Standard cybersecurity analysis tools failed to meet Comcast’s needs, including the ability to elastically scale. These shortcomings meant that Comcast threat hunters had to rely on multiple security analytics tools to accomplish their goals.
According to Amish Amin, Executive Director of Security Development and Analytics at Comcast, “There are numerous tools available in the cybersecurity industry, each of them fulfilling a specific purpose. The challenge is that most of these tools work within their own ecosystems, creating data silos.” For example, compliance teams need access to security data, as do other teams like threat hunting and cybersecurity data science. Many functions work best if they rely on common systems of record and sources of truth for cybersecurity data.
Comcast set out to address this need by building a modern, cloud-native security data fabric. “Today, it’s not only threat hunters and SOC analysts that use security data—audit functions and others do as well,” says Amin. “We needed a foundational security data lake, built in the cloud, to evolve our security program.”