Security is finally embracing data

Late is better than never, but there's still work to do

Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.

Photo by Stephen Dawson on Unsplash

About 1.5 years ago, during my stint at dbt Labs, I wrote a newsletter about how data will change security.

Frankly Speaking 9/27/22 - Data is changing security!

Frank Wang

·

September 27, 2022

Read full story

At the time, I thought cybersecurity was going to embrace the modern data stack and break down data silos to gain more context. It would provide valuable security analysis to help identify issues. However, I was only partially right on this prediction.

What I got right

I discussed the need to break down the data silos created by the flood of security tools in the market at the time and even more so now because they lack context from other tools to provide meaningful information. As a result, security practitioners’ frustration would lead to these silos being broken down.

Related to this, SIEMs have been the only option, and they don’t solve the right problems. We’re seeing more security teams wonder what their security operations strategy is now that there’s primarily outdated infrastructure. Cisco’s acquisition of Splunk sent the message that it was that a new beginning might be brewing for security’s use of data. I do see more uses of other data storage solutions, especially data warehouses, such as Databricks and Snowflake that security looks to be embracing more as data teams at companies are modernizing their data stacks. Companies are also wondering if they should invest in a traditional SIEM.

What I got wrong

Although I vaguely discuss some of the use cases for the “new” security data world, I limited it to security-focused applications, such as security operations and vulnerability management. That is, I conjectured that the changes would primarily result in a modernized SIEM, but I am surprised to learn that with the new access to data, products are finding new use cases that deliver value to security, or at least creating the platform to discover new cases.

Most companies haven’t made the pivot to verticalized tools on top of a data platform. Likely, it hasn’t started, but current security products are getting a lot of value by being a dedicated point solution and turning into data sources.

What’s happening now?

I was motivated to write this article after seeing the rise of BI-focused security products. More specifically, Avalor was put into the spotlight with the rumors of an acquisition by Zscaler. (I’m not too sure what Zscaler’s strategy is here, but that’s for another post).