Blog

Data, data everywhere, and not a drop of insight. The enterprise collects terabytes of data from hundreds of different, disconnected security tools. Yet, while organizations have vast amounts of data, they struggle to be data-driven.   Internal stakeholders have their own tools to help them make tactical decisions. The compliance and audit team may use a governance, risk, and compliance (GRC) platform or Microsoft Excel. The security analysts may have a security information and event management (SIEM) tool, or two (maybe one cloud-delivered and one on-premises). The IT team might be using a ticketing system to manage issues like applying security updates to vulnerable devices. Disconnected metrics create challenges as the enterprise attempts moving from a tactical to a strategic cybersecurity program. Siloed data limits usability as collecting the required metrics and statistics is time-consuming and, often, inaccurate. Consider the following examples and how connecting these metrics would provide holistic insights:  Inability to identify and connect responsible parties to non-compliance reports identifying gaps that were addressed, prioritized, or partially resolved   No clear call to action for security analysts reviewing metrics that threat blocking and vulnerability patching  No business context connecting to technical data about networks, systems, and devices   This will help turn tactical data into strategic actions. Security data fabrics can be leveraged by enterprises for a modern data architecture that streamlines their analytics processes while providing everyone access to - and strategic insight from - the data they need.  If you’d like to learn how DataBee® from Comcast Technology Solutions can help you collect and utilize outcome-driven and actional contextual insights, we partnered with analyst firm IDC to help customers leverage a data fabric to enhance existing capabilities. Download the free report now: “IDC Spotlight: Principles of Being a Data-driven Cybersecurity Leader”. 

It’s been three years since MVPDs accommodated the big 5G spectrum reallocation, and three years since we started helping companies to answer the question, “what would it look like to move our delivery model from orbit and down to earth?” Since then, our Managed Terrestrial Distribution (MTD) model has continued to grow – not just in population, but in its scope of offerings.   We’ve recently rolled out a significant expansion to our channel lineup, giving services the opportunity to add even more value and interest to their subscribers:  Lots of premium destinations across genres, including top-tier sports channels, A-list studio channels for movies and original entertainment,   More choices for kids and family, shopping, and faith-based programming  More HD content than ever before – three times the number of HD channels versus satellite-only  Explore our channel lineup  A better way to serve the content customers want  For existing MTD customers, this represents not just a wider offering, but also an opportune time to gain more operational efficiency by moving more services to their MTD workflow. CTS is an active partner, helping providers all over the country with a seamless migration and continuous support.  For businesses exploring the move from satellite services towards eventually a fully IP-based delivery model, there’s a lot more to share, as MTD continues its host of benefits – from reduced operational complexity to increased service offerings for customers. Customers share their MTD experience  Managed Terrestrial Distribution was really envisioned as a way for cable providers to continue evolving along with their customers. We all certainly know what it’s like on the customer end: our screens are better, our expectations are higher, and as 4K and 8K become more and more prevalent, HD programming is almost table stakes at this point. The idea here on the Comcast Technology Solutions side was to turn the 5G spectrum situation into a real opportunity for providers to reimagine themselves in a way that wouldn’t disrupt daily operations.   One of the businesses that made the move to MTD was Sister Lakes Cable, a phone, TV, and internet provider in the Michigan area. Tom Wilson (Operations Manager), let us know how things have gone so far:  Curious about more ways that Managed Channel Origination can help keep MVPDs competitive into the 2030’s and beyond? There’s plenty more to learn here. 

The shift from traditional advertising models to more diverse, digital-focused strategies has brought brand marketers to an interesting crossroads: the choice between centralized production, which offers streamlined efficiency and brand consistency, and decentralized production/fragmentation, a model that can deliver greater flexibility, diverse creative input, and specialized expertise.   Choosing between centralization and fragmentation can be daunting, requiring a delicate balancing act between consistency and creativity, management of complex collaborations, important cost implications, and the need to mitigate risk. Yet for others, it feels like being a kid in a candy shop with a hundred-dollar bill — full of possibilities and opportunities to explore.   As part of our Content Circle of Life series, we asked industry experts from The Team Companies, APR, and our own AdFusion™ team to weigh the pros and cons of centralization and fragmentation in creative production. Check out their in-depth discussion to explore how marketers are meeting their needs and driving success in an evolving landscape by: Fostering a culture of creative collaboration  Implementing flexible frameworks  Leveraging composable technology  In the meantime, here are just a few of the highlights from their conversation to get you started… Foster a culture of creative collaboration Traditionally, creative and production tasks have been handled in silos, with teams working separately on different aspects of a campaign. This approach, however, can limit the exchange of ideas, reduce flexibility, and lead to inefficiencies. Instead, in today’s fast-paced and dynamic landscape, brands are finding tremendous value in building cross-functional teams that bring together diverse skills and perspectives and take their message to as many screens as possible.   A collaborative environment breaks down barriers, encouraging communication and teamwork across marketing, creative, production, and even procurement. This integration across an end-to-end creative management platform allows teams to share insights, address challenges more quickly, and ensure that every aspect of the project aligns with the overall brand vision.   Encouraging openness also means creating a safe space where team members feel comfortable sharing unconventional or bold ideas without fear of judgment. Creating this type of environment:  Nurtures creativity  Fosters experimentation  Empowers teams to adapt quickly to changing market demands   In a world where the ability to adapt and innovate is crucial, fostering a culture of openness and collaboration is no longer just a good practice — it is essential for brands to stay competitive.  Implement flexible frameworks Creative experimentation should absolutely be encouraged regardless of whether your business follows a centralized or decentralized production model. Teams need the freedom to test new ideas without the pressure of immediate perfection. Yet everyone wants the freedom and flexibility to adapt and innovate — but not at the cost of losing control over production processes. So, how can brands achieve this ideal balance?   