Managed Terrestrial Distribution gets more channels, more HD, and more value to customers and operators alike
It’s been three years since MVPDs accommodated the big 5G spectrum reallocation, and three years since we started helping companies to answer the question, “what would it look like to move our delivery model from orbit and down to earth?” Since then, our Managed Terrestrial Distribution (MTD) model has continued to grow – not just in population, but in its scope of offerings.
We’ve recently rolled out a significant expansion to our channel lineup, giving services the opportunity to add even more value and interest to their subscribers:
Lots of premium destinations across genres, including top-tier sports channels, A-list studio channels for movies and original entertainment,
More choices for kids and family, shopping, and faith-based programming
More HD content than ever before – three times the number of HD channels versus satellite-only
Explore our channel lineup
A better way to serve the content customers want
For existing MTD customers, this represents not just a wider offering, but also an opportune time to gain more operational efficiency by moving more services to their MTD workflow. CTS is an active partner, helping providers all over the country with a seamless migration and continuous support.
For businesses exploring the move from satellite services towards eventually a fully IP-based delivery model, there’s a lot more to share, as MTD continues its host of benefits – from reduced operational complexity to increased service offerings for customers.
Customers share their MTD experience
Managed Terrestrial Distribution was really envisioned as a way for cable providers to continue evolving along with their customers. We all certainly know what it’s like on the customer end: our screens are better, our expectations are higher, and as 4K and 8K become more and more prevalent, HD programming is almost table stakes at this point. The idea here on the Comcast Technology Solutions side was to turn the 5G spectrum situation into a real opportunity for providers to reimagine themselves in a way that wouldn’t disrupt daily operations.
One of the businesses that made the move to MTD was Sister Lakes Cable, a phone, TV, and internet provider in the Michigan area. Tom Wilson (Operations Manager), let us know how things have gone so far:
Curious about more ways that Managed Channel Origination can help keep MVPDs competitive into the 2030’s and beyond? There’s plenty more to learn here.
Read More
Ad creative production: Centralize or decentralize?
The shift from traditional advertising models to more diverse, digital-focused strategies has brought brand marketers to an interesting crossroads: the choice between centralized production, which offers streamlined efficiency and brand consistency, and decentralized production/fragmentation, a model that can deliver greater flexibility, diverse creative input, and specialized expertise.
Choosing between centralization and fragmentation can be daunting, requiring a delicate balancing act between consistency and creativity, management of complex collaborations, important cost implications, and the need to mitigate risk. Yet for others, it feels like being a kid in a candy shop with a hundred-dollar bill — full of possibilities and opportunities to explore.
As part of our Content Circle of Life series, we asked industry experts from The Team Companies, APR, and our own AdFusion™ team to weigh the pros and cons of centralization and fragmentation in creative production. Check out their in-depth discussion to explore how marketers are meeting their needs and driving success in an evolving landscape by:
Fostering a culture of creative collaboration
Implementing flexible frameworks
Leveraging composable technology
In the meantime, here are just a few of the highlights from their conversation to get you started…
Foster a culture of creative collaboration
Traditionally, creative and production tasks have been handled in silos, with teams working separately on different aspects of a campaign. This approach, however, can limit the exchange of ideas, reduce flexibility, and lead to inefficiencies. Instead, in today’s fast-paced and dynamic landscape, brands are finding tremendous value in building cross-functional teams that bring together diverse skills and perspectives and take their message to as many screens as possible.
A collaborative environment breaks down barriers, encouraging communication and teamwork across marketing, creative, production, and even procurement. This integration across an end-to-end creative management platform allows teams to share insights, address challenges more quickly, and ensure that every aspect of the project aligns with the overall brand vision.
Encouraging openness also means creating a safe space where team members feel comfortable sharing unconventional or bold ideas without fear of judgment. Creating this type of environment:
Nurtures creativity
Fosters experimentation
Empowers teams to adapt quickly to changing market demands
In a world where the ability to adapt and innovate is crucial, fostering a culture of openness and collaboration is no longer just a good practice — it is essential for brands to stay competitive.
Implement flexible frameworks
Creative experimentation should absolutely be encouraged regardless of whether your business follows a centralized or decentralized production model. Teams need the freedom to test new ideas without the pressure of immediate perfection. Yet everyone wants the freedom and flexibility to adapt and innovate — but not at the cost of losing control over production processes. So, how can brands achieve this ideal balance?
By designing frameworks that offer structure but enable collaboration, rather than restricting it.
Leverage AI to drive flexibility and innovation
The secret to cultivating a flexible framework? Emerging technology, such as:
AI
Virtual production
Collaboration platforms
These types of innovative tech are foundational to building and supporting flexible frameworks that spur creativity and innovation.
Technology is evolving so fast that brands should leverage it not just for ideation, but also for execution in creative production. From streamlining content creation to enhancing data analysis, AI is already transforming creative production. Tools like VideoAI™ can analyze vast amounts of video data to help brands identify and repurpose content, reducing the need for additional production.
Maximize agility with composable technology
One of the biggest misconceptions advertisers have about composable technology is that it introduces unnecessary complexity, making operations even harder to manage. In reality, composable platforms simplify processes in two main ways:
Integrating essential data into a single unified system
Providing better control and oversight across the entire creative production workflow
Instead of forcing a fragmented approach, a true composable ecosystem, such as one enabled by AdFusion, works in symphony with specialized partners like APR and The Team Companies to streamline processes and handle specific workflows. In turn, this reduces the risk of miscommunication or inefficiency and results in greater visibility across marketing operations.
Whether it’s preventing delays, managing legal concerns, or ensuring that media trafficking and distribution are executed as planned, a composable ecosystem supports partnerships that empower brands to identify and mitigate risks early and effectively.
Conclusion: A real-world case study
As with most things in life, there is no one-size-fits-all solution. Brands must find an approach that centralizes for consistency and scale but doesn’t sacrifice the innovation and diversity that come from working with specialized partners. This balance will enable brands to navigate the complexity while remaining agile enough to seize new opportunities.
What might this look like in the real world? Take a look at this case study snapshot to see how The Team Companies + AdFusion integrate business functions to drive creative production.
Challenge:
A major challenge for brands managing creative production is ensuring smooth collaboration between specialized teams while maintaining oversight of critical business functions. Miscommunication, inefficiencies, and delays often arise from siloed systems, leading to compliance issues, missed deadlines, and increased costs.
Solution:
The Team Companies addresses this issue by managing business affairs, talent, and payroll for ads distributed through the AdFusion platform. By integrating key data directly into the AdFusion ecosystem, The Team Companies provides brands with centralized oversight of essential and seamless management of business functions without disrupting the specialized workflows of different teams.
Results:
This composable approach, enabled by the AdFusion platform, has proven highly effective. It allowed advertisers to maintain transparency and compliance across the entire creative production process, avoiding common pitfalls such as miscommunication and costly delays. The integration facilitates a cohesive strategy across both internal and external teams, enhancing collaboration and ensuring brand safety. Additionally, by streamlining processes and centralizing insights, brands are able to accelerate time to market, mitigate risks, and avoid fines related to compliance issues.
Ultimately, integrating The Team Companies workflows with AdFusion maximizes media investments and drives overall campaign success.
Get in touch to find out how AdFusion can help your brand make faster, smarter, and more data-driven decisions.
Read More
Monitoring and logging: the eyes and ears of security
Why do monitoring and logging matter?
Although this is a foundational question in cybersecurity and networking, National Cybersecurity Awareness Month makes this a great time to (re)visit important topics.
Monitoring and logging are very similar to security cameras and home alarm systems. They help you keep an eye on what’s happening in your applications and systems. If – when – something unusual occurs, analysts can leverage information from monitoring and logging solutions to respond and manage potential issues.
