Merlin International sought to create a secure and integrated cybersecurity platform that could combine data across toolsets and find gaps that exist in most security operations centers (SOCs).
Delivers an expected 75% increasein security mission implementations
Provides smarter cybersecurity analyticsand detects threats more readily and precisely
Enhances analysts’ visibilitywhich simplifies their jobs and improves effectiveness and response times
Business challenge story
Seeking integrated, empowered cybersecurity
Cybersecurity has become critically important in our modern, technology-dependent world. As a result, hundreds of vendors have flooded the market with innovative security tools. Simultaneously, organizations have increased security budgets and purchased numerous cybersecurity systems to protect their infrastructures, applications, data, networks and customers. However, even with all these security tools in place, staff are racing from one system to the next to respond to threats. They often realize attacks just a few seconds too late, and the incidents lack context.
Disparate cybersecurity systems are creating too many alerts and blind spots. This makes it nearly impossible to prioritize the alerts based on critical vulnerabilities and exposures and then orchestrate an effective security policy that aligns with security controls, standards and compliance requirements. Security staff simply have too many separate, non-interactive tools to manage. “Our clients tell us that cybersecurity is a crowded, confusing space of tools that are far too susceptible to attack and too diverse to drive an overarching roadmap to close vulnerabilities,” shares Derek Schwartz, Senior Manager of Alliances and Partnership Channel at Merlin, a cybersecurity solutions provider.
Merlin has a long history with its customers and partners, so it has unique insight into what is missing from the cybersecurity market. Therefore, using complex attack pattern detection and a risk and compliance-based approach, the company sought to create a secure and integrated cybersecurity platform that could combine data across existing toolsets and empower security staff. The solution needed to provide an ecosystem that could incrementally find the gaps that exist in most large SOCs and network operations centers (NOCs).
Building a platform with a two-second advantage
Merlin engaged IBM to help build the Merlin cybersecurity platform, a solution based on a Security Operations and Analytics Platform Architecture (SOAPA) model. At the New York IBM Garage, the company participated in a one-week IBM Design Thinking workshop, which brought together a talented team of experts, including architects, designers and Merlin stakeholders from across the company. The Design Thinking workshop revealed two areas of focus: the need for a platform with a single view of cybersecurity data and a way to offer analysts a two-second advantage over attackers. Next, the group spent six weeks building, on the IBM Cloud Private platform, a minimum viable product (MVP), with a focus on optimizing the user interface (UI) and operationalizing the technology stack.
Tej Luthra, Vice President of Engineering and Product Development at Merlin, describes how the Garage team and the Design Thinking workshop transformed the company’s approach to this project: “It was all about ideating, hypothesizing, understanding user interaction and behavior and validating assumptions. We could fail fast and get a large team of developers up and running quickly. The Garage provided a great venue for us to compare our direction and vet it with an experienced team. It also helped with visualizing what we were designing. The Garage was the basis of establishing an agile methodology for our own product development team.” He estimates that the Garage significantly sped development processes, and if the team had built the platform in-house, it would have taken up to four times longer to achieve the same outcome.
Luthra further explains: “I had to stand up a team of 25 developers in less than nine months and deliver a prototype. The Garage helped me align the team very quickly, understand the functional requirements and communication needed in an agile space, and steer them all to work in a highly collaborative environment that spanned four countries across multiple time zones.”
With the goal of staying open source as much as possible to allow the platform to adapt to changing customer requirements, Merlin has also incorporated the Apache Cassandra database, Apache Kafka software platform, Apache Solr search platform, Apache Spark computing framework, MongoDB database program, Pivotal Spring Boot framework and ReactJS Redux library. In addition, the team wanted to integrate capabilities into the platform with containers, the Kubernetes container-orchestration system and microservices. As a result, the platform is positioned to easily onboard technology and IT partners. In fact, Merlin has recently worked with many companies, including Dell Inc., VMware, Inc., and CACI International Inc., that have used this platform to reach new customers and solve large issues.
After validating these technology selections, Luthra says Merlin chose to run on the Cloud Private platform. “The platform that we chose was crucial because it would be the basis of the security analytics we are providing. Because our focus and most of our customers are in a regulated space, we had to make sure the platform was secure and compliant from the ground up. Knowing Cloud Private’s roadmap included FIPS [Federal Information Processing Standard] 140-2 encryption specification support and vulnerability advisor, we could move forward quickly and complete an analysis of alternatives. The platform let us deploy a nimble, functional and secure DevOps framework that helped us go to market fast, enter any cloud environment, and choose a use-case-driven approach to problem solving. This is why we chose IBM Cloud Private.”
By using the Cloud Private platform to bring cloud capabilities behind the firewall, Merlin was able to strike the balance its customers sought: be flexible, embrace cloud-native technologies, and remain agile, all while maintaining an on-premises level of security. Further, the roadmap for the Cloud Private platform was easily adaptable to the requirements of the federal government, which comprises 95 percent of Merlin’s customer base.
Currently, 80 percent of the solution runs on the Cloud Private framework and 20 percent runs on the IBM Streams computing platform. Merlin chose the Streams platform to provide real-time, low-latency in-memory capabilities and always-available processing of data analytics, machine learning and AI. Plus, Luthra explains, it “was robust and could process astronomically large amounts of data in a very short period of time.”
When a security breach occurs, there’s a forensics and incident-response process that helps analysts understand what happened. Not only is this response too late, companies also spend millions of dollars on this analysis, which ultimately pinpoints a very simple gap in the security process. The Streams platform is helping the solution shift left, giving the analysts and security staff a two-second advantage. This gives the security operations team a chance to identify the issue with certainty and close the gap to avoid the breach, potentially saving the company millions and better protecting technology and stakeholders.
Since the initial MVP, Merlin has created four additional MVPs. To bring autonomous and self-learning capabilities into the platform, the company has built a natural language processing (NLP) engine that incorporates unsupervised learning, anomaly detection, content analytics, machine learning and neural nets. Merlin is planning an alpha release, and future components of the platform will use the automation and AI functionality resident in the Cloud Private platform.
Solving some of security’s biggest problems
With help from the Garage team, Merlin has created a powerful differentiator in the crowded cybersecurity marketplace. The intuitive and easily navigable cybersecurity platform is a new approach to solving some of security’s biggest problems. It provides an integrated ecosystem of tools that cross-check one another to help stop a security threat before it becomes an incident.
By converging existing security data from across an organization and viewing it through a single pane, the solution provides smarter cybersecurity analytics. Analysts can detect threats more readily, better analyze risk and compliance, prioritize vulnerabilities and dive deep into a specific aspect of security. Enhanced visibility simplifies analysts’ jobs and improves their effectiveness.
Merlin anticipates significantly faster implementations of security missions. For example, Luthra says, “We expect the solution to speed network access control by as much as 50 - 75 percent. Small companies could reduce the required implementation time from approximately a year to as little as three months, and large companies from 10 years to five years.”
This solution has been such an important differentiator for Merlin that it has been the catalyst for a new strategic direction. The company has established an Emerging Technologies division, which acts as an integrator for new and existing technologies and has made multiple investments trying to grow this part of the business. The company expects this new division to expand substantially and be highly lucrative. In closing, Luthra says, “The Garage was instrumental in having us dream big and achieve big, especially with this first-of-a-kind technology and a do-it-right-the-first-time approach.”
Merlin provides cybersecurity solutions that protect government and commercial organizations. Offerings include governance and risk-management protections for endpoints, networks and infrastructures. Headquartered in Vienna, Virginia, Merlin employs roughly 150 people.