News, news analysis, and commentary on the latest trends in cybersecurity technology.

Taking a Page From Data Scientists for Better Security

A security data lake approach can help your enterprise get a better handle on the massive proliferation of data.

Erin Hamm, Field Chief Data Officer

January 11, 2024

3 Min Read
Two volunteers with hip waders and collection nets at Bowman Lake, Glacier National Park, May 26, 2016, for BioBlitz collection event.
Source: Science History Images via Alamy Stock Photo

As organizations add more cybersecurity solutions to their toolboxes, they also increase the amount of data they must oversee. These tools produce massive amounts of data in different formats. That's led to compartmentalized data that is expensive to store, analyze, and access quickly. It also fosters a risky knowledge divide that can make it difficult for security personnel to detect threats.

In the data science world, data lakes are one way that organizations can get a better handle on their data challenges. This approach can also be useful for cybersecurity. A security data lake can help dismantle data silos and expand visibility, but it takes more than just creating these lakes.

Moving Away From Siloed Data

Traditionally, enterprise and security data were treated separately, leading to data silos driven by complacency or convention. However, the evolving landscape demands a shift toward unifying all enterprise data, including security data, as a core component of a global data strategy. Organizations also need a mechanism to integrate and normalize all of the acquired data for its best use and benefit.

Past attempts to address visibility issues across security tools were often ad-hoc solutions, creating new challenges. A unified data strategy is now essential, as the ever-changing landscape requires a more comprehensive and sustainable approach to security and data integration.

A security data lake, as opposed to a one-off strategy, can provide visibility across the entire security operation and offer a centralized method of managing security data. Solutions for security data lakes perform best when combined with tools and data sources for analytics, reporting, orchestration, and other key tasks.

Implementing Security Data Lakes

Ideally, the lake assembles the business context needed by security, risk, and compliance teams to protect digital assets and personnel. Teams of compliance and audit experts, incident responders, threat hunters, security operations center (SOC) analysts, researchers, data analysts, and, preferably, data scientists would be included in this strategy. A consolidated view with business context allows members of these teams to identify real threats and manage compliance.

Consider these five steps to get started with data lake implementation:

  1. Identify data gaps and silos, understand the disconnects, and seek ways to overcome them. This involves bringing together data from different sources and systems into a data lake. This can be achieved through extract, transform, load (ETL) processes and tools that collect, clean, and merge data from various sources.

  2. Understand the knowledge among the different roles that use data to make educated business decisions, including data scientists, data engineers, IT, business analysts, and SOC professionals, like threat hunters and security analysts. This understanding is crucial for tailoring the data lake to meet the specific needs of each role. It facilitates collaboration, improves data governance, and ensures that the data lake serves as a valuable resource for the entire organization, promoting informed decision-making and data-driven insights.

  3. Standardize the data stories told with the data. Ask: "In what ways are end users using this data? And why?"

  4. Normalize, parse, and enrich this data to produce a common view that all the different data users can start from. Security best practices can be implemented once the data has been standardized into a common format, such as MITRE-CAR or OCSF.

  5. Design the security data lake with governance and security best practices in mind to ensure that stringent security protocols are followed, while also allowing users to get the necessary depths of insight from the data.

Data Lakes for a More Secure Future

Security teams can more quickly identify real threats if businesses have clean data that provides business context to security incidents. As a significant side benefit, teams can assess and achieve controls for the use, cost, and applications of data within the organization. The key to this strategy is ensuring teams receive the best data and make the best use of it.

Business executives and analysts can quickly respond to changing business and security situations and provide answers to previously unanswerable issues when all of an organization's data is contained within a single ecosystem through a security data lake strategy.

About the Author(s)

Erin Hamm

Field Chief Data Officer, Comcast Technologies Solutions, DataBee

Erin Hamm is the field chief data officer at Comcast Technologies Solutions, DataBee. She is also a member of Franklin University Advisory Board for Master of Data Analytics and Master of Business Analytics.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights