CISOs need to harness all their security data to quantify risk, articulate efficacy of controls and demonstrate strategic needs for the Board to approve. The problem is that application and database logs, asset and vulnerability data, security telemetry and user identity information are spread over many legacy technologies that are vendor-proprietary and business unit-trapped.
Dicks Sporting Goods (DSG) and Security Risk Advisors (SRA) will discuss how a data-centric architecture, realized through a well-orchestrated data pipeline and security data-lake, can be built to give the organization full access to query and visualize its security data and provide more flexible and less expensive solutions for vulnerability management, threat hunting, and continuous configuration management. It also establishes an ideal platform for the transition to more machine learning and AI based analytics and automations, aligning for future success. DSG has been successful using these design patterns, so attendees can expect to relate the concepts to their own environment. This talk is a vision for the CISO with enough detail for the Architect to begin building in their own environment.
