or are they one-and-the-same?
[RR] The ‘C’ in ‘GRC’ stands for Compliance. Compliance is a huge piece of what I do as a GRC professional. Making sure that the company is complying with the necessary standards and policies (compliance) and lessening the exposure we have as a company and the impact of that exposure (risk) is pretty much what my entire day is filled with! We then present these insights to executives so they can be aware and take action to adhere to standards and policies as needed (governance).
A random data point about our GRC expert
[LC] Rob, if you could go back in time and meet any historical figure, who would it be and why?
[RR] Wow this is a tough one that I think could change day by day. I recently took a trip to Rome and we visited the Sistine Chapel while we were there. I was in such awe of the work that Michelangelo did. I think I’d like to meet someone like Michelangelo as the arts are an area that is so foreign to me and how I think. I’d love to pick his brain to find out if he knew what he was creating would be a work that was revered and visited by millions of people for centuries to come, to understand his artistic thought process, and to learn more about his life.
Parting words of wisdom
[LC] Any other words of wisdom to share?
[RR] To my other GRC colleagues out there, I am sure you run into the same struggles of trying to get Business Units to comply with internal company policies and standards. The implementation of data-driven tools have made it significantly easier to assist BUs in becoming compliant. The feedback that we’ve gotten is that utilizing data, and putting it in a simple and straightforward tool, has helped to ‘make compliance easy’. Let’s all keep striving to find ways to make it as easy on the people whose main job is not compliance to fit compliance into their work!
DataBee for GRC
As Rob mentions, the Comcast GRC team is charged with pulling all kinds of data – application, infrastructure and vendor data -- into one location, essentially providing a “single pane of glass view” to Business Units, making it easy for these Business Units to see and understand their risk posture. The GRC team uses the internally developed data fabric platform that DataBee is based on to do this, and its use has helped to drive those improved compliance rates that Rob mentioned, as well as other improvements in Comcast’s overall compliance and security posture. (An aside – I think that’s pretty cool.)
DataBee v1.5 was recently launched, and with it a continuous controls monitoring (CCM) capability that provides deep insights into the performance of controls across the organization, identifying control gaps and offering actionable remediation guidance. Check out the CCM Solution Brief to learn more.
Thanks to Rob for a great interview!
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-09/abstract_buildings_1.jpg?itok=oKaelwpC)
Terrestrial Distribution for MVPDs?
Allison Olien, Vice President and General Manager for Comcast Technology Solutions (CTS), is witnessing firsthand how the changes, challenges, and new opportunities for MVPDs and content providers are evolving the industry faster than ever. She took some time to reflect on how the 2020’s have impacted companies, and on how new technological approaches are opening new doors to growth and profitability.
The 2020s have already proven to be a decade of sweeping change for MVPDs and cable operators around the U.S., starting with the repurposing of C-band spectrum for 5G services. We’re three years in – what’s it like now?
(AO) Well, the C-band reallocation had a definite material impact for satellite-based services; I mean, how could it not? Many of them had to physically transition to a new satellite - for example, our services that had operated from the SES-11 satellite had to migrate to the SES-21 satellite in response. That said, it wasn’t the only thing changing for providers; it was more of a catalyst for a hard look at a) how technology was evolving, b) how device improvements, high-def video and subscription models were changing the competitive landscape, and c) how to compete more effectively in a more dynamic market.
Are these the reasons why CTS recently introduced a new terrestrial distribution model?
(AO) Precisely. MVPDs don’t operate in a bubble; they’ve paid attention to the ways the competitive landscape has changed – changes that have happened on both sides of the screen. For CTS, these are partners we’ve worked with for a long, long time. Satellite delivery is trusted and reliable, but it has limitations, it takes a lot of equipment – and, most importantly, it used to be the only option for many of them. Managed Terrestrial Distribution, or MTD, replaces most (or all) satellite feeds to a cable plant with broadband IP networking. MTD uses a system’s existing internet connection and doesn’t require a dedicated point-to-point-connection to any specific PoP. This not only liberates MVPDs from the limitations of a fixed transponder bandwidth, but also paves the way for the entire content-to-consumer pathway to evolve into full IP delivery.
So, the net result essentially gives these businesses a way to improve services and attract more subscribers in two ways – the ability to offer more services, but also more HD content?
(AO) Ultimately, it’s an opportunity for MVPDs to reimagine the way consumers can engage with their content and clear the way for an evolution to full IP delivery to customers. To your point, yes – with the managed terrestrial distribution we’ve rolled out, a distributor can effectively double the amount of channels they offer and triple the amount of MPEG-4 HD content; but the actual hardware investment is drastically reduced as well. For our current customers as well as other providers looking for a new technology foundation to grow on, we think it’s worth having a conversation about.
