The Cybersecurity Pulse (TCP)’s Post

♨ 𝗗𝗮𝘁𝗮 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗳𝗼𝗿 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝗰𝗲𝘀𝘀𝗶𝗻𝗴 ♨ Security teams face immense hurdles in ensuring data quality across their most prized data sources. Inconsistencies across field names and schemas, poor documentation, noisy logs, duplicate entries.. The list goes on and on and on and on. You get the point. These data quality issues lead to dangerous blind spots, missed detection opportunities, and expensive SIEM invoices. 𝗛𝗼𝘄 𝗰𝗮𝗻 𝘄𝗲 𝗮𝗱𝗱𝗿𝗲𝘀𝘀 𝘁𝗵𝗶𝘀 𝗺𝗮𝗱𝗻𝗲𝘀𝘀? These challenges are not new, btw. They've been around since before 'security analytics' was even a thing. Without pitching you on a vendor solution (**cough** Monad **cough**), I wrote up a blog post that covers these challenges in-depth and how they can be solved using data processing techniques such as 𝗻𝗼𝗿𝗺𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻, 𝗽𝗮𝗿𝘀𝗶𝗻𝗴, and 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝗶𝘇𝗮𝘁𝗶𝗼𝗻. I showcase some examples of abhorrent inconsistencies across popular data sources like Google Workspace, Okta and Microsoft Entra ID. I also include a fun amount of SQL in the post 🐬 If you've done SecOps for any time, you know the pain. For those who haven't, this post and even the entire series is a great overview of how broken things have been for decades. Give the post a read at this link: https://lnkd.in/evvysD4z Stay tuned for Part 4 of the series where I'll be covering Data Pipelines + Data Transformation and Integration. Part 5 will be a deep dive on security analytics so it's fair to say things are heating up. Let me know if you have any feedback or would like to chat about this or any topic related to #DataEngineering for #Cybersecurity! Lastly, a huge thanks to the great folks who reviewed this post: Asante Babers, Matthew Jane, Nicholas Berger, and Christian Almenar!