By designing frameworks that offer structure but enable collaboration, rather than restricting it.  Leverage AI to drive flexibility and innovation  The secret to cultivating a flexible framework? Emerging technology, such as:  AI  Virtual production  Collaboration platforms  These types of innovative tech are foundational to building and supporting flexible frameworks that spur creativity and innovation.   Technology is evolving so fast that brands should leverage it not just for ideation, but also for execution in creative production. From streamlining content creation to enhancing data analysis, AI is already transforming creative production. Tools like VideoAI™ can analyze vast amounts of video data to help brands identify and repurpose content, reducing the need for additional production.  Maximize agility with composable technology  One of the biggest misconceptions advertisers have about composable technology is that it introduces unnecessary complexity, making operations even harder to manage. In reality, composable platforms simplify processes in two main ways:  Integrating essential data into a single unified system  Providing better control and oversight across the entire creative production workflow  Instead of forcing a fragmented approach, a true composable ecosystem, such as one enabled by AdFusion, works in symphony with specialized partners like APR and The Team Companies to streamline processes and handle specific workflows. In turn, this reduces the risk of miscommunication or inefficiency and results in greater visibility across marketing operations.   Whether it’s preventing delays, managing legal concerns, or ensuring that media trafficking and distribution are executed as planned, a composable ecosystem supports partnerships that empower brands to identify and mitigate risks early and effectively.  Conclusion: A real-world case study   As with most things in life, there is no one-size-fits-all solution. Brands must find an approach that centralizes for consistency and scale but doesn’t sacrifice the innovation and diversity that come from working with specialized partners. This balance will enable brands to navigate the complexity while remaining agile enough to seize new opportunities.   What might this look like in the real world? Take a look at this case study snapshot to see how The Team Companies + AdFusion integrate business functions to drive creative production.  Challenge:  A major challenge for brands managing creative production is ensuring smooth collaboration between specialized teams while maintaining oversight of critical business functions. Miscommunication, inefficiencies, and delays often arise from siloed systems, leading to compliance issues, missed deadlines, and increased costs.  Solution: The Team Companies addresses this issue by managing business affairs, talent, and payroll for ads distributed through the AdFusion platform. By integrating key data directly into the AdFusion ecosystem, The Team Companies provides brands with centralized oversight of essential and seamless management of business functions without disrupting the specialized workflows of different teams.  Results: This composable approach, enabled by the AdFusion platform, has proven highly effective. It allowed advertisers to maintain transparency and compliance across the entire creative production process, avoiding common pitfalls such as miscommunication and costly delays. The integration facilitates a cohesive strategy across both internal and external teams, enhancing collaboration and ensuring brand safety. Additionally, by streamlining processes and centralizing insights, brands are able to accelerate time to market, mitigate risks, and avoid fines related to compliance issues.   Ultimately, integrating The Team Companies workflows with AdFusion maximizes media investments and drives overall campaign success.   Get in touch to find out how AdFusion can help your brand make faster, smarter, and more data-driven decisions. 

Why do monitoring and logging matter?   Although this is a foundational question in cybersecurity and networking, National Cybersecurity Awareness Month makes this a great time to (re)visit important topics.   Monitoring and logging are very similar to security cameras and home alarm systems. They help you keep an eye on what’s happening in your applications and systems. If – when – something unusual occurs, analysts can leverage information from monitoring and logging solutions to respond and manage potential issues.  In this blog, I explore some tips from my experience as a DevOps and Systems Engineer.  10 tips for effective monitoring and logging:  Set up alerts for unusual activity  Use monitoring tools to set up alerts for machine or human behaviors that don’t seem right. This could be, for example, a user who has experienced multiple failed logins attempts or a server with a sudden spike in traffic. This way, you can prioritize and quickly investigate suspicious activities.   If it’s important, log it  Adversaries are becoming clever in hiding their tracks. This makes logging key events, such as user logins, changes to business-critical data, and system errors, important. The information gleaned from logs can help shed light on a bad actor’s trail.  Regularly review log  Don’t just collect logs—make it a habit to review them regularly. Collaborate with your team and experts to capture and understand details from logs. Look for patterns or anomalies that could indicate a security issue.   Leverage SIEMs   Security Information and Event Management (SIEM) tools are great to collect and analyze log data from different sources, helping you detect security incidents more efficiently.   Retain logs for digital forensics  Your industry regulations may already require this, but storing your logs will not only keep you compliant but can also help you perform security investigations. SIEMs can be expensive depending on the throughput of your organization. Security data fabrics, such as DataBee, can help you decouple storage and federate security data to a centralized location like a data lake, making it easier to search through raw logs or optimized datasets to help you catch important information.  Establish a response plan  Ideally before a security event occurs, your team should have a plan in place to respond to an incident. This should include who to contact and the steps to contain any potential threats.  Educate your team  Make sure everyone on your team understands the importance of monitoring and logging. Training can help them recognize potential security threats and respond appropriately.  Keep your tools updated  Regularly update your monitoring and logging tools to ensure you’re protected against the latest threats. Outdated tools might miss important security events.  Test your monitoring setup  Running tabletops can help you test your monitoring systems and response plans to ensure they’re working correctly. Simulate incidents to see if your alerts trigger as expected.  Stay informed  Keep up to date with the latest security trends and threats. This knowledge can help you improve your monitoring and logging practices continuously.  By following these tips, you can enhance your organization's security posture and respond more effectively to potential threats. Monitoring and logging might seem like technical tasks, but they play a vital role in keeping your systems safe! 

