What Security Leaders Need to Know About Data Fabric Architecture

Businesses invest a lot in data. Generating it, storing it, analyzing it, protecting it, and generally just trying to keep track of it. This leaves little time or resources to actually use data to its full potential and rely on it to make intelligent, data-driven decisions to create positive business outcomes. In fact, Forrester estimates that 68–75% of enterprise data goes unused. That’s a lot of data gathering digital dust, when it could be used to solve business and security issues in real-time. 

Multiple factors have helped to create a fractured and unwieldy data landscape that makes data usage a challenge for enterprises:  

• Distributed and disparate data repositories: Today data is kept everywhere; data lakes, warehouses, cloud environments, on-prem and more. This has created a sea of siloed data that lacks visibility and integration across the enterprise.

• Multiple data formats and sources: Data is being generated in a wide variety of formats, from machine generated data, security vulnerabilities, customer and employee data to information stored in documents, spreadsheets and databases. Some of it structured, some unstructured — and all of it growing in volume every second of every day. This makes integrating and understanding the connection between data sets an overwhelming task. 

• Increasing data privacy regulations and governance complexity: Laws to protect personal data are rapidly evolving and penalties for non-compliance are rising.  Integrating data protections across the enterprise can be a painstaking process that slows down the ability to use and access data, particularly marketing data.

• Digital transformation and innovation: Massive shifts in the way we work over the last few years has resulted in some amazing innovations, from blockchain to robotics, IoT to anything-as-a-service. However, innovation in data management and protection hasn’t kept pace, resulting in a tsunami of new data flooding the enterprise, and a dearth of easy or safe ways to leverage its possibilities.

• Complex and ever-changing data architectures: In response to digital transformation, many enterprises have tried to implement new data architectures. However, this too, is often done in silos, creating data storage sprawl and an even more complex data governance situation in the enterprise.

All of this brings us to data fabrics, which not only address these challenges, but provides a data architecture that can scale and flex, and enable (even automate) critical use cases across the organization. Data fabrics create massive operational efficiencies: Gartner estimates that data fabric deployments will reduce data management efforts by up to 70% and accelerate time to value.

Our history with data fabrics — and our future

We have been building data fabrics for 15 years — long before they emerged in the marketplace as a solution for data-drenched enterprises. So while we are deeply familiar with data fabrics, we think it’s worth defining them here.

Simply put, data fabric is an architecture that automates the integration of various data pipelines and cloud environments to enable a holistic, real-time view of data across an organization. A data fabric provides a single source of truth by aggregating, normalizing, de-duplicating and verifying data from multiple locations, in multiple formats, and for multiple uses. Data fabrics do this by connecting data at the processing layer rather than the storage layer. 

What’s really compelling to us is that data fabrics recognize that an effective enterprise data solution requires more than its building blocks. Because the flexibility of a data fabric allows for utilization of data from ingestion into insights, practitioners can use data the way they want to, whether that’s to find security vulnerabilities or solve an urgent supply chain issue.  In fact the use cases for data fabrics are nearly limitless, which is really exciting.

We founded Avalor to leverage the elegance and efficiency of data fabrics for enterprises. Having seen the benefits of a data fabric in our earlier work, we were struck at how ideal this architecture would be to help one of every organization’s most critical functions: Cybersecurity.

Why a data fabric for security makes perfect sense

Through our work with data fabrics, we would often learn of multiple verticals trying to create a dedicated data-fabric, such as for marketing, HR, finance, commerce, etc. 

We are based in Israel, where there is a thriving ecosystem of cybersecurity companies. We started to hear repeatedly and directly from leaders of security solutions that they were challenged to provide value with the data they generate to their customers. We saw how good those companies are at security but how behind they were on building a world class data fabric to actually use the data.  

We realized that cybersecurity, which runs a hodge-podge of data generating tools and systems and has a critical need for trustworthy data in real-time, is an ideal use for data fabric architecture. We started with that premise and then validated it throughout 2022 with 100+ meetings with CISOs and their teams. 

The result is our recently announced Avalor Data Fabric for Security™, a dedicated solution for vulnerability risk management and prioritization for security teams.

What is Avalor’s Data Fabric for Security™?

The data fabric acts as the single source of truth of all relevant data points for the security function. It powers automation, 2-way sync, alerts, and analytics which live on top of the platform.

• The fabric syncs security data from all the relevant tools and business information to create contextualization, and organizational data to drive ownership and track accordingly.
• This process retains operational data so SecOps can instantly see what is being done to solve identified security issues.

For example:  

• The security fabric ingests vulnerability data into the platform →
• Correlates it with multiple data points and other vulnerabilities within the same security tool or parent ones →
• Contextualizes the criticality, ownership, plan to fix and actual impact→
• Drives an operational workflow to remediate 

By removing the manual work necessary to verify and curate security data, we also removed barriers to trust. When it’s hard to get data, teams don’t agree on the authenticity of it, it creates a lot of friction, which leads to slower velocity and overall more risk exposure to the organization.

The future is data fabrics

Our security data fabric is the building block for other use-cases and applications. Our vision is to allow both internal and external teams to customize the fabric to fit their own business goals. This will eliminate the need to “build” a solution on top of the data fabric  — instead they can simply customize it to fit the way their organization works. 

We understand that to security teams, using a data fabric to streamline operations and mitigate risk more efficiently is a somewhat new concept. If you’d like to see for yourself how our solution works with real security data, let’s get together for a demo. 

P.S. If you’re interested in what an experienced CISO thinks of our approach, give this blog a read.