In this blog, I explore some tips from my experience as a DevOps and Systems Engineer.
10 tips for effective monitoring and logging:
Set up alerts for unusual activity
Use monitoring tools to set up alerts for machine or human behaviors that don’t seem right. This could be, for example, a user who has experienced multiple failed logins attempts or a server with a sudden spike in traffic. This way, you can prioritize and quickly investigate suspicious activities.
If it’s important, log it
Adversaries are becoming clever in hiding their tracks. This makes logging key events, such as user logins, changes to business-critical data, and system errors, important. The information gleaned from logs can help shed light on a bad actor’s trail.
Regularly review log
Don’t just collect logs—make it a habit to review them regularly. Collaborate with your team and experts to capture and understand details from logs. Look for patterns or anomalies that could indicate a security issue.
Leverage SIEMs
Security Information and Event Management (SIEM) tools are great to collect and analyze log data from different sources, helping you detect security incidents more efficiently.
Retain logs for digital forensics
Your industry regulations may already require this, but storing your logs will not only keep you compliant but can also help you perform security investigations. SIEMs can be expensive depending on the throughput of your organization. Security data fabrics, such as DataBee, can help you decouple storage and federate security data to a centralized location like a data lake, making it easier to search through raw logs or optimized datasets to help you catch important information.
Establish a response plan
Ideally before a security event occurs, your team should have a plan in place to respond to an incident. This should include who to contact and the steps to contain any potential threats.
Educate your team
Make sure everyone on your team understands the importance of monitoring and logging. Training can help them recognize potential security threats and respond appropriately.
Keep your tools updated
Regularly update your monitoring and logging tools to ensure you’re protected against the latest threats. Outdated tools might miss important security events.
Test your monitoring setup
Running tabletops can help you test your monitoring systems and response plans to ensure they’re working correctly. Simulate incidents to see if your alerts trigger as expected.
Stay informed
Keep up to date with the latest security trends and threats. This knowledge can help you improve your monitoring and logging practices continuously.
By following these tips, you can enhance your organization's security posture and respond more effectively to potential threats. Monitoring and logging might seem like technical tasks, but they play a vital role in keeping your systems safe!
Read More
How Continuous Controls Monitoring (CCM) can make cybersecurity best practices even better
Like many cybersecurity vendors, we like to keep an eye out for the publication of the Verizon Data Breach Investigations Report (DBIR) each year. It’s been a reliable way to track the actors, tactics and targets that have forced the need for a cybersecurity industry and to see how these threats vary from year to year. This information can be helpful as organizations develop or update their security strategy and approaches.
All of the key attack patterns reported on in the DBIR have been mapped to the Critical Security Controls (CSC) put out by the Center for Internet Security (CIS), a community-driven non-profit that provides best practices and benchmarks designed to strengthen the security posture of organizations. According to the CIS, these Controls “are a prescriptive, prioritized and simplified set of best practices that you can use to strengthen your cybersecurity posture.”
Many organizations rely on the Controls and Safeguards described in the CIS CSC document to guide how they build and measure their security program. Understanding this, we thought it might be useful to map the Incident Classification Patterns described in the 2024 DBIR report, to the guidance provided in the CIS Critical Security Controls, Version 8.1, and then to the CSC Controls and Safeguards that DataBee for Continuous Controls Monitoring (CCM) reports on. As you’ll see, CCM – whether from DataBee or another vendor (😢) – is a highly useful way to measure progress toward effective controls implementation.
The problem, proposed solutions, and how to measure their effectiveness
The 2024 DBIR identifies a set of eight patterns for classifying security incidents, with categories such as System Intrusion, Social Engineering, and Basic Web Application Attacks leading the charge. Included in the write-up of each incident classification is a list of the Safeguards from the CIS Critical Security Controls that describe “specific actions that enterprises should take to implement the control.” These controls are recommended for blocking, mitigating, or identifying that specific incident type. CIS Controls and Safeguards recommended to combat System Intrusion, for example, include: 4.1, Establish and Maintain a Secure Configuration Process1; 7.1, Establish and Maintain a Vulnerability Management Process2; and 14, Security Awareness and Skills Training3. Similar lists of Controls and Safeguards are provided in the DBIR for other incident classification patterns.
Continuous Controls Monitoring (CCM) is an invaluable tool to measure implementation for cybersecurity controls, including many of the CIS Safeguards. These might include measuring the level of deployment for a solution within a population of assets, e.g., is endpoint detection and response implemented on all end user workstations and laptops? Or has a task been completed within the expected timeframe, such as the remediation of a vulnerability, closure of a security policy exception, or completion of secure code development training? While reporting on these tasks individually may seem easy enough, CCM takes it to the next level by reporting on a large set of controls through a single interface, rather than requiring users to access a series of different interfaces for every distinct control. Additionally, CCM supports the automation of data collection and then refreshing report content so that the data being reported is kept current with significantly less effort.
Doing (and measuring) “the basics”
The CIS CSCs are divided into three “implementation groups.” The CIS explains implementation groups this way: “Implementation Groups (IGs) are the recommended guidance to prioritize implementation of the CIS Critical Security Controls.” The CIS defines Implementation Group 1 (IG1) as “essential cyber hygiene and represents an emerging minimum standard of information security for all enterprises.” In the CIS CSCs v8.1, there are 56 Safeguards in implementation group 1, slightly more than a third of the total Safeguards. Interestingly, most of the Safeguards listed by Verizon in the DBIR are from implementation group 1, the Safeguards for essential cyber hygiene, that is, “the basics.”
Considering “the basics,” a few years ago, the 2021 Data Breach Investigations Report made this point:
“The next time we are up against a paradigm-shifting breach that challenges the norm of what is most likely to happen, don’t listen to the ornithologists on the blue bird website chirping loudly that “We cannot patch manage or access control our way out of this threat,” because in fact “doing the basics” will help against the vast majority of the problem space that is most likely to affect your organization.” (page 11)
Continuous controls monitoring is ideally suited to help organizations measure their progress when implementing essential security controls. That is, those controls that will help against “the vast majority of the problem space.” These essential controls are the necessary foundation on which more specialized and sophisticated controls can be built.
Moving beyond the basics
Of course, CCM is not limited to reporting on the basics. As Verizon notes, the CIS Safeguards listed in the 2024 DBIR report are only a small subset of those which could help to protect the organization, or to detect, respond to, or recover from an incident. Any control which lends itself to measurement, especially when expressed as a percentage of implementation, is a viable candidate for CCM. Additionally, the measurement can be compared against a target level of compliance, a Key Performance Indicator (KPI), to assess if the target is being met, exceeded, or if additional work is needed to reach it.
The Critical Security Controls from CIS provide a pragmatic and comprehensive set of controls for organizations to improve their essential cybersecurity capabilities. CCM provides a highly useful solution to measure the progress towards effective implementation of the controls, both at the organization level, and the levels of management that make up the organization.
Mapping incident classification patterns to CIS controls & safeguards to DataBee for Continuous Controls Monitoring dashboards
DataBee’s CCM solution provides consistent and accurate dashboards that measure how effectively controls have been implemented, and it does this automatically and continuously. Turns out, it produces reports on many of the Controls and Safeguards detailed in the CIS CSC. Here are some examples:
The DBIR recommends Control 04, "Secure Configuration of Enterprise Assets and Software," as applicable for several Incident Classification Patterns, namely System Intrusion, and Privilege Misuse. The Secure Configuration dashboard for DataBee for Continuous Controls Monitoring reports on this CSC Control and many of its underlying Safeguards.
Control 10, “Malware Defenses,” is also listed as a response to System Intrusion in the DBIR. The Endpoint Protection dashboard supports this control. It shows the systems protected by your endpoint detection and response (EDR) solutions and compares them to assets expected to have EDR installed. DataBee reports on the assets missing EDR and which consequently remain unprotected.