Click here to learn more about Managed Terrestrial Distribution.
Continue reading the rest of ICN Issue 10 - September 2023 here.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-09/shutterstock_2284126663_0.jpg?itok=6nvhZUZ4)
Making cybersecurity continuous controls monitoring (CCM) a reality with DataBee 1.5
Exciting innovations are a-buzz! Today, DataBee™ v1.5 is now generally available and features a host of new continuous controls monitoring (CCM) capabilities on top of the DataBee security data fabric that puts your data at the center for dynamic, detail-rich compliance metrics and reports.
As more businesses become digital-first, business leaders are leaning in and placing more importance on cyber-risk programs. In addition to pressure from regulators, internal auditors and KPIs are keeping security and risk management teams up at night. The lack of reporting capabilities that can show real-time compliance trends over time, on a consistent data set, have analysts scrambling to collect data and test controls that will only be evaluated in the latest audit, instead of focusing on sustainable programs and insights.
Putting continuous in continuous controls monitoring
DataBee 1.5 introduces a data-centric approach to continuous controls monitoring (CCM) for the security, risk, and compliance data fabric platform. By focusing upstream on the data pipeline, DataBee weaves together security data sources with asset owner details and organizational hierarchy information, breaking down data siloes and adding valuable context to cyber-risk reports and metrics.
From executives to governance, risk, and compliance (GRC) analysts, DataBee delivers a dynamic and reliable single source of truth by connecting and enriching data insights to measure CCM outcomes. Comcast has experienced first-hand the security data fabric journey, and DataBee 1.5 brings to market the innovations from our internal tool – including feeds, dashboards, and visualizations – to your organization so you can scale your continuous controls services program.
In this example, Will Hollis, an Executive VP of ACME Studios, views the security posture of his organization using DataBee’s Executive KPI Dashboard.
Verifiable data trust
The robust platform features 14 pre-built CCM dashboards, aligned to the NIST Cybersecurity Framework, and the ability to self-defined KPI values – or use DataBee recommended values. Risk scores are populated using underlying data sources collected and enriched by DataBee. Users can see in detail where and how the data is used when hovering over the score. The completeness, accuracy, and timeline in the dashboards builds trust in CCM reporting and leads to accountability amongst business leaders. Afterall, data trust gives you wider adoption of your cyber-risk program throughout the business.
DataBee gives you insights into how the scores are provided
Operational efficiency
A benefit of having data at the center of your CCM program is that it streamlines engagement models with control owners. Previously GRC teams had the tedious task of scanning a variety of data sources – nearly all of which they did not have control over – and having fragmented conversations with different stakeholders. With DataBee, instead of hearing from your GRC teams infrequently and during urgent events, there is a continuous feedback loop built on the quality of data and actionable insights. Another benefit is the ability to measure the effectiveness of cyber-risk investments and programs.
Proactive risk management
The ever-evolving threat landscape and regulatory constraints are a nightmare to deal with for any GRC team at any scale. DataBee’s CCM capabilities deliver deeper insights about risks and inefficiencies, providing recommendations for resolution and hierarchy information to proactively reach out to control and asset owners. In the screenshot below, users can drill down to the granular details from their vulnerability management dashboards and find solution recommendations to resolve issues quickly. Teams throughout the business can focus on closing gaps instead of finding them, enabling the business to remain in compliance with internal and external requirements.
Drill into the vulnerability management details to find out how to resolve issues.
Get started with DataBee
Continuous controls monitoring is a game changer for security transformation and outcomes. DataBee, from Comcast Technology Solutions, is thrilled to deliver data-centric CCM capabilities that scales for businesses of all sizes. Watch our DataBee 1.5 announcement to hear from Nicole Bucala, Yasmine Abdillahi, and Erin Hamm about the product journey. Want to get started right away? Email us at CTS-Cyber@comcast.com and check out our AWS Marketplace Listing.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-09/abstract_glowing-trees-singapore.jpg?itok=dbNxpVBB)
Elevating Ad Management: 5 Strategies for Success
A successful advertising campaign is more than the sum of its parts. That’s the goal, right? Campaigns need to justify themselves by delivering measurable results. That said, there are a lot of moving parts to a modern campaign, and they don’t all move at the same speed. Even here in the 2020s, there are still manual processes in some workflows that have not been kissed by innovation (yes, spreadsheets still exist). Coordination and control across a complex ad ecosystem can be achieved, but the speed and accuracy needed from today’s advertising operations require a centralized, unified, fully automated approach. Imagine your advertising operations as a terminal, from where you move your content to destinations all over the globe, often in real time. Is there an easier way to achieve a better, faster, smarter ad creative process at scale?