Like many cybersecurity vendors, we like to keep an eye out for the publication of the Verizon Data Breach Investigations Report (DBIR) each year. It’s been a reliable way to track the actors, tactics and targets that have forced the need for a cybersecurity industry and to see how these threats vary from year to year. This information can be helpful as organizations develop or update their security strategy and approaches.    All of the key attack patterns reported on in the DBIR have been mapped to the Critical Security Controls (CSC) put out by the Center for Internet Security (CIS), a community-driven non-profit that provides best practices and benchmarks designed to strengthen the security posture of organizations. According to the CIS, these Controls “are a prescriptive, prioritized and simplified set of best practices that you can use to strengthen your cybersecurity posture.”  Many organizations rely on the Controls and Safeguards described in the CIS CSC document to guide how they build and measure their security program. Understanding this, we thought it might be useful to map the Incident Classification Patterns described in the 2024 DBIR report, to the guidance provided in the CIS Critical Security Controls, Version 8.1, and then to the CSC Controls and Safeguards that DataBee for Continuous Controls Monitoring (CCM) reports on. As you’ll see, CCM – whether from DataBee or another vendor (😢) – is a highly useful way to measure progress toward effective controls implementation.  The problem, proposed solutions, and how to measure their effectiveness   The 2024 DBIR identifies a set of eight patterns for classifying security incidents, with categories such as System Intrusion, Social Engineering, and Basic Web Application Attacks leading the charge. Included in the write-up of each incident classification is a list of the Safeguards from the CIS Critical Security Controls that describe “specific actions that enterprises should take to implement the control.” These controls are recommended for blocking, mitigating, or identifying that specific incident type. CIS Controls and Safeguards recommended to combat System Intrusion, for example, include: 4.1, Establish and Maintain a Secure Configuration Process1; 7.1, Establish and Maintain a Vulnerability Management Process2; and 14, Security Awareness and Skills Training3. Similar lists of Controls and Safeguards are provided in the DBIR for other incident classification patterns.   Continuous Controls Monitoring (CCM) is an invaluable tool to measure implementation for cybersecurity controls, including many of the CIS Safeguards. These might include measuring the level of deployment for a solution within a population of assets, e.g., is endpoint detection and response implemented on all end user workstations and laptops? Or has a task been completed within the expected timeframe, such as the remediation of a vulnerability, closure of a security policy exception, or completion of secure code development training? While reporting on these tasks individually may seem easy enough, CCM takes it to the next level by reporting on a large set of controls through a single interface, rather than requiring users to access a series of different interfaces for every distinct control. Additionally, CCM supports the automation of data collection and then refreshing report content so that the data being reported is kept current with significantly less effort.   Doing (and measuring) “the basics”  The CIS CSCs are divided into three “implementation groups.” The CIS explains implementation groups this way: “Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Critical Security Controls.” The CIS defines Implementation Group 1 (IG1) as “essential cyber hygiene and represents an emerging minimum standard of information security for all enterprises.” In the CIS CSCs v8.1, there are 56 Safeguards in implementation group 1, slightly more than a third of the total Safeguards. Interestingly, most of the Safeguards listed by Verizon in the DBIR are from implementation group 1, the Safeguards for essential cyber hygiene, that is, “the basics.”   Considering “the basics,” a few years ago, the 2021 Data Breach Investigations Report made this point:   “The next time we are up against a paradigm-shifting breach that challenges the norm of what is most likely to happen, don’t listen to the ornithologists on the blue bird website chirping loudly that “We cannot patch manage or access control our way out of this threat,” because in fact “doing the basics” will help against the vast majority of the problem space that is most likely to affect your organization.” (page 11)  Continuous controls monitoring is ideally suited to help organizations measure their progress when implementing essential security controls. That is, those controls that will help against “the vast majority of the problem space.” These essential controls are the necessary foundation on which more specialized and sophisticated controls can be built.  Moving beyond the basics  Of course, CCM is not limited to reporting on the basics. As Verizon notes, the CIS Safeguards listed in the 2024 DBIR report are only a small subset of those which could help to protect the organization, or to detect, respond to, or recover from an incident. Any control which lends itself to measurement, especially when expressed as a percentage of implementation, is a viable candidate for CCM. Additionally, the measurement can be compared against a target level of compliance, a Key Performance Indicator (KPI), to assess if the target is being met, exceeded, or if additional work is needed to reach it.   The Critical Security Controls from CIS provide a pragmatic and comprehensive set of controls for organizations to improve their essential cybersecurity capabilities. CCM provides a highly useful solution to measure the progress towards effective implementation of the controls, both at the organization level, and the levels of management that make up the organization.   Mapping incident classification patterns to CIS controls & safeguards to DataBee for Continuous Controls Monitoring dashboards  DataBee’s CCM solution provides consistent and accurate dashboards that measure how effectively controls have been implemented, and it does this automatically and continuously. Turns out, it produces reports on many of the Controls and Safeguards detailed in the CIS CSC. Here are some examples:  The DBIR recommends Control 04, "Secure Configuration of Enterprise Assets and Software," as applicable for several Incident Classification Patterns, namely System Intrusion, and Privilege Misuse. The Secure Configuration dashboard for DataBee for Continuous Controls Monitoring reports on this CSC Control and many of its underlying Safeguards.  Control 10, “Malware Defenses,” is also listed as a response to System Intrusion in the DBIR. The Endpoint Protection dashboard supports this control. It shows the systems protected by your endpoint detection and response (EDR) solutions and compares them to assets expected to have EDR installed. DataBee reports on the assets missing EDR and which consequently remain unprotected.  “Security Awareness and Skills Training,” Control 14, is noted in the DBIR as a response to patterns System Intrusion, Social Engineering, and Miscellaneous Errors. The DataBee Security Training dashboard can provide status on training from all the sources used by your organization.  In addition to supporting the controls and safeguards listed in the DBIR, the DataBee dashboards also report on CSC controls such as Control 01, “Inventory and Control of Enterprise Assets.” While the DBIR does not list Control 01 explicitly, the information reported by the Asset Management dashboard in DataBee is needed to support Secure Configuration, Endpoint Protection, and other dashboards. That is, the dashboards that do support the CIS controls listed in the DBIR.   With the incident patterns in the 2024 Verizon Data Breach Investigations Report mapped to the Critical Security Controls and Safeguards provided by the Center for Internet Security, security teams are given a great start – or reminder – of the best practices and tools that can help them avoid falling ‘victim’ to these incidents. Continuous controls monitoring bolsters an organization’s security posture even more by delivering dashboards that report on the performance of an organization’s controls; reports that provide actionable insights into any security or compliance gaps.   If you’d like to learn more about how DataBee for Continuous Controls Monitoring supports the Controls and Safeguard recommendations provided in the CIS CSC, be in touch. We’d love to help you get the most out of your security investments. 