“Security Awareness and Skills Training,” Control 14, is noted in the DBIR as a response to patterns System Intrusion, Social Engineering, and Miscellaneous Errors. The DataBee Security Training dashboard can provide status on training from all the sources used by your organization.
In addition to supporting the controls and safeguards listed in the DBIR, the DataBee dashboards also report on CSC controls such as Control 01, “Inventory and Control of Enterprise Assets.” While the DBIR does not list Control 01 explicitly, the information reported by the Asset Management dashboard in DataBee is needed to support Secure Configuration, Endpoint Protection, and other dashboards. That is, the dashboards that do support the CIS controls listed in the DBIR.
With the incident patterns in the 2024 Verizon Data Breach Investigations Report mapped to the Critical Security Controls and Safeguards provided by the Center for Internet Security, security teams are given a great start – or reminder – of the best practices and tools that can help them avoid falling ‘victim’ to these incidents. Continuous controls monitoring bolsters an organization’s security posture even more by delivering dashboards that report on the performance of an organization’s controls; reports that provide actionable insights into any security or compliance gaps.
If you’d like to learn more about how DataBee for Continuous Controls Monitoring supports the Controls and Safeguard recommendations provided in the CIS CSC, be in touch. We’d love to help you get the most out of your security investments.
Read More
Status Update: DataBee is a now an AWS Security Competency Partner
We are proud to announce that DataBee is recognized as one of only 35 companies to achieve the AWS Security Competency in Threat Detection and Response. We have worked diligently to help customers gain faster, better insights from their security data, making today meaningful to us as a team. This exclusive recognition underscores the value and impact that DataBee’s advanced capabilities bring to customers.
Achieving an AWS Security Competency requires us to have deep technical AWS expertise. Inspired by Comcast's internal CISO and CTO organization, the DataBee platform connects disparate security data sources and feeds, enabling customers to optimize their AWS resources. Our AWS Competency recognition validates our ability to leverage our internal, technical AWS knowledge so that customers can achieve the same proven-at-scale benefits.
More importantly, earning this badge is a testament to the success we have achieved in partnering with our customers, and validates that DataBee has enabled customers to transform vast amounts of security data into actionable insights for threat detection and response.
Our continued collaboration with AWS reflects our dedication to driving innovation and delivering high-quality security solutions that meet the evolving needs of our customers. We are proud to be recognized for our efforts and remain committed to helping our customers achieve their security goals efficiently and effectively.
Read More
Live sports video: A winning playbook for content delivery and management
For streaming, broadcasting, or advertising, live sports represent some of the most exciting and most complex events to manage — and some of the most lucrative, particularly when it comes to breaking into new markets.
But when you’re only live once, the pressure to deliver flawless real-time content is immense, and the coordination required between technology, vendors, and teams is absolutely critical to bring home the win. As part of our Content Circle of Life series, Bill Calton, VP of Operations for Comcast Technology Solutions, sat down with David Wilburn, Vice President of TVE & VOD Software Engineering, Peacock, and Jorge de la Nuez, Head of Technology and Operations at the Olympic Channel, to discuss some of the key aspects of delivering/managing live sports content.
Read the highlights below or watch the full conversation here for expert perspectives on some of the most critical topics in live sports media, including:
Vendor/technology partner selection
AI in sports
Infrastructure challenges
The role of social media and advertising
The importance of vendor selection in live sports video
Bill Calton, VP of Operations, Comcast Technology Solutions: We’ve just been through the 2024 Summer Olympic Games in Paris, where over 3 billion viewers consumed some portion of this event’s content globally. And we all know that when we prepare for live sporting events, like the Olympics, we often work without a net.
What is your process for getting a vendor in place prior to these events?
Jorge de la Nuez, Head of Technology and Operations, Olympic Channel:
Vendor selection for events like the Olympics is a complex and lengthy process. It often takes years to build relationships with trusted vendors, particularly in such high-stakes environments.
Auditing and competitive bidding processes are key elements, but personal relationships and knowledge of a vendor's track record are just as important.
Preparing for an event like the Olympics requires testing for load capacity and auditing the entire ecosystem to ensure no part of the infrastructure can fail.
David Wilburn, Vice President of TVE & VOD Software Engineering, Peacock:
Vendor relationships are critical, but so is ensuring they are true partners who understand the needs of the business and adapt to them.
It’s important to choose partners who are innovators and are evolving alongside the business, not just following their own roadmaps.
Partnerships should be flexible and scalable, with real-time communication that allows for quick issue resolution.
The role of AI in live sports content management and delivery
The possibilities seem endless in terms of how people consume sports content, from where they're consuming it to what type of device they're consuming the content on. And we're starting to see AI tools be leveraged to support this.
How have you seen AI play a role in the live sports media arena?
David Wilburn, Peacock:
AI is beginning to assist in automating sub-clipping for highlights and identifying players using jersey numbers or facial recognition. However, these systems are still evolving, so it will be interesting to see how this continues to develop. One of the challenges in leveraging AI for live video streaming is latency, especially in high-stakes environments like sports betting, where near-zero latency is a must.
Jorge de la Nuez, Olympic Channel:
AI has been integrated into Olympic content since Tokyo 2020, particularly in highlight creation and video content management.
AI tools are really useful for generating short-form video content for social media and search platforms
On the back end, AI helps home in on user profiling and content recommendation, which is driven by data analytics.
Infrastructure to ensure reliability for sports video
When the lights come on and fans tune in, your infrastructure needs to be ready. When you’re only live once, you need to effectively deal with redundancies, both from a cloud or on-premises perspective.
What do you do to ensure that these events go off without any interruption?
Jorge de la Nuez, Olympic Channel:
Managing infrastructure for the Olympics is a blend of cloud-based and on-premises systems. While the cloud offers flexibility, there are still challenges with cost and multi-vendor coordination.
Keeping the infrastructure simple when possible and relying on trusted partners for redundancy helps us manage complexity when the stakes are high.
David Wilburn, Peacock:
Having active-active multi-region services and auto-detection of issues is critical for high uptime, particularly during events like the Olympics or NFL games.
Chaos and load testing are essential to ensure that the systems can handle the massive demand of live events. Multi-CDN strategies also ensure that content delivery is never interrupted.
Social media, branding, and advertising for live sports content
People are grabbing sports content and leveraging it on their own social media.
Are you seeing any trends in advertising related to live sports that you think would be relevant?
Jorge de la Nuez, Olympic Channel:
The International Olympic Committee has integrated social media platforms like YouTube into its distribution strategy. It’s a balancing act between delivering free content and driving audiences to their own platforms.
At the same time, branded content is becoming more important than traditional ads, particularly on digital and social platforms.
David Wilburn, Peacock:
Advertising is changing. We’re going to be seeing a lot more of the use of "squeeze-back" ads, where video continues to play while ads are displayed on the screen. This allows viewers to stay engaged with live sports while still being exposed to relevant content from advertisers.
As the live sports media landscape continues to evolve, so will the technologies that support it. At the same time, the importance of strong partnerships and well-prepared teams cannot be overstated. If you’re looking for a teammate to help you adapt, innovate, and maintain excellence in sports content delivery and management, connect with us here.
Read More
Mastering DORA compliance and enhancing resilience with DataBee
Recently, DataBee hosted a webinar focused on the Digital Operational Resilience Act (DORA), a pivotal piece of EU legislation that is set to reshape the cybersecurity landscape for financial institutions. The talk featured experts Tom Schneider, Cybersecurity GRC Professional Services Consultant at DataBee and Annick O'Brien, General Counsel at CybSafe, who delved into the intricacies of DORA, its implications, and actionable strategies for compliance.
