Cybersecurity is a data problem at its core. Yet, security teams haven’t achieved tremendous success in utilizing the modern data stack that data analytics teams have enjoyed for years. Security teams face constant pressure from vulnerabilities and breaches in their infrastructure and supply chains because they remain on a proverbial island with antiquated technology. Cybersecurity leaders must uplevel their strategies by implementing a modern security data lake.
We first knew it was possible to leverage Snowflake’s Data Cloud for security use cases when a large customer from the financial services industry came to us with a problem. Their security team needed to respond quickly to a large-scale incident that would require them to comb through petabytes of data. The security engineers estimated it would take months and cost millions to resolve the incident with their legacy architecture and security information event management (SIEM) solution.
The limitations of legacy SIEMs were clear: expensive storage, short retention periods, slow queries, and the exacerbation of data silos drove slow and manual incident response. The security engineers had to find a way to crunch petabytes of data with Snowflake, just like their financial analysts often did daily, without any resource contention or complexity to access data. A few weeks later, with the help of the Snowflake team, the customer’s investigators and threat hunters loaded and analyzed petabytes of log data in Snowflake to help resolve the incident quickly.
Snowflake for Cybersecurity
For the three years since that incident, I’ve been working with industry leaders and practitioners to develop a well-rounded solution for today’s cybersecurity industry. I found that almost every security team faces the same challenges—growing data volumes, expanded attack surfaces, data silos, manual processes, and lack of dynamic metrics that enable data-driven decisions in near-real time. As a result, it became clear these teams needed a solution that could provide cost-efficient storage to eliminate data silos, deliver near-infinite computing for powerful analytics, and provide out-of-the-box integrations, content, and workflows to help remove the barriers to fast and accurate incident response.
And that’s why we’ve recently announced the launch of our new cybersecurity workload. With Snowflake’s Data Cloud, cybersecurity teams can break down data silos to enable better visibility, deliver advanced analytics that remove manual processes, and give security teams a clearer picture of evolving risks and threats coming their way. Today, customers like Dropbox, TripActions, Figma, Netgear, Clari, and many others (including Snowflake’s security team) run their cybersecurity workloads and use cases with Snowflake.
Aside from providing a single, unified location for your security data and enabling you to run powerful analytics with SQL and Python, Snowflake has also built an ecosystem of connected applications that allow customers to bring full-featured security capabilities from leading vendors to their data in the Data Cloud. These applications offer off-the-shelf capabilities for various use cases, from SIEM and vulnerability management to compliance automation and third-party risk management. Snowflake’s Marketplace vendors also provide access to live, ready-to-query contextual data such as threat intelligence and geo-location datasets.
What the future holds
We will continue to enhance our cybersecurity workload with more connected applications. If you are a cybersecurity provider interested in delivering your service to security teams in the Data Cloud, please contact us. Many of our partners are ecstatic about the growth they’ve seen with this model, and customers love the freedom to use technologies that help them access, govern, share, and analyze their data. In addition, we will continue to evolve our platform, the Data Cloud, to best support the needs of cybersecurity teams. Snowflake has released several platform capabilities to support this workload, including streaming ingest improvements (private preview), search optimization (generally available) for faster point lookups, and Snowpark for Python (public preview) so security engineers can build reliable pipelines and detections in the language of their choice.
The security data lake architecture, with a modern data platform at its core, is the new best practice for security at cloud-scale. Snowflake has a leading role in this movement, and I hope you will join us on this journey to make cybersecurity less fragmented and more successful for security teams of all sizes.
To learn more about the new Cybersecurity workload, please attend our annual user conference, Snowflake Summit from June 13-16th in Las Vegas. You’ll hear from security leaders and practitioners who will share their success in migrating to this modern architecture. In addition, the security partner ecosystem will be showcasing new features that advance the value of the Snowflake Data Cloud for CISOs and their organizations.
If you can’t make it to the cybersecurity track at Summit, reach out to Snowflake for a security data lake conversation. We’re helping security professionals in every industry plan and implement a data-driven strategy. Let’s talk about how Snowflake can support and accelerate your security initiatives for 2022 and beyond.