We are proud to announce that DataBee is recognized as one of only 35 companies to achieve the AWS Security Competency in Threat Detection and Response. We have worked diligently to help customers gain faster, better insights from their security data, making today meaningful to us as a team. This exclusive recognition underscores the value and impact that DataBee’s advanced capabilities bring to customers. Achieving an AWS Security Competency requires us to have deep technical AWS expertise. Inspired by Comcast's internal CISO and CTO organization, the DataBee platform connects disparate security data sources and feeds, enabling customers to optimize their AWS resources. Our AWS Competency recognition validates our ability to leverage our internal, technical AWS knowledge so that customers can achieve the same proven-at-scale benefits. More importantly, earning this badge is a testament to the success we have achieved in partnering with our customers, and validates that DataBee has enabled customers to transform vast amounts of security data into actionable insights for threat detection and response. Our continued collaboration with AWS reflects our dedication to driving innovation and delivering high-quality security solutions that meet the evolving needs of our customers. We are proud to be recognized for our efforts and remain committed to helping our customers achieve their security goals efficiently and effectively.

For streaming, broadcasting, or advertising, live sports represent some of the most exciting and most complex events to manage — and some of the most lucrative, particularly when it comes to breaking into new markets.   But when you’re only live once, the pressure to deliver flawless real-time content is immense, and the coordination required between technology, vendors, and teams is absolutely critical to bring home the win. As part of our Content Circle of Life series, Bill Calton, VP of Operations for Comcast Technology Solutions, sat down with David Wilburn, Vice President of TVE & VOD Software Engineering, Peacock, and Jorge de la Nuez, Head of Technology and Operations at the Olympic Channel, to discuss some of the key aspects of delivering/managing live sports content.   Read the highlights below or watch the full conversation here for expert perspectives on some of the most critical topics in live sports media, including:  Vendor/technology partner selection  AI in sports   Infrastructure challenges   The role of social media and advertising  The importance of vendor selection in live sports video   Bill Calton, VP of Operations, Comcast Technology Solutions: We’ve just been through the 2024 Summer Olympic Games in Paris, where over 3 billion viewers consumed some portion of this event’s content globally. And we ​all know that when we prepare for live sporting events, like the Olympics, we often work without a net. What is your process for getting a vendor in place prior to these events?   Jorge de la Nuez, Head of Technology and Operations, Olympic Channel:  Vendor selection for events like the Olympics is a complex and lengthy process. It often takes years to build relationships with trusted vendors, particularly in such high-stakes environments.  Auditing and competitive bidding processes are key elements, but personal relationships and knowledge of a vendor's track record are just as important.  Preparing for an event like the Olympics requires testing for load capacity and auditing the entire ecosystem to ensure no part of the infrastructure can fail.  David Wilburn, Vice President of TVE & VOD Software Engineering, Peacock:  Vendor relationships are critical, but so is ensuring they are true partners who understand the needs of the business and adapt to them.  It’s important to choose partners who are innovators and are evolving alongside the business, not just following their own roadmaps.  Partnerships should be flexible and scalable, with real-time communication that allows for quick issue resolution.  The role of AI in live sports content management and delivery  The possibilities seem endless in terms of how people consume sports content, from where they're consuming it to what type of device they're consuming the content on. And we're starting to see AI tools be leveraged to support this.   How have you seen AI play a role in the live sports media arena?  David Wilburn, Peacock:  AI is beginning to assist in automating sub-clipping for highlights and identifying players using jersey numbers or facial recognition. However, these systems are still evolving, so it will be interesting to see how this continues to develop. One of the challenges in leveraging AI for live video streaming is latency, especially in high-stakes environments like sports betting, where near-zero latency is a must.  Jorge de la Nuez, Olympic Channel:  AI has been integrated into Olympic content since Tokyo 2020, particularly in highlight creation and video content management.  AI tools are really useful for generating short-form video content for social media and search platforms  On the back end, AI helps home in on user profiling and content recommendation, which is driven by data analytics.  Infrastructure to ensure reliability for sports video   When the lights come on and fans tune in, your infrastructure needs to be ready. When you’re only live once, you need to effectively deal with redundancies, both from a cloud or on-premises perspective.   What do you do to ensure that these events go off without any interruption?  Jorge de la Nuez, Olympic Channel:  Managing infrastructure for the Olympics is a blend of cloud-based and on-premises systems. While the cloud offers flexibility, there are still challenges with cost and multi-vendor coordination.  Keeping the infrastructure simple when possible and relying on trusted partners for redundancy helps us manage complexity when the stakes are high.  David Wilburn, Peacock:  Having active-active multi-region services and auto-detection of issues is critical for high uptime, particularly during events like the Olympics or NFL games.  Chaos and load testing are essential to ensure that the systems can handle the massive demand of live events. Multi-CDN strategies also ensure that content delivery is never interrupted.  Social media, branding, and advertising for live sports content  People are grabbing sports content and leveraging it on their own social media.   Are you seeing any trends in advertising related to live sports that you think would be relevant?   Jorge de la Nuez, Olympic Channel:  The International Olympic Committee has integrated social media platforms like YouTube into its distribution strategy. It’s a balancing act between delivering free content and driving audiences to their own platforms.  At the same time, branded content is becoming more important than traditional ads, particularly on digital and social platforms.  David Wilburn, Peacock:  Advertising is changing. We’re going to be seeing a lot more of the use of "squeeze-back" ads, where video continues to play while ads are displayed on the screen. This allows viewers to stay engaged with live sports while still being exposed to relevant content from advertisers.   As the live sports media landscape continues to evolve, so will the technologies that support it.  At the same time, the importance of strong partnerships and well-prepared teams cannot be overstated. If you’re looking for a teammate to help you adapt, innovate, and maintain excellence in sports content delivery and management, connect with us here. 

