With ever-changing regulations, enterprises and their chief information security officers must solve the challenges of managing their security data while ensuring compliance. At RSAC 2025, SmartBrief sat down with Robin Das, executive director and market growth strategist at DataBee, a Comcast data fabric company, to discuss how DataBee helps enterprises integrate disparate data into a unified data fabric. DataBee can extract an enterprise’s data and clean it up to help them perform advanced threat detection, compliance monitoring and risk management.
How is DataBee helping companies extract actionable insights from complex data ecosystems?
The first thing we believe is enterprises aren’t getting the most value from all their security data because it is trapped in silos. One of the things people will say is ‘the data can set you free.’ So once you extract this data, there is sort of no end to the use cases you can use. What we’re leaning into, most heavily right now, is continuous controls monitoring. That’s the idea that you have an annual audit, but what you really want is to have a more regular sort of monitoring of all your vitals to know whether you’re drifting in or out of compliance. So this is the first thing DataBee can do. We also have tools that help with vulnerability remediation, so we’re able to address a lot of the challenges in the organization, like not knowing the right owners of assets or applications.
We can help organizations know who owns what data, which means it’s much faster for them to patch a vulnerability because they’re not having to hunt for the owners of the asset or application. I think a lot of the enterprise today is making trade-offs between their data, either the depth or the breadth of the data that they have. By leveraging these more modern architectures, instead of having to make those trade-offs, you can actually have all your data, which gets you closer to full visibility. I don’t think you can ever truly achieve full visibility – that’s like the Holy Grail of security – but you can kind of get closer to full visibility. These tools allow you to now store more data for longer, which means you can look for more interesting patterns of compromise. If you’re not having to get rid of my data every month, you can look at things you wouldn’t necessarily see otherwise.
I think having that visibility is so important. I think too that companies have great intentions, but their data gets trapped in the silos. So what we do is (DataBee is not a data storage repository), we clean up that data, and then give you a cleaner view so you can store it in a more cost-effective place, like the data lake, which is a fraction of the cost of a sim. You are no longer limited by the amount of data you can look at.
How does DataBee approach real-time continuous controls monitoring across hybrid environments?
I think there are a couple of things to consider. I think there’s the complexity of the enterprise, right? A lot of CCM tools are very rigid in their structure. The whole point is, you want to bring in all the data, which enables you to account for the nuance in the enterprise. A really good example for us is [endpoint detection and response] coverage. It’s a simple compliance control. You know how widespread your EDR point is. You might have a metric that says: My EDR should be deployed everywhere. But, how do you define everywhere? Should it be deployed on a laptop? Yes, should it be deployed on a network switch? No, you may not be able to deploy on a network switch because you may not have the operating system or bandwidth, or it might be a legacy system, that’s question number one.
Once my EDR is deployed everywhere, the next question is: Is it turned on? And again, the data will enable you to answer that question. Then, finally, once my EDR is deployed everywhere and it’s turned on, the last question is: Is it the right version? So you have these layers sort of like an onion that you peel back, and continuous controls monitoring and within complexity of the enterprise that you need to address, even though it’s very simple question, it’s a very nuanced answer, and you can only really get to those nuanced answers when you have that data and that flexibility.
What are the challenges enterprises face when implementing these tools?
We live in a regulatory-heavy environment, and regulations are always changing, being updated. That’s challenge number one. The second challenge for the enterprise is you have mergers and acquisitions, you have restructuring, you have reorganizations and you know you need a flexible solution that’s going to be able account for these sort of changes in your organizational structure.
The way we’ve used CCM is to make compliance a team sport. And so it’s not just about some unknown auditor telling you you need to do your phishing training or testing. It’s your boss telling you and your boss is going to be much more effective. And what we do is we take the security data, we overlay it with like organizational hierarchy and additional context, and then you can actually create visibility. And so you can blast out dashboards to your organization, and you can really make compliance more visible, which then makes it more accountable, which then drives better compliance across the organization.
How is generative AI transforming asset management and security hygiene in enterprise environments?
Some organizations need to know who in the company owns an asset. If you don’t know what you have, you can’t protect it. We have a generative AI agent called BeeKeeper. It’s a really simple use case in which BeeKeeper proactively goes out and asks people in an organization, “Is this asset yours or not?” And then the people that own the asset can then interact with it, and then they can the BeeKeeper will sort of then update based on the conversation they have, then move to the next person. BeeKeeper tackles the critical challenge of identifying and validating asset owners within your organization. By automating the process of reaching out to potential asset owners and verifying their information, DataBee BeeKeeper reduces gaps in IT operations, security and compliance, allowing your teams to focus on high-value tasks.
What’s ahead for companies using AI at scale?
I think I see it trending toward a lot of disappointment and heartache, because I think a lot of AI projects are not going to succeed [if an enterprise doesn’t start with clean data]. It’s the old cliche: garbage in, garbage out. I mean, everyone says that, but having your data clean and normalized, which is something DataBee can help with, is foundational. Of course, you could probably normalize data and standardize data with the AI, but that’s a bunch of time wasted while the AI figures that out. And then you have to set the AI to task for looking for those hidden patterns, those correlations. But if you turn to something like a DataBee to do the upfront cleaning work, then you let the AI work with this clean, standardized, normalized data. So you let the AI learn where it makes the most sense to apply tools. The smart approach to AI is to look for the mundane, repetitive tasks that you’re currently tasking your analysts with and let AI do those tasks. This will free your analysts up to do the more interesting analysis. Again, I think BeeKeeper is the perfect example of helping enterprises with security hygiene, which is still a challenge for them.
What’s the buzzword of RSAC 2025?
I’m sure AI is embedded in everything. The big trend is going to be agentic AI, so that’s our buzzword for the conference.