5 Key Takeaways for mastering DORA compliance and enhancing resilience:
In an effort to open dialogue and help organisations that need to comply with the DORA compliance legislations, we are sharing the takeaways from our webinar.
The Essence of DORA: DORA is not just another cybersecurity regulation; it addresses the broader scope of operational risk in the financial sector. Unlike frameworks that focus solely on specific cybersecurity threats or data protection, DORA aims to ensure that organisations can maintain operational resilience, even in the face of significant disruptions. This resilience means not just preventing breaches but also being able to recover swiftly when they occur.
Broad Applicability: DORA's reach extends beyond traditional banks, capturing a wide array of entities within the financial ecosystem, including insurance companies, reinsurance firms, and even crowdfunding platforms. The act emphasizes that any organisation handling financial data needs to be vigilant, especially as DORA becomes fully enforceable in January 2025.
Third-Party Risks: A significant portion of the webinar focused on the risks associated with third-party service providers, particularly cloud service providers. DORA places the onus on financial institutions to ensure that their third-party vendors are compliant with the same rigorous standards. This includes having robust technical and operational measures, conducting regular due diligence, and ensuring these providers can maintain operational resilience.
Concentration of Risk: DORA introduces the concept of concentration risk, which refers to the potential danger when an entire industry relies heavily on a single service provider. The webinar highlighted recent incidents, such as the CrowdStrike and Windows issues, underscoring the importance of not only identifying these risks but also diversifying to mitigate them.
Principles-Based Approach: Unlike prescriptive regulations, DORA is principles-based, focusing on the outcomes rather than the specific methods organisations must use. This approach requires financial institutions to continuously assess and update their operational practices to ensure resilience in a rapidly evolving technological landscape.
Moving Forward:
As the January 2025 deadline approaches, organisations are urged to review their existing compliance frameworks and identify how they can integrate DORA's requirements without reinventing the wheel. Many of the principles within DORA overlap with other frameworks like GDPR and NIST, providing a foundation that organisations can build upon.
For those grappling with the complexities of DORA, the webinar emphasized the importance of preparation, regular testing, and continuous improvement. By leveraging existing policies and procedures, financial institutions can align with DORA's objectives and ensure they are not only compliant but also resilient in the face of future challenges.
Databee can significantly enhance compliance with DORA by streamlining the management of information and communication technology (ICT) assets. DataBee for Continuous Controls Monitoring (CCM) offering weaves together data across multiple sources, enabling organisations to automate the creation of a reliable asset inventory. By providing enriched datasets and clear entity resolution, Databee reduces complexity of managing and monitoring ICT assets, improves auditability, and ensures that compliance and security measures are consistently met across the enterprise, ultimately supporting the resilience and security of critical business operations.
Request a demo today to discover how DataBee can help you become DORA compliant.
Read More
Market opportunities in MENA for streaming, advertising, and sports
With a subscription video on demand (SVOD) services market expected to surpass $1.2 billion by the end of this year, it’s no wonder that entertainment and media companies are looking at the Middle East and North Africa (MENA) with increased focus. While the region presents unique opportunities for expansion and greater content monetization, reaching this diverse and often fragmented audience presents distinct challenges.
At our 2024 MENA Monetization Summit in Dubai, industry leaders discussed the innovative strategies they’ve used to thrive in this dynamic market. Read on to learn the drivers behind their success and gain strategic insights for effective content monetization in this rapidly evolving region.
MENA’s streaming and advertising market: highlights to know
Opportunities in MENA are evolving rapidly, driven by a young, tech-savvy population and increasing digital penetration. Consider the following statistics from global analysts Omdia:
MENA’s SVOD services market generated over $1 billion in revenues in 2023 and is expected to surpass $1.2 billion in 2024.
Online video advertising in MENA is expected to grow by 67% in revenue by 2028 while online video subscription is expected to grow by 19%.
Already, the Free Ad-Supported TV (FAST) market in MENA has topped $7 million — with the potential to quadruple in the next five years.
Saudi Arabia sees the highest consumption of YouTube videos globally.
So, how can businesses capitalize on these burgeoning markets? There are a few key considerations when evaluating opportunities for content monetization in MENA:
First, underserved sports content is a great avenue to explore. The popularity of sports such as cricket, rugby, mixed martial arts, and fighting sports in the region opens up significant opportunities to stake out new territory. Since these sports are not as heavily contested by major players, new market entrants can quickly and effectively carve out a niche.
When expanding into MENA, localized content will be particularly important for success. Content tailored to local tastes, cultural norms, and preferences is crucial. This means finding opportunities to produce and broadcast local sports, creating region-specific reality shows, and emphasizing local celebrities and events. Platforms that offer a mix of local productions and international content stand a better chance of engaging the audience.
Similar to findings from other parts of the world, FAST channels are becoming increasingly popular in MENA, providing an alternative to traditional pay-TV. These channels attract large audiences by offering free content supported by advertising. This CTS webinar dives deeper into FAST channel technology.
FAST channel revenues in MENA reached $7.2 million in 2023 and are projected to quadruple in the next 5 years.
Success stories from MENA
Several companies are successfully navigating the MENA market challenges by leveraging specific strategies and focusing on underserved segments. STARZ PLAY Arabia and Shahid together make up approximately 40% of the total over-the-top (OTT) services market in the region according to Q4 2023 Omdia data.
Shahid and STARZ PLAY lead the MENA streaming video market.
STARZ PLAY: With over 3.5 million subscribers and growing, this highly successful SVOD service has seen tremendous success by focusing on underserved sports and licensed Hollywood content. Here’s the strategy at a glance:
Securing sports rights including UFC, Cricket World Cup, ICC tournaments
Enhancing the user experience with sport-specific UI features
Shahid, part of the MBC Group, has established itself as a leading platform in the MENA region by:
Leveraging its extensive library of premium Arabic content
Growing both its ad-supported video on demand (AVOD) and SVOD services in tandem but with a heavier emphasis on advertising
Key trends to watch across the region
Shahid, STARZ PLAY, AWS, FreeWheel, and other media companies that have seen considerable success in MENA have tapped into key trends in the region.
Shifting toward hybrid models: In the Middle East, pay-TV is still important, but online advertising is growing rapidly. Giant entertainment companies such as Netflix and Amazon Prime are exploring ad-supported content. The expected growth in subscriptions combined with the increasing importance of advertising revenue in the region highlight this trend.
Importance of data and personalization: AI is revolutionizing content monetization in MENA by enhancing personalization and operational efficiency. AI is helping content providers with deeper understanding in user behavior and preferences, allowing for highly targeted and contextual advertising. By using AI to analyze vast amounts of data, companies can predict churn behaviors, personalize content recommendations, and optimize advertising strategies. Employing AI in content production processes, such as automated subtitling in multiple languages, is becoming a cost-effective way to make content more accessible and widen reach.
Rise of sports: The growing popularity of esports and niche sports presents a lucrative opportunity. The addition of new sports in the Olympic program could lead to increased engagement and monetization.
Looking to grow in MENA? Here’s your roadmap.
To thrive in the competitive MENA market, industry leaders recommend adopting the following strategies:
Identify and focus on areas underserved by major players, such as specific sports or localized content. This could mean using unique entertainment formats, such as live sports events, to attract audiences, foster brand loyalty, and maximize monetization potential.
Leverage partnerships and form strategic alliances with local telecom operators, device manufacturers, and opportunities for managed channel origination to boost visibility and distribution opportunities.
Invest in technology and infrastructure to ensure robust technology and infrastructure to handle high concurrent user traffic. In particular, cloud services and scalable solutions are essential for maintaining a seamless user experience and meeting the expectations of the region’s audiences.
Enhance fan engagement by leveraging AI and data analytics to create personalized and interactive experiences. It’s a great way to boost real-time engagement during live events, fantasy sports integration, key moments and highlights, and tailored content recommendations.