Recently, DataBee hosted a webinar focused on the Digital Operational Resilience Act (DORA), a pivotal piece of EU legislation that is set to reshape the cybersecurity landscape for financial institutions. The talk featured experts Tom Schneider, Cybersecurity GRC Professional Services Consultant at DataBee and Annick O'Brien, General Counsel at CybSafe, who delved into the intricacies of DORA, its implications, and actionable strategies for compliance. 5 Key Takeaways for mastering DORA compliance and enhancing resilience: In an effort to open dialogue and help organisations that need to comply with the DORA compliance legislations, we are sharing the takeaways from our webinar. The Essence of DORA: DORA is not just another cybersecurity regulation; it addresses the broader scope of operational risk in the financial sector. Unlike frameworks that focus solely on specific cybersecurity threats or data protection, DORA aims to ensure that organisations can maintain operational resilience, even in the face of significant disruptions. This resilience means not just preventing breaches but also being able to recover swiftly when they occur. Broad Applicability: DORA's reach extends beyond traditional banks, capturing a wide array of entities within the financial ecosystem, including insurance companies, reinsurance firms, and even crowdfunding platforms. The act emphasizes that any organisation handling financial data needs to be vigilant, especially as DORA becomes fully enforceable in January 2025. Third-Party Risks: A significant portion of the webinar focused on the risks associated with third-party service providers, particularly cloud service providers. DORA places the onus on financial institutions to ensure that their third-party vendors are compliant with the same rigorous standards. This includes having robust technical and operational measures, conducting regular due diligence, and ensuring these providers can maintain operational resilience. Concentration of Risk: DORA introduces the concept of concentration risk, which refers to the potential danger when an entire industry relies heavily on a single service provider. The webinar highlighted recent incidents, such as the CrowdStrike and Windows issues, underscoring the importance of not only identifying these risks but also diversifying to mitigate them. Principles-Based Approach: Unlike prescriptive regulations, DORA is principles-based, focusing on the outcomes rather than the specific methods organisations must use. This approach requires financial institutions to continuously assess and update their operational practices to ensure resilience in a rapidly evolving technological landscape. Moving Forward: As the January 2025 deadline approaches, organisations are urged to review their existing compliance frameworks and identify how they can integrate DORA's requirements without reinventing the wheel. Many of the principles within DORA overlap with other frameworks like GDPR and NIST, providing a foundation that organisations can build upon. For those grappling with the complexities of DORA, the webinar emphasized the importance of preparation, regular testing, and continuous improvement. By leveraging existing policies and procedures, financial institutions can align with DORA's objectives and ensure they are not only compliant but also resilient in the face of future challenges. Databee can significantly enhance compliance with DORA by streamlining the management of information and communication technology (ICT) assets. DataBee for Continuous Controls Monitoring (CCM) offering weaves together data across multiple sources, enabling organisations to automate the creation of a reliable asset inventory. By providing enriched datasets and clear entity resolution, Databee reduces complexity of managing and monitoring ICT assets, improves auditability, and ensures that compliance and security measures are consistently met across the enterprise, ultimately supporting the resilience and security of critical business operations. Watch the recording of the webinar here or request a demo today to discover how DataBee can help you become DORA compliant.

With a subscription video on demand (SVOD) services market expected to surpass $1.2 billion by the end of this year, it’s no wonder that entertainment and media companies are looking at the Middle East and North Africa (MENA) with increased focus. While the region presents unique opportunities for expansion and greater content monetization, reaching this diverse and often fragmented audience presents distinct challenges. At our 2024 MENA Monetization Summit in Dubai, industry leaders discussed the innovative strategies they’ve used to thrive in this dynamic market. Read on to learn the drivers behind their success and gain strategic insights for effective content monetization in this rapidly evolving region.   MENA’s streaming and advertising market: highlights to know  Opportunities in MENA are evolving rapidly, driven by a young, tech-savvy population and increasing digital penetration. Consider the following statistics from global analysts Omdia:  MENA’s SVOD services market generated over $1 billion in revenues in 2023 and is expected to surpass $1.2 billion in 2024.   Online video advertising in MENA is expected to grow by 67% in revenue by 2028 while online video subscription is expected to grow by 19%.   Already, the Free Ad-Supported TV (FAST) market in MENA has topped $7 million — with the potential to quadruple in the next five years.   Saudi Arabia sees the highest consumption of YouTube videos globally.  So, how can businesses capitalize on these burgeoning markets? There are a few key considerations when evaluating opportunities for content monetization in MENA:  First, underserved sports content is a great avenue to explore. The popularity of sports such as  cricket, rugby, mixed martial arts, and fighting sports in the region opens up significant opportunities to stake out new territory. Since these sports are not as heavily contested by major players, new market entrants can quickly and effectively carve out a niche.   When expanding into MENA, localized content will be particularly important for success. Content tailored to local tastes, cultural norms, and preferences is crucial. This means finding opportunities to produce and broadcast local sports, creating region-specific reality shows, and emphasizing local celebrities and events. Platforms that offer a mix of local productions and international content stand a better chance of engaging the audience.  Similar to findings from other parts of the world, FAST channels are becoming increasingly popular in MENA, providing an alternative to traditional pay-TV. These channels attract large audiences by offering free content supported by advertising. This CTS webinar dives deeper into FAST channel technology.   FAST channel revenues in MENA reached $7.2 million in 2023 and are projected to quadruple in the next 5 years.  Success stories from MENA   Several companies are successfully navigating the MENA market challenges by leveraging specific strategies and focusing on underserved segments. STARZ PLAY Arabia and Shahid together make up approximately 40% of the total over-the-top (OTT) services market in the region according to Q4 2023 Omdia data.   Shahid and STARZ PLAY lead the MENA streaming video market. STARZ PLAY: With over 3.5 million subscribers and growing, this highly successful SVOD service has seen tremendous success by focusing on underserved sports and licensed Hollywood content. Here’s the strategy at a glance:   Securing sports rights including UFC, Cricket World Cup, ICC tournaments  Enhancing the user experience with sport-specific UI features  Shahid, part of the MBC Group, has established itself as a leading platform in the MENA region by:  Leveraging its extensive library of premium Arabic content   Growing both its ad-supported video on demand (AVOD) and SVOD services in tandem but with a heavier emphasis on advertising  Key trends to watch across the region  Shahid, STARZ PLAY, AWS, FreeWheel, and other media companies that have seen considerable success in MENA have tapped into key trends in the region.  