{"id":4668,"date":"2025-09-04T14:07:50","date_gmt":"2025-09-04T14:07:50","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4668"},"modified":"2025-09-04T14:07:50","modified_gmt":"2025-09-04T14:07:50","slug":"avnet-unlocks-vendor-lock-in-and-reinvents-security-data-management","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4668","title":{"rendered":"Avnet unlocks vendor lock-in and reinvents security data management"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

As a leading distributor of electronic components and IT services, Avnet helps more than a million customers design, build, and move products through the supply chain. From cars and airplanes to medical devices and telecom networks, chances are Avnet played an integral part in turning an idea into a finished product.<\/p>\n

On the cybersecurity front, though, Avnet has been facing a challenge many enterprises can relate to. For years, it relied on traditional tools such as security information and event management (SIEMs), endpoint detection and response (EDR), and risk-based vulnerability management (RBVM).<\/p>\n

These solutions worked, but there was a catch: the data always lived with the vendors. Avnet could view the information through dashboards, but it didn\u2019t truly own it. That lack of control made it harder to scale operations, keep costs down, and explore new possibilities like advanced analytics and artificial intelligence.<\/p>\n

The turning point for Avnet came during a renewal discussion with one of its legacy SIEM vendors.<\/p>\n

\u201cThat renewal became more than a procurement decision,\u201d says Avnet CIO Max Chan. \u201cIt was a strategy inflection point.\u201d<\/p>\n

Instead of renewing, Avnet decided to completely redesign its security data architecture.<\/p>\n

<\/a>Setting clear goals for security data ownership<\/h2>\n

At the heart of Avnet\u2019s data management project was the simple but ambitious goal of taking ownership of its security data and using it more effectively.<\/p>\n

\u201cAs our security program matured, we recognized it was time to shift from vendor-managed portals to full data ownership,\u201d Chan says. \u201cHaving the ability to execute large-scale data management is important as we leverage AI to speed up our pace of work.\u201d<\/p>\n

Specifically, the security team set out to:<\/p>\n

Own and manage its data directly<\/strong> rather than leaving it siloed in vendor systems.<\/p>\n

Start large-scale extract, transform, and load (ETL) operations<\/strong>, allowing engineers to run analytics and AI-based use cases like retrieval-augmented generation (RAG).<\/p>\n

Reduce costs<\/strong> associated with rigid SIEM licensing and storage tiers.<\/p>\n

Improve compliance<\/strong> with new PCI DSS v4.0 requirements for automated log review in its payment card processing system.<\/p>\n

Boost operational efficiency<\/strong> so engineers could spend less time managing tools and more time brainstorming new ideas.<\/p>\n

<\/a>The challenge of unlocking from vendors<\/strong><\/h2>\n

To execute its data-ownership vision, Avnet partnered with Cribl, a platform designed to pull in data from many sources, filter it in real time, and then send it wherever it\u2019s needed, without being tied to a single vendor\u2019s ecosystem.<\/p>\n

The move to Cribl, while beneficial for Avnet, required a rethinking of how security data should flow across an enterprise.<\/p>\n

\u201cCribl pushed us to reconsider how we managed data security,\u201d Chan explains. \u201cThe biggest shift was separating our data from the tools that generate it. Previously, everything lived inside individual platforms or our SIEM, making it siloed, inflexible, and expensive.\u201d<\/p>\n

Cribl ultimately helped Avnet\u2019s security team move to a centralized architecture that captures, routes, and stores data more cost-effectively. The security team now owns its data outright, with the freedom to analyze it on its own terms rather than through vendor dashboards.<\/p>\n

<\/a>Streamlined operations, lower costs, more team agility<\/h2>\n

The positive impact of Avnet\u2019s data management project is as clear as day, according to Chan.<\/p>\n

\u201cWe have fundamentally changed how our cybersecurity team operates,\u201d he says. \u201cWith our new architecture, a single engineer has a consolidated view of all data transactions and a unified pipeline interface, making the environment much easier to manage.\u201d<\/p>\n

Previously, four engineers were needed to manage data pipelines, but now one engineer does the work more efficiently, says Chan. In addition, licensing and storage costs have been cut to just 15 percent of their former levels, and data processing capacity has doubled.<\/p>\n

\u201cThe results speak for themselves: we\u2019re processing twice the data at half the cost and with four times the efficiency.\u201d<\/p>\n

The migration to a cleaner and more scalable data management architecture also frees up engineers to focus on strategy rather than being weighed down by repetitive manual tasks.<\/p>\n

\u201cThe engineer now configures workflows once, with no need to bounce between systems or rework processes for every change,\u201d says Chan. \u201cWhat used to be a manual effort is now a point-and-click experience.\u201d<\/p>\n

For its security data management project, Avnet earned a <\/em>2025 CSO Award<\/em><\/a>. The award honors security projects that <\/em>demonstrate outstanding thought leadership and business value<\/em><\/a>.<\/em><\/p>\n

<\/a>Looking beyond data management, exploring AI<\/h2>\n

Avnet plans to extend its architecture to areas like cloud security posture management, attack surface management, and new AI-based use cases.<\/p>\n

\u201cNow that we have our own security data architecture, we\u2019re ready to integrate AI into security operations,\u201d says Chan. \u201cOne of the most exciting opportunities is LLMs tailored for security, similar to Microsoft\u2019s Security Copilot, which we are actively evaluating.\u201d<\/p>\n

Another AI-powered tool on Avnet\u2019s radar is retrieval-augmented generation (RAG). RAG is a technique that enhances GenAI models by connecting them to a specific, up-to-date knowledge base to reduce \u201cAI hallucinations\u201d and deliver the most current and accurate responses in real time.<\/p>\n

\u201cAI-assisted security insights aren\u2019t just exciting\u2014they\u2019re transformative,\u201d says Chan. \u201cThey help our analysts speed up investigations and uncover trends. None of this is possible without a well-structured data layer. But we now have that layer in place and it\u2019s giving us the freedom to scale AI use cases with confidence.\u201d<\/p>\n

<\/a>Advice to CISOs: Don\u2019t underestimate the human factor<\/h2>\n

For CIOs and CISOs considering a move to data ownership, Chan emphasizes the importance of balancing technology with people and process.<\/p>\n

\u201cThe technology\u2014installing agents and setting up pipelines\u2014is the easy part. The real challenge is getting people on board,\u201d he says.<\/p>\n

\u201cThat means aligning regional teams, earning trust, and clearly communicating the \u2018why\u2019 behind the shift. So, invest as much time getting buy-in from stakeholders as you do building the platform. When people are aligned, the technology exceeds expectations.\u201d<\/p>\n

Another tip, says Chan, is to treat vendor renewal cycles as opportunities for a change in strategy. For Avnet, the decision to walk away from a legacy SIEM renewal wasn\u2019t just a cost-saving measure; it was a chance to set a new direction for the company.<\/p>\n

Curious how Avnet is reclaiming control of its security data and unlocking AI-driven insights? Learn from industry leaders and award-winning projects like this at the CSO Conference & Awards. Register today.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

As a leading distributor of electronic components and IT services, Avnet helps more than a million customers design, build, and move products through the supply chain. From cars and airplanes to medical devices and telecom networks, chances are Avnet played an integral part in turning an idea into a finished product. On the cybersecurity front, […]<\/p>\n","protected":false},"author":0,"featured_media":4669,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4668","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4668"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4668"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4668\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4669"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}