Diversify revenue streams and combine subscription services with advertising. Explore opportunities in branded content and sponsorships to maximize revenue potential. The future of content monetization lies in hybrid models that combine subscriptions with advertising. The expected growth in the number of subscriptions and the increasing importance of advertising revenue highlight this trend.
There is immense potential for success in MENA provided that companies can navigate its complexities and leverage its unique opportunities. Understanding local market dynamics and tailoring strategies accordingly will be key to capitalizing on the opportunities at hand.
Looking for a trusted partner to help support your strategies? Contact us today.
Read More
Bee sharp: putting GenAI to work for asset insights with Beekeeper AI™
Artificial intelligence (AI) and music are a lot alike. When you have the right components together, like patterns in melodies and rhythms, music can be personal and inspire creativity. In my experience having worked on projects that developed AI for IT and security teams, data can help recognize patterns from day-to-day activities and frustrations that can be enhanced or automated.
I started working in AI technology development nearly a decade ago. I loved the overlaps between music and programming. Both begin with basic rules and theory, but it is the human element that brings AI (and music) to life.
Recently, we launched BeeKeeper AI™ from DataBee, a generative AI (genAI) tool that uses patent-pending entity resolution technology to find and validate asset and device ownership. Inspired by our own internal cybersecurity and operations teams struggles of chasing down ownership, which sometimes added up to 20+ asset owner reassignments, we knew there was a better way forward. Through integrations with enterprise chat clients like Teams, BeeKeeper AI uses your data to speak to your end users, replacing the otherwise arduously manual process of confirming or redirecting asset ownership.
What’s the buzz about BeeKeeper AI from DataBee?
Much like how a good song metaphorically speaks to the soul, BeeKeeper AI’s innovative genAI approach is tuned to leverage ownership confidence scores that prompt it to proactively reach out to end users. Now, IT admins and operations teams don’t have to spend hours each day reaching out to asset owners who often become frustrated over having their day interrupted. Further, by using BeeKeeper AI for ‘filling in the blanks’ of unclaimed or newly discovered assets, you have an improved dataset of who to reach out to when security vulnerabilities and compliance gaps appear.
BeeKeeper AI, a part of DataBee for Security Hygiene and Security Threats, uses an entity resolution technology to identify potential owners for unclaimed assets and devices based on a few factors such as comparing authentication logs.
BeeKeeper AI is developed with a large language model (LLM) that features strict guardrails to keep conversations on track and hallucinations at bay when engaging these potential owners. This means that potential asset owners can simply respond “yes” or suggest someone else and move on with their day.
Once users respond, BeeKeeper AI can do the rest – including looking for other potential owners, updating the DataBee platform, and even updating the CMDB, sharing its learnings with other tools.
Automatic updates to improve efficiency and collaboration
Most IT admins and operations teams heave a sigh every time they have to manually update their asset inventories. If you’ve been using spreadsheets to maintain a running, cross-referenced list of unclaimed devices and potential owners, then you’re singing the song of nearly every IT department globally.
This is where BeeKeeper AI harmonizes with the rest of your objectives. When BeeKeeper AI automatically updates the DataBee platform, everyone across the different teams have a shared source of data, including:
IT
Operations
Information security
Compliance
Unknown or orphaned assets are everyone’s responsibility as they can become a potential entry point for security incidents or create compliance gaps. BeeKeeper AI can even give you insights from its own activity, allowing you to run user engagement reports to quantify issues like:
Uncooperative users
Total users contacted and their responses
Processed assets, like validated and denied assets
Since it automatically updates the DataBee platform, BeeKeeper AI makes collaboration across these different teams easier by ensuring that they all have the same access to cleaner and more complete user and asset information that has business context woven in.
Responsible AI for security data
AI is a hot topic, but not all AI is the same. At DataBee, we believe in responsible AI with proper guardrails around the technology’s use and output.
As security professionals, we understand that security data can contain sensitive information about your people and your infrastructure. BeeKeeper AI starts from your clean, optimized DataBee dataset and works within your contained environment. Unique to each organization’s data, BeeKeeper AI’s guardrails keep sensitive data from leakage.
This is why BeeKeeper AI sticks to what it knows, even when someone tries to take it off task. Our chatbot isn’t easily distracted and refocuses attempts to engage back to its sole purpose - identifying and finding the right asset owners.
Making honey out of your data with BeeKeeper AI
BeeKeeper AI leverages your security data to proactively reach out to users and verify whether they own assets. With DataBee, you can turn your security data into analytics-ready datasets to get insights faster. Let BeeKeeper AI manage your hive so you can focus on making honey out of your data.
If you’re ready to reduce manual, time-consuming, collaboration-inhibiting processes, request a custom demo to see how DataBee for Security Hygiene can help you sing a sweeter tune.
Read More
DataBee: Who do you think you are?
2024 has been a big “events” year for DataBee as we’ve strived to raise awareness of the new business and the DataBee Hive™ security, risk and compliance data fabric platform. We’ve participated in events across North America and EMEA including Black Hat USA, the Gartner Security & Risk Management Summits, FS-ISAC Summit, Snowflake Data Cloud Summit and AWS re:Inforce, and of course, the RSA Conference. At RSA, we introduced to the community our sweet (haha) and funny life-size bee mascot, who ended up being a big hit among humans and canines alike.
Participation in these events has been illuminating on many important fronts. For the DataBee “hive” it’s been invaluable, not only for the conversations and insights we gain from real users across the industry, but also for the feedback we receive as we share the story of DataBee’s creation and how it was inspired by the security data fabric that Comcast’s Global CISO, Noopur Davis, and her team developed. In general, we’ve been thrilled with the response that DataBee has received, but consistently, there’s one piece of attendee feedback that really gives us pause:
“Why would Comcast Technology Solutions enter the cybersecurity solutions space?”
In other words, “what the heck is Comcast doing here?”
This statement makes it pretty clear: Comcast might be synonymous with broadband, video, media and entertainment services and experiences, but may be less associated with cybersecurity.
But it should be. While Comcast and Xfinity may not be immediately associated with cybersecurity, Comcast Business, a $10 billion business within Comcast, has been delivering advanced cybersecurity solutions to businesses of all sizes since 2018. With our friends at Comcast Business, the DataBee team is working hard to change perceptions and increase awareness of Comcast’s rich history of innovation in cybersecurity.
Let’s take a quick look at some of the reasons why the Comcast name should be synonymous with cybersecurity
Comcast Business
Comcast Business is committed to helping organizations adopt a cybersecurity posture that meets the diverse and complex needs of today’s cybersecurity environment. Comcast Business’ comprehensive solutions portfolio is specifically engineered to tackle the multifaceted challenges of the modern digital landscape. With advanced capabilities ranging from real-time threat detection and response, Comcast Business solutions help protect businesses. Whether through Unified Threat Management systems that simplify security operations, cloud-based solutions that provide flexible defenses, or DDoS mitigation services that help preserve operational continuity, Comcast Business is a trusted partner in cybersecurity. Comcast Business provides the depth, effectiveness, and expertise necessary to enhance enterprise security posture through:
SecurityEdge™
Offering advanced security for small businesses, SecurityEdge™ is a cloud-based Internet security solution that helps protect all connected devices on your network from malware, phishing scams, ransomware, and botnet attacks.
SD-WAN with Advanced Security
Connect users to applications securely both onsite and in the cloud
Unified Threat Management (UTM)
Delivered by industry leading partners, UTM solutions provide an integrated security platform that combines firewall, antivirus, intrusion prevention, and web filtering to simplify management and enhance visibility across the network.
DDoS Mitigation
Security for disruption caused by Distributed Denial of Service attacks by helping to identify and block anomalous spikes in traffic while allowing for desired functionality of your services.
