Talion streamlines its cybersecurity offering with Azure Data Explorer

Headquartered in Farnborough, UK, Talion delivers advanced cybersecurity and log management services to a range of clients across the commercial and governmental sectors. It offers services ranging from security monitoring, behavior analytics, opensource intelligence, and threat intelligence. “Our aim is to provide a trusted security partnership to our clients,” begins Gareth Norman, Operations Director at Talion. “Our value propositions are accessibility, transparency, and excellent service. However, our existing technology solution was hindering our ability to deliver on our promise to customers.”

 “We had a number of hosting partnerships which were becoming very expensive from an operations perspective,” explains Norman. “Plus, the technology we were using was limited in terms of its capability. We promote transparency across our log management offering, but from the client’s perspective, things were still very much like a black box.” 

Moses Lim, Site Reliability Engineering Lead at Talion also brings up issues around resource allocation. “Every time we needed additional computing and data hosting resources, it would take two to four days to actually bring it up.” Part of the reason for this delay was the company’s infrastructure. "We couldn't simply add any additional technologies or capabilities,” explains Norman. “Everything had to be sourced in a very specific way.”

Case in point—onboarding clients. "Onboarding a new customer meant capacity planning with our infrastructure, a process that could take three to four days,” explains Wong See Ling, Senior SRE at Talion. “Then we would need to provision new machines, which would take three more days of work in our data center and could take as long as a week or more in total.”

It was not just a question of scaling and expanding resources, but also of business continuity and disaster recovery. "Data pipelines occasionally break down,” begins Ling. “It would take us five to six hours to discover this breakdown, with possible information loss in between. Query timeouts were also a recurring problem. It was difficult to know how to appropriately scale the cluster. All these challenges really hindered our operations and our teams’ day-to-day work.” 

With these issues in its existing solutions, Talion needed a better way forward.

From proof-of-concept to long-term solution

In 2019, Talion decided to run an ADX proof-of-concept exercise, which quickly developed into something bigger. “After we saw the benefits, we began evaluating ADX as a long-term solution to customer data retention,” explains Lim. “We started looking at ADX as a way to give customers greater access and insight into their data.” 

Giving customer access to their data was exactly what Talion did. “We’ve built a suite of dashboards which provide customers extra insights into how much data has been ingested, along with alerts and other functionality,” explains Norman. “It's allowed us to reveal a lot of the underlying service information to the client. They can now be confident that the numbers that we give them are accurate. It really supports our message of transparency and trust.” 

Talion was also able to extract deeper insights from the data using Azure’s Kusto Query Language (KQL). “The standard query language, SQL, didn’t allow for fine-tuning,” Lim shares. “With KQL, we can refine every line of query because it’s almost like linear programming. Now, every query we run brings meaningful results.”

Increased flexibility

By switching to ADX, Talion has also dramatically improved its customer onboarding times. “What once took us a week or more has now gone down to a day or less,” Lim explains. “Our scaling and capacity planning time has also been hugely reduced—from a week or more of work, down to two hours. And if we need more storage, that can be added in 24 hours, compared to weeks.” 

“The transition has also been very smooth,” Lim continues, “not only from our previous solution to ADX, but in terms of the opportunity to do a version upgrade from ADX version two to version three. The product management team always lets us know about valuable updates.” 

Today, customer data hosted in ADX is available for the long term, unlike the previous solution which only provided short-term usage. “ADX has become an integrated, long-term data solution to us,” Norman points out. “It not only allows the customer to access their data, but also allows internal teams to have systems integration for more robust analytics to be written across security, trending, intelligence, and threat hunting.”

Value-added solutions

After switching to ADX, Talion has witnessed considerable cost savings. “We’ve reduced our long-term storage costs by 75 percent,” says Norman. “From a business perspective, the reduction in cost, effort, and maintenance are all really big elements. But more importantly, we’ve been able to enhance the customer experience at no additional cost to them—enhancing visibility, transparency and inclusion.” 

Lim sees greater opportunity to grow and develop Talion’s services through ADX. “We’re looking at new ways to use our data, because now our data is easier to use,” he shares. “We don’t have as many restrictions with regard to who is able to securely access and meaningfully use the data. Now, more people can look at and work with the data we have. That means more people can understand our customers’ data, which allows us to evolve our service and improve it further.” 

Today, Talion also uses ADX to enhance their product portfolio with improved offerings around Threat Hunting and UEBA analytics. With ADX, Talion is able to deliver enhanced services and further build on the trusted partner relationship with their customers.