IT Best Practices: Advanced cyber threats continue to increase in frequency and sophistication, threatening computing environments and impacting businesses’ ability to grow. More than ever, large enterprises must invest in effective information security, using technologies that improve detection and response times. At Intel, we are transforming from our legacy cybersecurity systems to a modern, scalable Cyber Intelligence Platform (CIP) based on Kafka and Splunk. In our 2019 paper, Transforming Intel’s Security Posture with Innovations in Data Intelligence, we discussed the data lake, monitoring, and security capabilities of Splunk. This paper describes the essential role Apache Kafka plays in our CIP and its key benefits. Apache Kafka is the foundation of our CIP architecture. We achieve economies of scale as we acquire data once and consume it many times. Simplified connection of data sources helps reduce our technical debt, while filtering data helps reduce costs to downstream systems. Intel vice president and Chief Information Security Officer, Brent Conran, explains, “Kafka helps us produce contextually rich data for both IT and our business units. Kafka also enables us to deploy more advanced techniques in-stream, such as machine-learning models that analyze data and produce new insights. This helps us reduce mean time to detect and respond; it also helps decrease the need for human touch. Kafka technology, combined with Confluent’s enterprise features and high-performance Intel architecture, support our mission to make it safe for Intel to go fast.”