Data Integration versus Data Orchestration
This article aims to clarify the distinctions between Data Integration and Data Orchestration in the Brinqa Platform, as understanding the unique roles and functions of these processes is crucial for effectively leveraging the platform to manage your organization's cybersecurity risk landscape and successfully bringing your data into Brinqa.
Data integration
Data integration involves authenticating connectors, such as Jamf Pro or Qualys Vulnerability Management, with Brinqa, and importing data through the connectors into the Brinqa Platform. A successful data integration sync ensures that the data retrieved by the connector maps to the appropriate data model, but does not preprate your data for visualization or searching.
Data orchestration
Data orchestration, in contrast, combines and syncs all your data integrations, performs important computation and consolidation actions to coordinate the flow of data between systems and applications in the Brinqa Platform, runs automations, and prepares your data for searching and graphing. These actions include:
-
Consolidate the data retrieved from multiple data sources into clear and easy-to-read list view tables. When you import large amounts of data with different connectors into the Brinqa Platform, you need a way to deduplicate the records and quickly find the information you need. Consolidation streamlines your data by identifying duplicates across multiple sources and retaining the most valuable information from each source. This process ensures that your data is effectively organized, making it compatible with both basic search filters and the Brinqa Query Language (BQL) for efficient analysis and reporting.
-
Calculate risk scores to enhance context and gain insights into your data. These computations include prioritization, which involves calculating risk scores and other attributes to better focus on the most significant issues, and clustering, which groups data into meaningful categories for a more comprehensive understanding of your organization's cybersecurity posture. Risk scoring helps you and your organization better understand and manage compliance risks, plan remediation efforts, and have a comprehensive view of your attack surface. If you have enabled risk factors and service-level agreements (SLA) for your data models, data orchestration takes them into account when calculating risk scores.
-
Generate pre-configured metrics through orchestrated automation. In the Brinqa Platform, automation encompasses a variety of tasks, such as creating metrics to track Key Performance Indicators (KPIs), sending summary notifications, and managing tickets and exceptions. The pre-configured metrics include specific analytics, such as counts of users, findings, assets, reports, and more, which help streamline the monitoring and management of your organization's cybersecurity posture.
As shown in Figure 1, data integration retrieves the source data models (SDM) from the connector and then maps them to the unified data models (UDM). After consolidation, computation and automation run to generate risk scores and metrics on your assets and findings, and update your existing exception requests, reports, and tickets.
Figure 1. The data integration and data orchestration process.
Running individual data integration syncs alone does not result in your data appearing or being visualized in Brinqa. To achieve this, you must either wait for the data orchestration to run or run it manually.