Shifting toward hybrid models: In the Middle East, pay-TV is still important, but online advertising is growing rapidly. Giant entertainment companies such as Netflix and Amazon Prime are exploring ad-supported content. The expected growth in subscriptions combined with the increasing importance of advertising revenue in the region highlight this trend.  Importance of data and personalization: AI is revolutionizing content monetization in MENA by enhancing personalization and operational efficiency. AI is helping content providers with deeper understanding in user behavior and preferences, allowing for highly targeted and contextual advertising. By using AI to analyze vast amounts of data, companies can predict churn behaviors, personalize content recommendations, and optimize advertising strategies. Employing AI in content production processes, such as automated subtitling in multiple languages, is becoming a cost-effective way to make content more accessible and widen reach.  Rise of sports: The growing popularity of esports and niche sports presents a lucrative opportunity. The addition of new sports in the Olympic program could lead to increased engagement and monetization. Looking to grow in MENA? Here’s your roadmap. To thrive in the competitive MENA market, industry leaders recommend adopting the following strategies:  Identify and focus on areas underserved by major players, such as specific sports or localized content. This could mean using unique entertainment formats, such as live sports events, to attract audiences, foster brand loyalty, and maximize monetization potential.  Leverage partnerships and form strategic alliances with local telecom operators, device manufacturers, and opportunities for managed channel origination to boost visibility and distribution opportunities.  Invest in technology and infrastructure to ensure robust technology and infrastructure to handle high concurrent user traffic. In particular, cloud services and scalable solutions are essential for maintaining a seamless user experience and meeting the expectations of the region’s audiences.   Enhance fan engagement by leveraging AI and data analytics to create personalized and interactive experiences. It’s a great way to boost real-time engagement during live events, fantasy sports integration, key moments and highlights, and tailored content recommendations.  Diversify revenue streams and combine subscription services with advertising. Explore opportunities in branded content and sponsorships to maximize revenue potential. The future of content monetization lies in hybrid models that combine subscriptions with advertising. The expected growth in the number of subscriptions and the increasing importance of advertising revenue highlight this trend.  There is immense potential for success in MENA provided that companies can navigate its complexities and leverage its unique opportunities. Understanding local market dynamics and tailoring strategies accordingly will be key to capitalizing on the opportunities at hand.   Looking for a trusted partner to help support your strategies? Contact us today.

Artificial intelligence (AI) and music are a lot alike. When you have the right components together, like patterns in melodies and rhythms, music can be personal and inspire creativity. In my experience having worked on projects that developed AI for IT and security teams, data can help recognize patterns from day-to-day activities and frustrations that can be enhanced or automated. I started working in AI technology development nearly a decade ago. I loved the overlaps between music and programming. Both begin with basic rules and theory, but it is the human element that brings AI (and music) to life. Recently, we launched BeeKeeper AI™ from DataBee, a generative AI (genAI) tool that uses patent-pending entity resolution technology to find and validate asset and device ownership. Inspired by our own internal cybersecurity and operations teams struggles of chasing down ownership, which sometimes added up to 20+ asset owner reassignments, we knew there was a better way forward. Through integrations with enterprise chat clients like Teams, BeeKeeper AI uses your data to speak to your end users, replacing the otherwise arduously manual process of confirming or redirecting asset ownership. What’s the buzz about BeeKeeper AI from DataBee?   Much like how a good song metaphorically speaks to the soul, BeeKeeper AI’s innovative genAI approach is tuned to leverage ownership confidence scores that prompt it to proactively reach out to end users. Now, IT admins and operations teams don’t have to spend hours each day reaching out to asset owners who often become frustrated over having their day interrupted. Further, by using BeeKeeper AI for ‘filling in the blanks’ of unclaimed or newly discovered assets, you have an improved dataset of who to reach out to when security vulnerabilities and compliance gaps appear. BeeKeeper AI, a part of DataBee for Security Hygiene and Security Threats, uses an entity resolution technology to identify potential owners for unclaimed assets and devices based on a few factors such as comparing authentication logs. BeeKeeper AI is developed with a large language model (LLM) that features strict guardrails to keep conversations on track and hallucinations at bay when engaging these potential owners. This means that potential asset owners can simply respond “yes” or suggest someone else and move on with their day. Once users respond, BeeKeeper AI can do the rest – including looking for other potential owners, updating the DataBee platform, and even updating the CMDB, sharing its learnings with other tools. Automatic updates to improve efficiency and collaboration  Most IT admins and operations teams heave a sigh every time they have to manually update their asset inventories. If you’ve been using spreadsheets to maintain a running, cross-referenced list of unclaimed devices and potential owners, then you’re singing the song of nearly every IT department globally.   This is where BeeKeeper AI harmonizes with the rest of your objectives. When BeeKeeper AI automatically updates the DataBee platform, everyone across the different teams have a shared source of data, including:  IT  Operations  Information security  Compliance   Unknown or orphaned assets are everyone’s responsibility as they can become a potential entry point for security incidents or create compliance gaps. BeeKeeper AI can even give you insights from its own activity, allowing you to run user engagement reports to quantify issues like:   Uncooperative users   Total users contacted and their responses  Processed assets, like validated and denied assets  Since it automatically updates the DataBee platform, BeeKeeper AI makes collaboration across these different teams easier by ensuring that they all have the same access to cleaner and more complete user and asset information that has business context woven in. Responsible AI for security data  AI is a hot topic, but not all AI is the same. At DataBee, we believe in responsible AI with proper guardrails around the technology’s use and output. As security professionals, we understand that security data can contain sensitive information about your people and your infrastructure. BeeKeeper AI starts from your clean, optimized DataBee dataset and works within your contained environment. Unique to each organization’s data, BeeKeeper AI’s guardrails keep sensitive data from leakage. This is why BeeKeeper AI sticks to what it knows, even when someone tries to take it off task. Our chatbot isn’t easily distracted and refocuses attempts to engage back to its sole purpose - identifying and finding the right asset owners. Making honey out of your data with BeeKeeper AI  BeeKeeper AI leverages your security data to proactively reach out to users and verify whether they own assets. With DataBee, you can turn your security data into analytics-ready datasets to get insights faster. Let BeeKeeper AI manage your hive so you can focus on making honey out of your data. If you’re ready to reduce manual, time-consuming, collaboration-inhibiting processes, request a custom demo to see how DataBee for Security Hygiene can help you sing a sweeter tune.