Let’s take a look at some of the key elements that will enable advertisers to uplevel ad management in the second half of this decade (and beyond).
#1: The unified ad platform “really ties the room together”
Advertising is a dynamic exercise where time is almost always of the essence. Efficiency in workflow management makes or breaks the success of a campaign. One of the key strategies for streamlining workflows at scale is the adoption of a unified platform that can act as a centralized hub.
With a centralized architecture, advertisers can oversee the entire campaign lifecycle without switching between different interfaces. From final media buys to traffic instruction creation and asset delivery, previously disjointed tasks become a single cohesive process. Every step benefits from the integration of tools and data within a single ecosystem.
A unified platform also brings teams into harmony. Collaboration among team members is more organic, drawing teams, departments, and stakeholders into greater alignment. When everyone can access the same resources and insights, real-time sharing minimizes miscommunication and reduces errors. Think of it as having your whole team playing on the same field — response to change is more agile, assets can be optimized on the fly, and more resources can be focused on campaign effectiveness instead of just “completion.”
#2: Safeguarding content: Automated usage rights integration
Images, music, and other creative assets bring the magic — but each asset requires careful consideration of usage rights and permissions. Violating these rights is a red flag that can lead to legal complications and reputational damage, not to mention costly fines. A better, faster, and smarter ad creative process at scale must incorporate automated and integrated usage rights data.
Incorporating usage rights information into the ad creative workflow helps to ensure that every piece of content used is compliant with legal and contractual obligations. Automated systems can cross-reference assets against a database of usage rights, preventing the inadvertent use of content that hasn't been properly licensed. This not only mitigates legal risks but also saves time by eliminating manual rights checks. Ultimately, usage rights management is essential; it helps to ensure efficiency and process/policy adherence, elevating the consistency — and results — of the creative process.
#3: Ensuring consistency across destinations at scale
With centralized command-and-control, advertisers can more effectively manage creative distribution across a staggering number of media destinations. One of the biggest benefits to this approach is that more focus can be applied to optimizing results and the refinement of campaign components to maximize impact at the screen level. Advertisers can improve outcomes and adjust objectives while still adhering to brand guidelines across destinations.
Speaking of brand guidelines, enter the automation of industry standard identification. Automating the use of these unique identifiers streamlines tracking and distribution of creative assets. Standardized identifiers act as “digital passports” for creative elements, facilitating their seamless movement across platforms, regions, and languages. Advertisers can leverage this additional layer of automation to further reenforce data consistency and accuracy throughout the global delivery process. This consistency not only bolsters brand integrity but also expedites the localization of content, as each asset's specifications and requirements are readily accessible.
#4: Drawing a straighter, shorter line between ad creative and ROI
The goal “make the most of every ad dollar across every media experience” is a common one, whether you’re on the advertising side or you’re a media destination looking to attract more viewers and more ad revenue.
A platform that combines real-time creative conditioning and asset management, along with APIs to major ad decisioning engines, offers content owners and distributors a path to addressability and targeting across TV, digital, and social channels, and again, reduces the amount of time required to place campaigns from days to minutes, so quality can be reestablished as job one.
For instance, when the in-house advertising team at Lowe’s, the home improvement chain, wanted to expand audience reach and reap the benefits of top-quality content across platforms and ad ecosystems, they knew they would have to find innovative ways to execute campaigns with increased efficiency across both spot creation and distribution.
#5: AdFusion: Solving advertising’s biggest challenges at scale
Achieving a better, faster, and smarter ad creative process at scale demands a paradigm shift. From streamlined workflows and automated usage rights management to the automation of standardized creative data through industry IDs, advertisers need a platform that does it all, empowering them to overcome the logistical and geographical complexities of global mobile media consumption.
This is the challenge that Comcast Technology Solutions' AdFusion™ was built to answer. AdFusion is a unified platform that centralizes data and automates processes upstream and downstream. The platform is the result of Comcast’s dedicated research and investment and ensures consistency and accuracy across the entire ad process, making it easier to find and place the right creative, ensure that usage rights are in compliance, and track campaigns across broadcast, digital, and radio.
Justin Morgan, the head of product for AdFusion, expressed his excitement about the platform's potential: "In an industry that's constantly accelerating, AdFusion provides a technology approach that evolves and scales to meet companies' needs. It saves time and resources while enhancing data accuracy, ultimately helping our clients achieve better results in their campaigns."
Discover how AdFusion can support you in your quest to make the ad lifecycle better, faster, smarter at scale here.
