We have built a Security Big Data Lake (SBDL) built on OSS technology to support flexibility and extensibility of data functions within UnitedHealth’s Cyber Defense environment. The foundation of Hadoop and Elastic technologies now capture over 10TB of data daily from 160 sources through 45 distinct ingestion streams. Enrichment is performed at the ingest layer and data is processed into both defined views and undefined data structures where it is accessed by over 200 end users. The platform allows for granular security controls, but is open for upstream and downstream API integration which has enabled incorporation of new tools and features.