2024 has been a big “events” year for DataBee as we’ve strived to raise awareness of the new business and the DataBee Hive™ security, risk and compliance data fabric platform. We’ve participated in events across North America and EMEA including Black Hat USA, the Gartner Security & Risk Management Summits, FS-ISAC Summit, Snowflake Data Cloud Summit and AWS re:Inforce, and of course, the RSA Conference. At RSA, we introduced to the community our sweet (haha) and funny life-size bee mascot, who ended up being a big hit among humans and canines alike. Participation in these events has been illuminating on many important fronts. For the DataBee “hive” it’s been invaluable, not only for the conversations and insights we gain from real users across the industry, but also for the feedback we receive as we share the story of DataBee’s creation and how it was inspired by the security data fabric that Comcast’s Global CISO, Noopur Davis, and her team developed. In general, we’ve been thrilled with the response that DataBee has received, but consistently, there’s one piece of attendee feedback that really gives us pause: “Why would Comcast Technology Solutions enter the cybersecurity solutions space?” In other words, “what the heck is Comcast doing here?” This statement makes it pretty clear: Comcast might be synonymous with broadband, video, media and entertainment services and experiences, but may be less associated with cybersecurity. But it should be. While Comcast and Xfinity may not be immediately associated with cybersecurity, Comcast Business, a $10 billion business within Comcast, has been delivering advanced cybersecurity solutions to businesses of all sizes since 2018. With our friends at Comcast Business, the DataBee team is working hard to change perceptions and increase awareness of Comcast’s rich history of innovation in cybersecurity. Let’s take a quick look at some of the reasons why the Comcast name should be synonymous with cybersecurity Comcast Business Comcast Business is committed to helping organizations adopt a cybersecurity posture that meets the diverse and complex needs of today’s cybersecurity environment. Comcast Business’ comprehensive solutions portfolio is specifically engineered to tackle the multifaceted challenges of the modern digital landscape. With advanced capabilities ranging from real-time threat detection and response, Comcast Business solutions help protect businesses. Whether through Unified Threat Management systems that simplify security operations, cloud-based solutions that provide flexible defenses, or DDoS mitigation services that help preserve operational continuity, Comcast Business is a trusted partner in cybersecurity. Comcast Business provides the depth, effectiveness, and expertise necessary to enhance enterprise security posture through: SecurityEdge™ Offering advanced security for small businesses, SecurityEdge™ is a cloud-based Internet security solution that helps protect all connected devices on your network from malware, phishing scams, ransomware, and botnet attacks. SD-WAN with Advanced Security Connect users to applications securely both onsite and in the cloud Unified Threat Management (UTM) Delivered by industry leading partners, UTM solutions provide an integrated security platform that combines firewall, antivirus, intrusion prevention, and web filtering to simplify management and enhance visibility across the network. DDoS Mitigation Security for disruption caused by Distributed Denial of Service attacks by helping to identify and block anomalous spikes in traffic while allowing for desired functionality of your services. Secure Access Service Edge (SASE) Integrating networking and security into a unified cloud-delivered service model, our SASE framework supports dynamic secure access needs of organizations, facilitating secure and efficient connectivity for remote and mobile workers. Endpoint Detection and Response (EDR) Help safeguard devices connected to your enterprise network, using AI to detect, investigate, remove, and remediate malware, phishing, and ransomware Managed Detection and Response (MDR) Extend EDR capabilities to the entire network and detect advanced threats, backed up with 24/7 monitoring by a team of cybersecurity experts. Vulnerability Scanning and Management Helps identify and manage security weaknesses in the network and software systems, a proactive approach that helps protect potential entry points for threat actors. Comcast Ventures Did you know that Comcast has a venture capital group that backs early-to-growth stage startups that are transforming sectors like cybersecurity, AI, healthcare, and more? Some of the innovative cybersecurity, data and AI-specific companies that Comcast Ventures has invested in include: BigID SafeBase HYPR Resemble AI Bitsight Uptycs Recently, cybersecurity investment and advisory firm NightDragon announced a strategic partnership with Comcast Technology Solutions (CTS) and DataBee that also included Comcast Ventures. As a result of this strategic partnership, CTS, Comcast Ventures and DataBee will gain valuable exposure to the new innovations coming from NightDragon companies. Comcast Cybersecurity As I write this, Comcast Corporation is ranked 33 on the Fortune 500 list, so – as you might guess – it has an expansive internal cybersecurity organization. With $121 billion+ in annual revenues, over 180,000 employees around the globe, and a huge ecosystem of consumers and business customers and partners, Comcast takes its security obligations very seriously. Our cyber professionals collectively hold and are awarded multiple patents each year. We lead standards bodies, and we participate and provide leadership in multiple policy forums. Our colleagues contribute to Open-Source communities where we share our security innovations. We are an integral part of the global community of cybersecurity practitioners – we present at conferences, learn from our peers, hold multiple certifications, and publish in various journals. We are a contributing member of the Communications ISAC, and the CISA Joint Cyber Defense Collaborative. A sampling of internal research and development efforts within Comcast’s cybersecurity organization include: One-time secure secrets sharing Security data fabric (Note: the inspiration for DataBee®) Anomaly detection AI-based secrets detection in code AI-based static code analysis for privacy Crypto-agility risk assessment Machine-assisted security threat modeling Scoping of threats against AI/ML apps Persona-based privacy threat modeling PKI and token management systems Certificate lifecycle management and contribution to industry IoT stock R&D for BluVector Network Detection and Response (NDR) product The Comcast Cyber Security (CCS) Research team, “conducts original applied and fundamental cybersecurity research”.  