World War II was fought with tanks, artillery and soldiers, and battle strategy then comprised maps, pen and paper. But in less than a century since, defending a nation now involves cyber-warfare. Battle strategy today is inundated with data from sensors, cameras and a wealth of other sources.
“Data points by volume and location are increasing,” says Jill Macmurchy, Vice President of Customer Success, APAC, at Confluent, and governments today are struggling to keep up. Without a way to make sense of the overwhelming amount of data, governments are left with a barrage of 1s and 0s that they are unable to act upon.
Cyber threats in an increasingly complex world
The world has had centuries to build up defences for physical war. By contrast, the breakneck pace at which digitalisation happens is proving a challenge for nations to guard against. Traditional security approaches are unable to match the rapid expansion of data points today, Macmurchy says.
Three key problems stand out in how organisations today are wrangling data for better security.
First, many organisations use a plethora of different security tools to identify and mitigate different problems. They will use one tool to manage data security, and another to detect potential cyber-threats, for instance. This makes it difficult for them to get a clear picture of what is happening across the organisation, Macmurchy explains.
Additionally, many security and information event management platforms were built several years ago and don’t meet the needs of the modern world, with poor usability, difficulty in adding new data sources, and escalating costs with the growth of data. These challenges prevent legacy systems from keeping up with the rapidly changing threat landscape.
Finally, data is inherently noisy. Raw data contains a lot of unnecessary information that makes it difficult to find out what is critical, like looking for a needle in the haystack. IT teams need to spend time making sense of data and signals provided across these tools by filtering through them and identifying relevant information to act on.
An ineffective and overly complex approach results in a slower mean time to detect and respond to threats, Macmurchy says, even though response time is crucial when it comes to addressing security threats. If organisations are slow to detect a threat, it can give threat actors access to more sensitive data, and become even more entrenched in their networks, according to Cyber Triage.
Real-time data for more responsive security
For teams to respond quickly to security threats, real-time data is invaluable. The more information organisations can collect and analyse in the quickest possible time, the better they will be able to resolve potential security threats, Macmurchy says.
For instance, a lone security guard in a bank robbery may only be able to see one room at a time. But having real-time data from surveillance cameras can give law enforcement outside the bank an overview of what is happening, allowing them to advise the security guard on how to act.
But getting security tools to capture and process all incoming data can be extremely expensive and time consuming. In the bank robbery example, surveillance cameras and sensors are not just capturing information of potential hostages or robbers. They are also capturing other unnecessary information such as empty rooms.
For security teams to act, they need to be able to rapidly identify which piece of information is relevant. This is where data management platforms like Confluent are especially helpful – to help organisations process information in real time.
Take security logs as another example. Nearly every virtual machine and tool generates activity logs of who has accessed the system and what they did. But feeding that massive amount of raw data into a security analysis tool to identify potential anomalies is extremely tedious and expensive.
What organisations need to do is to have an easy way to access and filter multiple sources of data in real time before providing it to the security tool – which Confluent’s platform can help with. “We enable all of those organisations to stream data in real time so that they can operate … and act on the data more quickly,” Macmurchy says.
Confluent helped tech giant Intel improve the time needed to detect and respond to security threats, for instance. After Intel acquired numerous other companies, it was left with many different security tools. Confluent helped it to collect and filter the data from these tools to generate insights that the company’s security teams could then act on, Macmurchy explains.
How data protects citizens
Having a data management platform that can filter real-time data can also help in protecting citizens in the areas of military defence, fraud detection and even in healthcare crises such as the Covid-19 pandemic.
Firstly, in the armed forces, data tends to be siloed in the databases of individual military agencies. The navy may not have access to data from the army, for example. Platforms such as Confluent can help to “share critical information across agencies, pull all that data together, and give the governments a view of what’s happening in real time from a security threat perspective,” Macmurchy says.
Another potential use case is in fraud detection. For example, Confluent helped Grab Defence, a unit of the popular ride-hailing platform, to detect and reduce credit card fraud, Macmurchy says. Grab has accelerated its go-to-market strategy and Confluent has helped it with its externalisation of Grab Defence and the important mission of reducing fraud. This helps Grab to build customers’ trust and keep them safe.
Finally, real-time event processing platforms can help governments protect citizens in times of public health crises. During Covid-19, for example, governments have relied on track and trace applications to monitor the spread of the virus; their effectiveness relied on real-time data.
Confluent’s platform is able to help governments to manage the vast amount of data streaming in as citizens are checking in to different locations. For instance, the platform is able to flag whether someone in a location has tested Covid-positive, after which it can feed that information into messaging applications that inform others in the vicinity to get tested or to isolate themselves.
Countries today face a multitude of threats, both physical and digital. But having the ability to leverage real-time data can be the key to helping them to identify and respond before these threats cause real damage, if only governments can make sense of it. Data-streaming platforms like Confluent are critical in helping them do so.