Secure Access Service Edge (SASE)
Integrating networking and security into a unified cloud-delivered service model, our SASE framework supports dynamic secure access needs of organizations, facilitating secure and efficient connectivity for remote and mobile workers.
Endpoint Detection and Response (EDR)
Help safeguard devices connected to your enterprise network, using AI to detect, investigate, remove, and remediate malware, phishing, and ransomware
Managed Detection and Response (MDR)
Extend EDR capabilities to the entire network and detect advanced threats, backed up with 24/7 monitoring by a team of cybersecurity experts.
Vulnerability Scanning and Management
Helps identify and manage security weaknesses in the network and software systems, a proactive approach that helps protect potential entry points for threat actors.
Comcast Ventures
Did you know that Comcast has a venture capital group that backs early-to-growth stage startups that are transforming sectors like cybersecurity, AI, healthcare, and more?
Some of the innovative cybersecurity, data and AI-specific companies that Comcast Ventures has invested in include:
BigID
SafeBase
HYPR
Resemble AI
Bitsight
Uptycs
Recently, cybersecurity investment and advisory firm NightDragon announced a strategic partnership with Comcast Technology Solutions (CTS) and DataBee that also included Comcast Ventures. As a result of this strategic partnership, CTS, Comcast Ventures and DataBee will gain valuable exposure to the new innovations coming from NightDragon companies.
Comcast Cybersecurity
As I write this, Comcast Corporation is ranked 33 on the Fortune 500 list, so – as you might guess – it has an expansive internal cybersecurity organization. With $121 billion+ in annual revenues, over 180,000 employees around the globe, and a huge ecosystem of consumers and business customers and partners, Comcast takes its security obligations very seriously.
Our cyber professionals collectively hold and are awarded multiple patents each year. We lead standards bodies, and we participate and provide leadership in multiple policy forums. Our colleagues contribute to Open-Source communities where we share our security innovations. We are an integral part of the global community of cybersecurity practitioners – we present at conferences, learn from our peers, hold multiple certifications, and publish in various journals. We are a contributing member of the Communications ISAC, and the CISA Joint Cyber Defense Collaborative. A sampling of internal research and development efforts within Comcast’s cybersecurity organization include:
One-time secure secrets sharing
Security data fabric (Note: the inspiration for DataBee®)
Anomaly detection
AI-based secrets detection in code
AI-based static code analysis for privacy
Crypto-agility risk assessment
Machine-assisted security threat modeling
Scoping of threats against AI/ML apps
Persona-based privacy threat modeling
PKI and token management systems
Certificate lifecycle management and contribution to industry IoT stock
R&D for BluVector Network Detection and Response (NDR) product
The Comcast Cyber Security (CCS) Research team, “conducts original applied and fundamental cybersecurity research”. Selected projects that the team is working on include research on security and human behavior, security by design, and emerging technologies such as post quantum cryptography. CCS works with technology teams across Comcast to identify and explore security gaps in the broader cyber ecosystem.
The Comcast Cybersecurity team’s work developing and implementing a security data fabric platform was the inspiration for what has become DataBee. Although the DataBee team has architected and built its commercial DataBee Hive™ security, risk and compliance data fabric platform from “scratch” (so to speak), it was Comcast’s internal platform – and the great results that it has, and continues, to deliver – that proved such a solution could be a game-changer, especially for large, complex organizations. While DataBee Hive has been designed to address the needs and scale of any type of enterprise or IT architecture, we were fortunate to be able to tap into the learnings that came from the years and countless person hours of development that went into building Comcast’s internal security data fabric platform, and then operating it at scale.
DataBee Cybersecurity Suite
Besides being home to the DataBee Hive security data fabric platform and products, it’s worth noting that the DataBee business unit of Comcast Technology Solutions is also home to BluVector, an on-premises network detection and response (NDR) platform. Comcast acquired BluVector in 2019, which was purpose-built to protect critical government and enterprise networks. BluVector continues to deliver AI-powered NDR for visibility across network, devices, users, files, and data to discover and hunt skilled and motivated threats.
Comcast and cybersecurity? Of course.
So, the next time you come across DataBee, from Comcast Technology Solutions, and you think to yourself “why is Comcast in the enterprise security market with DataBee?!” – think again.
From small and mid-size organizations to large enterprises and government agencies; and from managed services to products and solutions; and from on-premises to cloud-native… Comcast’s complete cybersecurity “portfolio” covers the gamut.
Want to connect with someone to determine what’s right for your organization? Contact us, and in “Comments”, let us know if you’d like to evaluate solutions from both DataBee and Comcast Business. We’ll look forward to exploring options with you!
Read More
Compliance Takes a Village: Celebrating National Compliance Officer Day
If the proverb is, it takes a village to raise a child, then the corollary in the business world is that it takes a village to get compliance right. And in this analogy, compliance officers are the mayor of this village. Compliance officers schedule audits, coordinate activities, oversee processes, and manage documentation. They are the often-unsung heroes whose work acts as the foundation of your customers’ trust, helping you achieve certifications and mitigate risk.
While your red teamers and defenders get visibility because they sit at the frontlines, your compliance team members are strategizing and carving paths to reduce risk and enable programs. For this National Compliance Officer Day, we salute these mayors of the compliance village in their own words.
Feeling Gratitude
There is a great amount of pride when compliance officers are able to help you build trust with your customers, but there is also an immense amount of gratitude from the compliance teams for the internal relationships built within the enterprise
Yasmine Abdillahi, Executive Director of Security Risk and Compliance and Business Information Security Officer at Comcast, expressed gratitude for executive leader Sudhanshu Kairab whose ability to grasp the core business fundamentals have allowed Comcast to implement robust compliance frameworks that mitigate risks and support growth and trust.
“[Sudhanshu] consistently demonstrates a keen awareness of industry trends, enabling us to stay ahead of emerging challenges and opportunities. His ability to sustain and nurture a strong network, both internally and externally, has proven invaluable in fostering collaboration and ensuring we remain at the forefront of GRC best practices. His multifaceted approach to leadership has not only strengthened our risk posture but has also positioned our GRC function as a key driver of innovation and business growth.”
Compliance professionals rely on their strategic internal business partners to succeed. When enterprise leaders empower the GRC function, compliance and risk managers can blossom into their best business enabling selves.
In return, compliance leaders allow the enterprise to provide customers with the assurance they need. In today’s “trust but verify” world, customers trust the business when the compliance function can verify the enterprise security posture.
Collaboration, Communication, and Education
At its core, your compliance team acts as the communications glue that binds together the various cybersecurity functions.
For Tom Schneider, who is a part of the DataBee team as a Cybersecurity GRC Professional Services Consultant, communication has been essential to his career. When working to achieve compliance with a control, communicating clearly and specifically is critical, especially when cybersecurity is not someone’s main responsibility. Clear communication educates both sides of the compliance equation.
“Throughout my career, I have learned from the many people I’ve worked with. They have included management, internal and external customers, and auditors. I’ve learned from coworkers that were experts in some specific technology or process, such as vulnerability management or identity management, as well as from people on the business side and how things appear from their perspective.”
GRC’s cross-functional nature makes compliance leaders some of the enterprise’s most impactful teachers and learners. Compliance officers collaborate across different functions - security, IT, and senior leadership. As they learn from their internal partners, they, in turn, educate others.
Compliance officers are so much more than the controls they document and the checklists they review. They facilitate collaboration because they can communicate needs and build a shared language.
Compliance Officers: Keeping It All Together
A compliance officer’s role in your organization goes far beyond their job descriptions. They are cross-functional facilitators, mentors, learners, leaders, enablers, and reviewers. They are the ones who double check the organization’s cybersecurity work. Every day, they work quietly in the background, but for one day every year, we have the opportunity to let them know how important they are to the business.
