An Excel alternative, saving 150+ hours per month, and empowering a global cybersecurity team to produce dashboards independently.
"From a software and technology perspective, the biggest advantage of KNIME is the visual workflow builder and self-documenting workflows. This not only documents important knowledge, but also makes any KNIME workflow comprehensible - and usable - to a new user."Regina WeiglHead of Analytics, GEMMACON (KNIME Partner)
This company is the second largest (by production volume) automotive manufacturer in Germany – with 280,000 employees and annual revenue of €150 billion. Led by the Chief Information Security Officer, the global cybersecurity team, which is made up of 800 individuals across 16 global teams, is responsible for the design of tailor-made, holistic solutions for IT security, as well as the tracking of cyber security processes and key figures. Progress is measured via Key Performance Indicators (KPIs) such as the percentage of websites scanned for risk or number of tickets opened for security-relevant incidents. A monthly KPI report evaluates the current status as well as target fulfillment. A multitude of data, which are imported from different sources including proprietary software, manually created Excel files as dictionaries, and SharePoint, are combined to calculate the KPIs.
Previously, one employee was responsible for this report, which included collecting and integrating the data, computing all KPIs, and visualizing and distributing the results. This was done entirely in Excel and required one month to be completed. The biggest pain points were the inability for Excel to handle the large amounts of data (often crashing mid computation) as well as the manual process, which had a precise order of steps that needed to be taken and was extremely error-prone.
For one year, the team tried to automate the processing and delivery of the KPIs in a dashboard using IBM Congos. However, this was resource-intensive and didn’t meet the desired speed of development, nor the desired level of interactivity within the visualizations. The current solution, built by KNIME Partner Gemmacon, uses KNIME Analytics Platform, KNIME Server, and PowerBI (via the native KNIME PowerBI integration).
As the first step, the current, rather simple data transformation processes, which are currently done using Excel, are reproduced as KNIME workflows. Each of the six teams has its own KPIs and gets their own dashboard. Each workflow combines two to four data sources such as data extracts from proprietary software and they use data transformation and integration nodes such as the Rule Engine node for rule-based classification and group assignment of data rows such as security incidents, assignment of target values, and deletion/censoring of sensitive data. The Date&Time nodes are used to enable time filtering and the Math Formula node for calculating KPIs.
One advantage of performing the data transformation in KNIME instead of directly in PowerBI, is that transformation in KNIME is more straight forward and comprehensible than with DAX Formulas in PowerBI. Whenever a new calculation is needed, it’s implemented in the KNIME workflow and the data source is automatically updated in PowerBI. The workflow results are collected in a database, meaning the dashboard views present both the current month’s data as well as historical data. Dashboards in PowerBI are designed and queried using the data out of the database. In a second step, a KNIME Server Small, installed on an internal IT-managed server, hosts all the workflows where they are also executed automatically.
From a software and technology perspective, the biggest advantage of KNIME is the visual workflow builder and self-documenting workflows in KNIME Analytics Platform. This not only documents important knowledge, but also makes any KNIME workflow comprehensible - and usable - to a new user. The gentle learning curve enables even those with minimal data science experience to understand what’s happening with the data at any point in the workflow. KNIME workflows don’t require external development, which removes the need for specialized software setups and expert knowledge, and enables the team to independently make any changes they want/need. KNIME offers extensions and integrations with many other open source and commercial tools. This enables data scientists who are building or adjusting the workflow to continue working with the tools that they know and like – in this case exporting visualizations to PowerBI. KNIME Server is a valuable addition because it supports the automation of the entire process, thereby freeing up a team member who no longer has to manually execute the workflow and send the results to the team.
Gemmacon, a KNIME Partner, was brought on board after delays and difficulties with the previous solution, and because a solution was needed to communicate to all users and stakeholders at an internal, global event. The project deliverables, which consisted of six KNIME workflows and PowerBI dashboards, were completed in one month. More are to be developed by the cybersecurity department, who has been enabled and empowered to do this independently. Next steps in the project include removing the need for human effort at any step of the process by, for example, automatically extracting the data from the proprietary software as well as emails and text files. This will enable those team members to focus on more value-adding tasks and projects.