Security data lakes are taking a central role in the shaping of the modern security operations center. With virtually unlimited and cost-effective scalability, Snowflake can potentially be the ideal platform for centralized logging. Achieving that potential, however, requires purpose-built cybersecurity solutions. Hunters’ native integration with Snowflake brings sophisticated threat detection to a customer’s data platform, empowering customers to utilize a single, scalable source of truth coupled with a state-of-the-art, open Extended Detection and Response (XDR) solution. The benefits of this approach, and the ease of getting started, are enabling security teams to move beyond the siloed Security Information Event Management (SIEM) model towards joining the rest of the enterprise in the Data Cloud
Why Change Is Needed
Traditionally, security analysts relied on SIEM solutions to identify threats and investigate alerts generated by various sensors on endpoints and firewalls. The SIEM system was the nerve center of the on-premises security operation.
As valuable as SIEM systems have been in the security stack, they’ve become very costly while covering a shrinking fraction of total security data. Security teams increasingly report that SIEM solutions are “costly, complex, and resource-consuming,” according to a recent ESG survey.1
In a world where IaaS, SaaS, and endpoint detection and response (EDR) sources generate terabytes of logs, it becomes crucial to use cost-effective and scalable cloud storage for retention. With such a variety and volume of data, it’s no longer effective to rely on simple rules for threat detection. Instead, data analytics techniques such as dimensional models and graph-based machine learning algorithms are needed to avoid noisy alerts while connecting the dots against sophisticated threat actors.
It’s worth noting that even “next-generation” SIEM solutions still tend to miss out on the importance of folding security analytics into the enterprise data platform. Approaches that remove limitations on ingest volumes while still leaving security teams to operate on a siloed, separate data stack are setting up teams to fail. Cloud-scale logging needs to be accompanied by an open analytics approach that combines contextual enterprise sources with security data and brings together individuals from all corners of the business.
Goodbye Event Management, Hello Security Data Lake and XDR
Security data lakes that are built for the cloud can support analytics at scale and at a fraction of the cost of dedicated SIEM solutions. Adding Hunters’ open XDR solution on top of Snowflake enables rapid consolidation of all security sources and includes out-of-the-box analytics to make sense of it all. This open approach is becoming best practice for security operations, reducing vendor lock-in while preparing the security program for the multi-cloud, petabyte-scale security challenges of the future.
Tune into our on-demand webinar featuring Omer Singer, Head of Cyber Security at Snowflake, and Michael Persechini, VP of Sales at Hunters, to learn more about:
- What’s driving the evolution of SOC platforms
- Why security data lakes go beyond SIEM
- How you can detect threats faster, save budget, and generate more impact with Hunters and Snowflake