DataBee from Comcast Technology Solutions gives your compliance officer a way to keep their compliance and business data together so they can communicate more effectively and efficiently. Our security data fabric empowers all three lines of defense - operational managers, risk management, and internal audit - so they can leave behind spreadsheets and point-in-time compliance reporting relics of the past. By leveraging the full power of your organization’s data, compliance officers can implement continuous controls monitoring (CCM) with accurate compliance dashboard and reports for measuring risk and reviewing controls’ effectiveness.
From our Comcast compliance team to yours, thank you for all you do. We see you and appreciate you - today and every day.
Read More
Best practices for PCI DSS compliance...and how DataBee for CCM helps
For planning compliance with the Payment Card Industry Data Security Standard (PCI DSS), the PCI Security Standards Council (SSC) supplies a document that provides excellent foundational advice for both overall cybersecurity, and PCI DSS compliance. Organizations may already be aware of it, but regardless, it is a useful resource. And, it is interesting to read with Continuous Controls Monitoring (CCM) in mind.
The document lists 10 Recommendations for best practices which are useful, not just for PCI DSS compliance, but for overall security and compliance with organizational policies as well as frameworks and regulations to which the entity is subject. The best practices place a strong emphasis on ongoing, continuous compliance. That is, for organizations “to protect themselves and their customers from potential losses or damages resulting from a data breach, they must strive for ways to maintain a continuous state of compliance throughout the year rather than simply seeking point-in-time validation.”
While the immediate goal may be to attain a compliant Report on Compliance (ROC), that immediate goal, and the longer-term viability of the security program, are aided by establishing a program around continuous compliance and the ability to measure it.
Here are the SSC’s 10 Best Practices for Maintaining PCI DSS Compliance:
Develop and Maintain a Sustainable Security Program
Develop Program, Policy, and Procedures
Develop Performance Metrics to Measure Success
Assign Ownership for Coordinating Security Activities
Emphasize Security and Risk Management to Attain and Maintain Compliance
Continuously Monitor Security Controls
Detect and Respond to Security Control Failures
Maintain Security Awareness
Monitoring Compliance of Third-Party Service Providers
Evolve the Compliance Program to Address Changes
Some detail around the 10
The first recommendation, “Develop and Maintain a Sustainable Security Program” is short, but notes that, “Any cardholder data not deemed critical to business functions should be removed from the environment in accordance with the organization’s data-retention policies… In addition, organizations should evaluate business and operating procedures for alternatives to retaining cardholder data.” Outsourcing the processing of cardholder data to entities that specialize in this work is an option that many organizations take. When that is not a viable option, minimizing the amount of data collected, and securely deleting it as specified in the organization’s data retention policy is the next best option.
“Develop Program, Policy, and Procedures” is the second recommendation. Along with developing and maintaining these documents, accountability must be assigned “to ensure the organization's sustainable compliance.” Additionally, PCI DSS v4.0 has a requirement under each of the twelve principal requirements stating that “Roles and responsibilities for performing activities” for each principal requirement “are documented, assigned, and understood.” If this role does not already exist, something for organizations to consider would be designating a “compliance champion” for each business unit. The compliance champions could work with their management to assume accountability for the control compliance for assets and staff assigned to the business unit.
“Develop Performance Metrics to Measure Success” follows. This recommendation includes “Implementation metrics” (which measure the degree to which a control has been implemented, and are usually described as percentages), and “Efficiency and Effectiveness Measures” (which evaluate attributes such as completeness, consistency, and timeliness). These metrics show if a control has been implemented over the expected range of the organization’s assets, if it has been implemented consistently, and is being executed when expected. These metrics play a key role in assessing compliance in a continuous way.
Measurement of implementation metrics and effectiveness metrics for completeness and consistency are core components of DataBee for CCM. For example, in the case of Asset Management, users can see if assets in scope for PCI DSS are flagged as being in scope correctly, if the asset owner is accurate, and if other data points such as physical location are present. The ability to see continuously refreshed data on a CCM dashboard, as opposed to having to create a point in time report, or have the knowledge to access this data through a product specific portal, makes it practical for teams to see accurate metrics in an efficient way.
The fourth recommendation is to “Assign Ownership for Coordinating Security Activities.” An “individual responsible for compliance (a Compliance Manager)” is the main point of this recommendation. However, the recommendation notes that Compliance Manager should be “given adequate funding and resources… and granted the proper authority to effectively organize and allocate such resources.” The effective organization of resources could include delegating tasks throughout the organization to managers over units within the larger organization. This recommendation ends by noting that the organization must ensure that “the goals and objectives of its compliance program are consistently achieved despite changes in program ownership (i.e., employee turnover, change of management, organization merger, re-organization, etc.). Best practices include proper knowledge transfer, documentation of existing controls and the associated responsible individual(s) or team(s).”
Using the DataBee for CCM dashboards to assign accountability for assets and staff to the appropriate business units helps with this recommendation.
It clarifies the delegation of responsibility for assets and staff to the business unit’s management.
Furthermore, it would help drive the effective achievement of objectives of the compliance program during transitions in the Compliance Manager role.
Delegation of control compliance to the business unit’s management would enable them to continue with their tasks while a new Compliance Manager is hired and during the time needed for the Compliance Manager to adjust to their role.
“Emphasize Security and Risk Management to Attain and Maintain Compliance,” the fifth recommendation asserts that “PCI DSS provides a minimum set of security requirements for protecting payment card account data…,” and that “Compliance with industry standards or regulations does not inherently equate to better security.”
This point cannot be emphasized highly enough: “A more effective approach is to focus on building a culture of security and protecting an organization’s information assets and IT infrastructure and allow compliance to be achieved as a consequence.” The ongoing measurement of control implementation by CCM supports a culture of security. Organizations can use the information provided by DataBee for CCM to not only enable continuous reporting, but through it to support continuous remediation of control failures.
The next recommendation, “Continuously Monitor Security Controls,” describes how “the use of automation in both security management and security-control monitoring can provide a tremendous benefit to organizations in terms of simplifying monitoring processes, enhancing continuous monitoring capabilities, and minimizing costs while improving the reliability of security controls and security-related information.”
Ongoing monitoring of data that is frequently refreshed can be a core component for ongoing compliance. Ultimately, implementing a continuous controls monitoring program will help reduce extra workload as the PCI DSS assessment date approaches. DataBee for CCM is a tool that supports the necessary continuous monitoring.
The seventh recommendation, “Detect and Respond to Security Control Failures,” applies to two situations:
controls which have failed, but with no detectable consequences, and
control failures that escalate to security incidents.
PCI SSC notes that, “The longer it takes to detect and respond to a failure, the higher the risk and potential cost of remediation.” Continuous monitoring can help the organization to reduce the time it takes to detect a failed control.
Recommendation eight, “Maintain Security Awareness” speaks to the need to train the workforce, especially regarding how to respond to social engineering. Security training, both for the staff in general and role-based training for specific teams, is one of the requirements that DataBee for CCM reports on through its dashboards.
Recommendation nine is “Monitoring Compliance of Third-Party Service Providers,” and ten is “Evolve the Compliance Program to Address Changes.” A robust compliance program that is in place throughout the year can be more capable of evolving and adapting to change than an assessment focused program that allows controls to drift out of compliance between assessments. Continuous monitoring is key for combating compliance drift once an assessment has been completed.
After the ten recommendations, the main body of the document concludes with a section about the “Commitment to Maintaining Compliance.” Two of the key actions for maintaining continuous compliance are, “Assigning responsibility for ensuring the achievement of their security goals and holding those with responsibility accountable,” and “Developing tools, techniques, and metrics for tracking the performance and sustainability of security activities.” DataBee for CCM enables both these tasks.