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-08/Untitled%20%281%29.jpeg?itok=Jkoh-HcF)
Comcast (DataBee) at Black Hat? Yes!
The DataBee™ team can’t help but have a little fun with the fact that Comcast is not exactly one of the first companies you think of when you think “cybersecurity”. Comcast has attended Black Hat in the past, but this is the first time we are debuting a cybersecurity solution for large enterprises – the DataBee security data fabric platform, which is poised to transform the way enterprises currently collect, correlate and enrich security and compliance for the better.
This was the 26th year of Black Hat USA but despite how many security vendors there are serving the market – a reported 3,500 in the US alone, 300 of whom were on the show floor – “security data chaos” (a term we love to use because it’s such an accurate description) remains a very real and difficult problem. Our discussions with booth visitors validated that it’s still very labor and cost-intensive to bring together the security data teams need to understand the threats that might be imminent or already wreaking havoc. When we would tell the DataBee story, there was a lot of head nodding.
From booth discussions to participation in a major industry announcement and the Dark Reading News Desk, the DataBee team took advantage of being at Black Hat to raise awareness of the security data problem and how we’re uniquely addressing it. A few highlights include:
The Open Cybersecurity Schema Framework (OCSF) announcement
On Tuesday, August 8, DataBee was included in the announcement, OCSF Celebrates First Anniversary with the Launch of a New Open Data Schema:
The Open Cybersecurity Schema Framework (OCSF), an open-source project established to remove security data silos and standardize event formats across vendors and applications, announced today the general availability of its vendor-agnostic security schema. OCSF delivers an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes. Security solutions that utilize the OCSF schema produce data in the same consistent format, so security teams can save time and effort on normalizing the data and get to analyzing it sooner, accelerating time-to-detection.
OCSF is a schema that DataBee has standardized on to make data inherently more usable to a security analyst. It also enables out-of-the-box relationships and correlations within a customer’s preferred visualization tool, such as Power BI or Tableau. (For more on this, check out the DataBee product sheet.)
Matt Tharp, who leads field architecture for DataBee, has contributed to the OCSF framework and was quoted in the announcement alongside leaders from Splunk, AWS and IBM, among others. Coverage of the announcement included this piece in Forbes.
Dark Reading News Desk
At the Dark Reading News Desk , Matt was joined by Noopur Davis, EVP and Chief Information Security & Product Privacy Officer at Comcast, for a great discussion with contributing editor Terry Sweeney on the topic of the big data challenge in security. Noopur and her cybersecurity team developed the security data fabric platform that DataBee is based on, and Matt—as an architect of DataBee—is part of the team bringing the commercial solution to market.
They discussed topics including: the challenge that big data creates for security teams; how Comcast has gone about addressing this issue; what a security data fabric is and how this approach differs from other solutions such as security information and event management (SIEM) systems; where and how a security data fabric and a data lake intersect; and what the customer response to DataBee has been so far.
The video of this discussion is a great way to understand DataBee’s origin story and the very real benefits that Comcast has gotten from building and using a security data fabric platform. Following in the internal solution’s footsteps, DataBee—unlike other security products—is designed to handle environments on the scale of large enterprises like Comcast.
DataBee in a minute and 39 seconds
The concept of a security data fabric platform is new and it’s a little on the complex side. So leading up to the Black Hat show, the DataBee team created an animated “explainer” video that brings to life what DataBee is, how it works and the key benefits it brings to different roles:
GRC teams can validate security controls and address non-compliance
Data teams can accelerate AI initiatives and unlock business insights
Security teams can quickly discover and stop threats
If you were at Black Hat and need a refresher, or if you’re learning about DataBee for the first time, this short video provides a great high-level introduction.
While DataBee has other use cases besides security, this is a market and critical capability in need of a better way to manage all of the data that’s relevant to understanding an organization’s real security, risk and compliance posture.
Will we be back at Black Hat in 2024? You betcha.
In the meantime, learn more or schedule a customized demo of DataBee today.
Additional resources:
Read Noopur’s blog It’s Time to Bring Digital Transformation to Cybersecurity
See how DataBee can be used for continuous controls assurance
Check out the DataBee website
Read More
![](/sites/default/files/styles/teaser_265_x_175/public/2023-07/technology_man_data-web.jpg?itok=X_yey8zN)
It’s Time to Bring Digital Transformation to Cybersecurity
Recently, I’ve been thinking a lot about cybersecurity in the age of digital transformation.