Selected projects that the team is working on include research on security and human behavior, security by design, and emerging technologies such as post quantum cryptography. CCS works with technology teams across Comcast to identify and explore security gaps in the broader cyber ecosystem. The Comcast Cybersecurity team’s work developing and implementing a security data fabric platform was the inspiration for what has become DataBee. Although the DataBee team has architected and built its commercial DataBee Hive™ security, risk and compliance data fabric platform from “scratch” (so to speak), it was Comcast’s internal platform – and the great results that it has, and continues, to deliver – that proved such a solution could be a game-changer, especially for large, complex organizations. While DataBee Hive has been designed to address the needs and scale of any type of enterprise or IT architecture, we were fortunate to be able to tap into the learnings that came from the years and countless person hours of development that went into building Comcast’s internal security data fabric platform, and then operating it at scale. DataBee Cybersecurity Suite Besides being home to the DataBee Hive security data fabric platform and products, it’s worth noting that the DataBee business unit of Comcast Technology Solutions is also home to BluVector, an on-premises network detection and response (NDR) platform. Comcast acquired BluVector in 2019, which was purpose-built to protect critical government and enterprise networks. BluVector continues to deliver AI-powered NDR for visibility across network, devices, users, files, and data to discover and hunt skilled and motivated threats. Comcast and cybersecurity? Of course. So, the next time you come across DataBee, from Comcast Technology Solutions, and you think to yourself “why is Comcast in the enterprise security market with DataBee?!” – think again. From small and mid-size organizations to large enterprises and government agencies; and from managed services to products and solutions; and from on-premises to cloud-native… Comcast’s complete cybersecurity “portfolio” covers the gamut. Want to connect with someone to determine what’s right for your organization? Contact us, and in “Comments”, let us know if you’d like to evaluate solutions from both DataBee and Comcast Business. We’ll look forward to exploring options with you!

If the proverb is, it takes a village to raise a child, then the corollary in the business world is that it takes a village to get compliance right. And in this analogy, compliance officers are the mayor of this village. Compliance officers schedule audits, coordinate activities, oversee processes, and manage documentation. They are the often-unsung heroes whose work acts as the foundation of your customers’ trust, helping you achieve certifications and mitigate risk. While your red teamers and defenders get visibility because they sit at the frontlines, your compliance team members are strategizing and carving paths to reduce risk and enable programs. For this National Compliance Officer Day, we salute these mayors of the compliance village in their own words. Feeling Gratitude There is a great amount of pride when compliance officers are able to help you build trust with your customers, but there is also an immense amount of gratitude from the compliance teams  for the internal relationships built within the enterprise Yasmine Abdillahi, Executive Director of Security Risk and Compliance and Business Information Security Officer at Comcast, expressed gratitude for executive leader Sudhanshu Kairab whose ability to grasp the core business fundamentals have allowed Comcast to implement robust compliance frameworks that mitigate risks and support growth and trust. “[Sudhanshu] consistently demonstrates a keen awareness of industry trends, enabling us to stay ahead of emerging challenges and opportunities. His ability to sustain and nurture a strong network, both internally and externally, has proven invaluable in fostering collaboration and ensuring we remain at the forefront of GRC best practices. His multifaceted approach to leadership has not only strengthened our risk posture but has also positioned our GRC function as a key driver of innovation and business growth.” Compliance professionals rely on their strategic internal business partners to succeed. When enterprise leaders empower the GRC function, compliance and risk managers can blossom into their best business enabling selves. In return, compliance leaders allow the enterprise to provide customers with the assurance they need. In today’s “trust but verify” world, customers trust the business when the compliance function can verify the enterprise security posture. Collaboration, Communication, and Education At its core, your compliance team acts as the communications glue that binds together the various cybersecurity functions. For Tom Schneider, who is a part of the DataBee team as a Cybersecurity GRC Professional Services Consultant, communication has been essential to his career. When working to achieve compliance with a control, communicating clearly and specifically is critical, especially when cybersecurity is not someone’s main responsibility. Clear communication educates both sides of the compliance equation. “Throughout my career, I have learned from the many people I’ve worked with. They have included management, internal and external customers, and auditors. I’ve learned from coworkers that were experts in some specific technology or process, such as vulnerability management or identity management, as well as from people on the business side and how things appear from their perspective.” GRC’s cross-functional nature makes compliance leaders some of the enterprise’s most impactful teachers and learners. Compliance officers collaborate across different functions - security, IT, and senior leadership. As they learn from their internal partners, they, in turn, educate others. Compliance officers are so much more than the controls they document and the checklists they review. They facilitate collaboration because they can communicate needs and build a shared language. Compliance Officers: Keeping It All Together A compliance officer’s role in your organization goes far beyond their job descriptions. They are cross-functional facilitators, mentors, learners, leaders, enablers, and reviewers. They are the ones who double check the organization’s cybersecurity work. Every day, they work quietly in the background, but for one day every year, we have the opportunity to let them know how important they are to the business. DataBee from Comcast Technology Solutions gives your compliance officer a way to keep their compliance and business data together so they can communicate more effectively and efficiently. Our security data fabric empowers all three lines of defense - operational managers, risk management, and internal audit - so they can leave behind spreadsheets and point-in-time compliance  reporting relics of the past. By leveraging the full power of your organization’s data, compliance officers can implement continuous controls monitoring (CCM) with accurate compliance dashboard and reports for measuring risk and reviewing controls’ effectiveness. From our Comcast compliance team to yours, thank you for all you do. We see you and appreciate you - today and every day.