The main theme of the “Best Practices for Maintaining PCI DSS Compliance” is that continuous compliance with PCI DSS that is maintained throughout the year is the goal. Ultimately, this helps improve the overall security posture of the organization. Making the required compliance activities business as usual tasks that are continuous throughout the year can also help with the specific goal of achieving a compliant result for a PCI DSS assessment when it comes due.
How DataBee for CCM fits in
We envisioned and realized DataBee for CCM as a fantastic fit for an evolving compliance program. Using the DataBee dashboards, with their continuously updated information that can be accessible to everyone who needs to see it, help free up time for GRC and other teams to focus on the evolution of the cybersecurity program. Given the rapid change in the cyber-threat landscape, and the frequent changes in security controls and regulatory requirements, turning report creation over to CCM to give time back to your people for higher value work is a win for your organization.
DataBee for CCM helps by providing consistent data to all teams, GRC, executive management, business management, IT, etc., so that everyone is working from the same information. This helps to delegate control compliance, and clearly identify accountable and responsible parties. Furthermore, DataBee for CCM shows executives, GRC, business managers and others content for multiple controls, from many different tools, through a single interface (as opposed to GRC needing to create multiple reports, or business managers and others having to create their own, possibly erroneous, reports). Additional dashboards can be created to report on other controls that are in scope for PCI DSS, such as secure configuration, business continuity, and monitoring the compliance of third-party service providers. Any control for which data is available to create useful dashboard content is a candidate for a DataBee for CCM dashboard.
Read More
Enter the golden age of threat detection with automated detection chaining
During my time as a SOC analyst, triaging and correlating alerts often felt like solving a puzzle without the box or knowing if you had all the pieces.
My days consisted of investigating alerts in an always-growing incident queue. Investigations could start with a single high or critical alert and then hunt through other log sources to piece together what happened. I had to ask myself (and my team) if this alert and that alert had any identifiable relationships or patterns with the ones they investigated that day, even though the alerts looked unrelated by themselves. Most investigations inevitably relied on institutional knowledge to find the pieces of your puzzle, searching by IP for one data source and the computer name in another. Finding the connections between the low and slow attacks in near real-time was a matter of chance and often discovered via threat-hunting efforts, slipping through the cracks of security operations. This isn’t an uncommon story and it's not new either – it’s the same problems faced during the Target 2013 breach and the National Public Data Network 2024 breach.
That’s why we launched automated detection chaining as part of the DataBee for Security Threats solution. Using a patent-pending approach to entity resolution, the security data fabric platform can chain together alerts from disjointed tools that could be potentially tied to an advanced persistent threat, insider threat, or compromised asset. What I like to call a “super alert” is presented in DataBee EntityViews™, which aggregates alerts into a time-series, or chronological, view. Now it’s easier to find attacks that span security tools and the MITRE ATT&CK framework. With our out-of-the-box detection chain, you can automatically create a super alert before the adversary reaches the command-and-control phase.
Break free from vendor-specific detections with Sigma Rules
Once a security tool is fully deployed in the network and environment, it becomes near impossible to change out vendors without significant operational impact. The impact is more than just replacing the existing solution, it's also updating all upstream and downstream integration points, such as custom detection content or log parsers. This leads to potential gaps in coverage due to limitations in the tooling deployed and the tools desired. Standard logging is done to a vendor-agnostic schema, and then an open-source detection framework is applied.
The DataBee Platform automated migrating to the Open Cybersecurity Schema Framework (OCSF), which has become increasingly popular with security professionals and is gaining adoption in some tools. Its vendor-agnostic approach standardizes disparate security logs and data feeds, giving SOC teams the ability to use their security data more effectively. Active detection streams in DataBee apply Sigma formatted rules over security data that is mapped to a DataBee-extended version of OCSF to integrate into the existing security ecosystem with minimal customizations. DataBee handles the translation from the Sigma taxonomy to OCSF to help lower the level of effort needed to adopt and support organizations on their journey to vendor-agnostic security operations. Sigma-formatted detections are imported and managed via GitHub to enable treating detections as code. By breaking free of proprietary formats, teams can more easily use vendor-agnostic Sigma rules to gain security insights from across all their tools, including data stored in security data lakes and warehouses.
The accidental insider threat
Accidental insider threats often begin with a phishing attack containing a malicious link or download that tricks the user. The malware is too new or has morphed to evade your end point detection. Then it spreads to whatever other devices it can authenticate to. Detecting the scope of the lateral movement of the malware is challenging because there is so much noise to search through. With DataBee EntityViews, SOC teams can easily review the historical information connected to the organization’s real-world people and devices, giving them a way to trace the progression of events.
Looking at a user’s profile shows relevant business contexts that can aid the investigation:
Job Title to hint at what is normal behavior
Manager to know who to go to for questions or if action needs to be taken
Owned assets that may be worth investigating further
The Event Timeline shows the various types of OCSF findings associated with the user.
By scrolling through the list of findings, a SOC analyst can quickly identify several potential issues, including malware present within the workstation. Most notable, the MITRE ATT&CK detection chain has triggered. In this instance, we had multiple data sources that alerted on different parts of the ATT&CK chain producing a super alert. The originating events are maintained as evidence and easily accessible to the analyst:
EntityViews allow for bringing the events from devices that the current user owns to help simplify the process of pulling together the whole story. In our example the device is the user’s laptop so it's likely that all of the activity is carried out by the user:
The first thing of note is the unusual number of authentication attempts to devices that seem atypical for a developer such as a finance server. As we continue to scroll through the user’s timeline, reviewing events from a variety of data sources, we finally come across our smoking gun. In this instance, we are able to see the phishing email that user clicked the link on that is our initial point of compromise:
It’s clear the device has malware on it, and the authentication attempts imply that the malware was looking to spread further in the network. To visualize this activity, we can leverage the Related Entities graphical view in the Activity section of EntityViews. SOC analysts can use a graphical representation and animation of the activity to visualize the connections between the compromised user and the organization. The graph displays other users and devices that have appearances in security findings, authentication, and ownership events. In our example, we can see that the user has attempted to authenticate to some atypical devices such as an HR system:
Filtering enables more targeted investigations, like focusing on only the successful authentication attempts:
Visualizations such as this in DataBee enable more accurate, timely and complete investigations. From this view, the SOC analysts can select any entity to see their EntityView with the activity associated with the related users and devices. Rather than pivoting between multiple applications or waiting for data to be reprocessed, they have real-time access to information in an easy to consume format.
Customizing detection chains to achieve organizational objectives
Detection Chains are designed to enable advanced threat modeling in a simple solution. Detection Chains can be created in the DataBee platform leveraging all kinds of events that flow through the security data fabric. DataBee ships with 2 detection chains to get you started:
MITRE ATT&CK Chain: Detect advanced low and slow attacks that span the MITRE ATT&CK chain before reaching Command & Control.
Potential Insider Threat: Detect insider threats who are printing out documents, emailing personal accounts, and messing with files in the file share.
These chains serve as a starting point. The intent is that organizations add and remove chains based on their specific needs. For example, you may want to extend the potential insider threat rule to include more potential email domains or limit file share behavior to accessing files that contain trade secrets or sales information.
Automated detection chains are nearly infinity flexible. By chaining together detections from the different data sources that align to different parts of the attack chain specific to a user or device, DataBee enables building advanced security analytics for hunting the elusive APTs and getting ahead of pesky ransomware attacks.
Building a better way forward with DataBee
Every organization is different, and every SOC team has unique needs. DataBee’s automated detection chaining feature gives SOC analysts a faster way to investigate complex security incidents, enabling them to rapidly and intuitively move through vast quantities of historical data.
If you’re ready to gain the full value of your security data with an enterprise-ready security, risk, and compliance data fabric, request a custom demo to see how DataBe for Security Threats can turn static detections into dynamic insights.