As enterprises have implemented digital transformation initiatives, one of the great—albeit challenging—outcomes has been data: tons and tons of data, often referred to as “big data”. Storing, managing and making all of that data accessible to many different users can be expensive and non-trivial, but all that big data is gold. I know first-hand how valuable big data is to understand the health of the business; the insights provided by all this data enables an enterprise to continually adapt as needed to meet customer needs, to remain competitive, and to innovate.
Security has been left behind
Security has largely been left behind when it comes to digital transformation. While our counterparts in other areas of the business are using data lakes and mining rich data sets for actionable intelligence, security leaders and teams are still having to work way too hard to piece together a comprehensive view of threats across the organization. Data is the currency of the 21st century – it helps you examine the past, react to the present, and predict the future. Yet, too many security products are producing too much security data in silos; it’s difficult, at best, to bring all of this data together for a unified view of what’s really happening. Because of the constantly-changing threat landscape—exacerbated by everything from the global pandemic to the Russian/Ukraine war to new technology developments such as generative AI (which can also be used for good)—new security tools and capabilities to address the latest threats just keep getting added to the mix, like band aids on new wounds.
If you do a search for “the average number of security products in the enterprise security stack”, you’ll get answers that range from 45, to 76, to 130 – the number is large and the tools are many. (Tempting as it is, I won’t share how many externally developed security tools we’re using in the Comcast environment.) There are products for data protection, risk and compliance, identity management, application security, security operations, network, endpoint and data center security, cloud security, IoT and more. (While a few years old, the Optiv cybersecurity technology map provides a glimpse at how big and daunting this space is.) A security information and event management (SIEM) solution can help by collecting and analyzing the log and event data generated by many of these security tools. SIEMs are wonderful and provide essential functions, but they are expensive, not ideal for simultaneous, parallel compute, and do not really “set the data free” for long term storage, elastic expansion, and use by multiple personas.
This is the age of digital transformation for cybersecurity
“Digitalisation is not, as is commonly suggested, simply the implementation of more technology systems. A genuine digital transformation project involves fundamentally rethinking business models and processes, rather than tinkering with or enhancing traditional methods.” (ZDNet)
No more security data silos… it’s time for us to apply the tenets of digital transformation to security. We tackled that challenge here at Comcast and the results have been impressive. With a workforce of over 150,000, tens of millions of customers, and critical infrastructure at scale, we have a lot to secure. We also have millions of sensors deployed through our ecosystem, providing potentially rich insights. As digital transformation demands, we took a fresh look at our cybersecurity program and came up with a new approach to consolidating, analyzing and managing our security data that has resulted in millions of dollars in cost savings and, even more importantly, the ability to bring together vast amounts of clean, actionable and easy-to-use security data. And not just security data – we enrich security data with lots of other enterprise data to enable even deeper insights.
Applying the data fabric approach to security
How did we do it? We built on the idea of a data fabric – “an emerging data management design for attaining flexible, reusable and augmented data integration pipelines, services and semantics.” The outcome is a cloud-native security data fabric that has integrated security data from across our security stack and millions of sensors, enriched by enterprise data, enabling us to cost-effectively store over 10 petabytes of data with hot retention for over a year and allowing us to provide a ‘single source of truth’ to all of the functions that need access to this data for security, risk and compliance management.
“By 2024, data fabric deployments will quadruple efficiency in data utilization, while cutting human-driven data management tasks in half.”
Source: Gartner® e-book, Understand the Role of Data Fabric, Guide 4 of 5, 2022
Comcast’s security data fabric solution ingests data from multiple feeds, then aggregates, compresses, standardizes, enriches, correlates, and normalizes that data before transferring a full time-series datasets to our security data lake built on Snowflake. Once that enriched data is available, the use cases are endless: Continuous controls assurance, threat hunting, new detections, understanding and baselining behaviors, useful risk models, asset discovery, AI/ML models, and much more. The questions we dare to ask ourselves become more audacious each day.
My dream was to have vast amounts of relevant security data easily actionable within minutes and hours—not days or weeks—and we’ve achieved that using a security data fabric. We’re able to do continual “health checks” on our business and security posture and adapt quickly as threats and business conditions change. Security is a journey, and we are always looking for ways to improve – our security data fabric helps us in that journey. And in doing so, it has made us a part of the digital transformation journey of our entire corporation.
Fast-track the transformation of your security program
The security data fabric that has proven so beneficial to Comcast’s cybersecurity program is being commercialized and offered to large enterprises in a solution we call DataBee™, available through Comcast Technology Solutions. If you’re interested in taking a fresh look at your cybersecurity program with an eye towards digital transformation, check out DataBee and consider using a security data fabric to deliver the big data insights you need to stay ahead of the ever-evolving threat and compliance landscape.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Read More