Own and manage its data directly rather than leaving it siloed in vendor systems.Start large-scale extract, transform, and load (ETL) operations, allowing engineers to run analytics and AI-based use cases like retrieval-augmented generation (RAG).Reduce costs associated with rigid SIEM licensing and storage tiers.Improve compliance with new PCI DSS v4.0 requirements for automated log review in its payment card processing system.Boost operational efficiency so engineers could spend less time managing tools and more time brainstorming new ideas. The challenge of unlocking from vendors: To execute its data-ownership vision, Avnet partnered with Cribl, a platform designed to pull in data from many sources, filter it in real time, and then send it wherever it’s needed, without being tied to a single vendor’s ecosystem.The move to Cribl, while beneficial for Avnet, required a rethinking of how security data should flow across an enterprise.”Cribl pushed us to reconsider how we managed data security,” Chan explains. “The biggest shift was separating our data from the tools that generate it. Previously, everything lived inside individual platforms or our SIEM, making it siloed, inflexible, and expensive.”Cribl ultimately helped Avnet’s security team move to a centralized architecture that captures, routes, and stores data more cost-effectively. The security team now owns its data outright, with the freedom to analyze it on its own terms rather than through vendor dashboards. Streamlined operations, lower costs, more team agility: The positive impact of Avnet’s data management project is as clear as day, according to Chan.”We have fundamentally changed how our cybersecurity team operates,” he says. “With our new architecture, a single engineer has a consolidated view of all data transactions and a unified pipeline interface, making the environment much easier to manage.”Previously, four engineers were needed to manage data pipelines, but now one engineer does the work more efficiently, says Chan. In addition, licensing and storage costs have been cut to just 15 percent of their former levels, and data processing capacity has doubled.”The results speak for themselves: we’re processing twice the data at half the cost and with four times the efficiency.”The migration to a cleaner and more scalable data management architecture also frees up engineers to focus on strategy rather than being weighed down by repetitive manual tasks.”The engineer now configures workflows once, with no need to bounce between systems or rework processes for every change,” says Chan. “What used to be a manual effort is now a point-and-click experience.”For its security data management project, Avnet earned a 2025 CSO Award. The award honors security projects that demonstrate outstanding thought leadership and business value. Looking beyond data management, exploring AI: Avnet plans to extend its architecture to areas like cloud security posture management, attack surface management, and new AI-based use cases.”Now that we have our own security data architecture, we’re ready to integrate AI into security operations,” says Chan. “One of the most exciting opportunities is LLMs tailored for security, similar to Microsoft’s Security Copilot, which we are actively evaluating.”Another AI-powered tool on Avnet’s radar is retrieval-augmented generation (RAG). RAG is a technique that enhances GenAI models by connecting them to a specific, up-to-date knowledge base to reduce “AI hallucinations” and deliver the most current and accurate responses in real time.”AI-assisted security insights aren’t just exciting”, they’re transformative,” says Chan. “They help our analysts speed up investigations and uncover trends. None of this is possible without a well-structured data layer. But we now have that layer in place and it’s giving us the freedom to scale AI use cases with confidence.” Advice to CISOs: Don’t underestimate the human factor: For CIOs and CISOs considering a move to data ownership, Chan emphasizes the importance of balancing technology with people and process.”The technology”, installing agents and setting up pipelines”, is the easy part. The real challenge is getting people on board,” he says.”That means aligning regional teams, earning trust, and clearly communicating the ‘why’ behind the shift. So, invest as much time getting buy-in from stakeholders as you do building the platform. When people are aligned, the technology exceeds expectations.”Another tip, says Chan, is to treat vendor renewal cycles as opportunities for a change in strategy. For Avnet, the decision to walk away from a legacy SIEM renewal wasn’t just a cost-saving measure; it was a chance to set a new direction for the company.Curious how Avnet is reclaiming control of its security data and unlocking AI-driven insights? Learn from industry leaders and award-winning projects like this at the CSO Conference & Awards. Register today.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4051505/avnet-unlocks-vendor-lock-in-and-reinvents-security-data-management.html
