As a leading distributor of electronic components and IT services, Avnet helps more than a million customers design, build, and move products through the supply chain. From cars and airplanes to medical devices and telecom networks, chances are Avnet played an integral part in turning an idea into a finished product.
On the cybersecurity front, though, Avnet has been facing a challenge many enterprises can relate to. For years, it relied on traditional tools such as security information and event management (SIEMs), endpoint detection and response (EDR), and risk-based vulnerability management (RBVM).
These solutions worked, but there was a catch: the data always lived with the vendors. Avnet could view the information through dashboards, but it didn’t truly own it. That lack of control made it harder to scale operations, keep costs down, and explore new possibilities like advanced analytics and artificial intelligence.
The turning point for Avnet came during a renewal discussion with one of its legacy SIEM vendors.
“That renewal became more than a procurement decision,” says Avnet CIO Max Chan. “It was a strategy inflection point.”
Instead of renewing, Avnet decided to completely redesign its security data architecture.
Setting clear goals for security data ownership
At the heart of Avnet’s data management project was the simple but ambitious goal of taking ownership of its security data and using it more effectively.
“As our security program matured, we recognized it was time to shift from vendor-managed portals to full data ownership,” Chan says. “Having the ability to execute large-scale data management is important as we leverage AI to speed up our pace of work.”
Specifically, the security team set out to:
Own and manage its data directly rather than leaving it siloed in vendor systems.
Start large-scale extract, transform, and load (ETL) operations, allowing engineers to run analytics and AI-based use cases like retrieval-augmented generation (RAG).
Reduce costs associated with rigid SIEM licensing and storage tiers.
Improve compliance with new PCI DSS v4.0 requirements for automated log review in its payment card processing system.
Boost operational efficiency so engineers could spend less time managing tools and more time brainstorming new ideas.
The challenge of unlocking from vendors
To execute its data-ownership vision, Avnet partnered with Cribl, a platform designed to pull in data from many sources, filter it in real time, and then send it wherever it’s needed, without being tied to a single vendor’s ecosystem.
The move to Cribl, while beneficial for Avnet, required a rethinking of how security data should flow across an enterprise.
“Cribl pushed us to reconsider how we managed data security,” Chan explains. “The biggest shift was separating our data from the tools that generate it. Previously, everything lived inside individual platforms or our SIEM, making it siloed, inflexible, and expensive.”
Cribl ultimately helped Avnet’s security team move to a centralized architecture that captures, routes, and stores data more cost-effectively. The security team now owns its data outright, with the freedom to analyze it on its own terms rather than through vendor dashboards.
Streamlined operations, lower costs, more team agility
The positive impact of Avnet’s data management project is as clear as day, according to Chan.
“We have fundamentally changed how our cybersecurity team operates,” he says. “With our new architecture, a single engineer has a consolidated view of all data transactions and a unified pipeline interface, making the environment much easier to manage.”
Previously, four engineers were needed to manage data pipelines, but now one engineer does the work more efficiently, says Chan. In addition, licensing and storage costs have been cut to just 15 percent of their former levels, and data processing capacity has doubled.
“The results speak for themselves: we’re processing twice the data at half the cost and with four times the efficiency.”
The migration to a cleaner and more scalable data management architecture also frees up engineers to focus on strategy rather than being weighed down by repetitive manual tasks.
“The engineer now configures workflows once, with no need to bounce between systems or rework processes for every change,” says Chan. “What used to be a manual effort is now a point-and-click experience.”
For its security data management project, Avnet earned a 2025 CSO Award. The award honors security projects that demonstrate outstanding thought leadership and business value.
Looking beyond data management, exploring AI
Avnet plans to extend its architecture to areas like cloud security posture management, attack surface management, and new AI-based use cases.
“Now that we have our own security data architecture, we’re ready to integrate AI into security operations,” says Chan. “One of the most exciting opportunities is LLMs tailored for security, similar to Microsoft’s Security Copilot, which we are actively evaluating.”
Another AI-powered tool on Avnet’s radar is retrieval-augmented generation (RAG). RAG is a technique that enhances GenAI models by connecting them to a specific, up-to-date knowledge base to reduce “AI hallucinations” and deliver the most current and accurate responses in real time.
“AI-assisted security insights aren’t just exciting—they’re transformative,” says Chan. “They help our analysts speed up investigations and uncover trends. None of this is possible without a well-structured data layer. But we now have that layer in place and it’s giving us the freedom to scale AI use cases with confidence.”
Advice to CISOs: Don’t underestimate the human factor
For CIOs and CISOs considering a move to data ownership, Chan emphasizes the importance of balancing technology with people and process.
“The technology—installing agents and setting up pipelines—is the easy part. The real challenge is getting people on board,” he says.
“That means aligning regional teams, earning trust, and clearly communicating the ‘why’ behind the shift. So, invest as much time getting buy-in from stakeholders as you do building the platform. When people are aligned, the technology exceeds expectations.”
Another tip, says Chan, is to treat vendor renewal cycles as opportunities for a change in strategy. For Avnet, the decision to walk away from a legacy SIEM renewal wasn’t just a cost-saving measure; it was a chance to set a new direction for the company.
Curious how Avnet is reclaiming control of its security data and unlocking AI-driven insights? Learn from industry leaders and award-winning projects like this at the CSO Conference & Awards. Register today.
No Responses