The New Partnership of Security and Data Analytics at Prologis
8月 19, 2020 | 4 Min Read
Author: Omer Singer | Contributing Authors: Luke Slotwinski and Tyler Warren
Data analytics is going through tremendous growth while helping businesses succeed in a challenging economy. But cybersecurity presents increasing challenges for businesses. Prologis, however, has combined data analytics and cybersecurity to improve visibility, cut costs, and reduce risk.
Treating Security Logs as Enterprise Data
Prologis plays an essential role in the global supply chain. In 2018, Prologis made a strategic decision to centralize the company’s data on Snowflake’s cloud data platform so that analytics could help them manage 4,655 warehouses across nearly one billion square feet on four continents. Uniquely, this unified data platform strategy included the log sources monitored by Prologis security.
As a result, the data analytics and information security teams formed an internal partnership. One of the first benefits was a consolidation that reduced security’s dependence on its SIEM solution. Using Snowflake as a security data lake presented an alternative destination for high volume log sources, because cloud storage meant that Prologis could store a lot of data inexpensively. As Prologis shifts more of its digital infrastructure to the cloud, log volumes are growing but costs are manageable.
Meeting Integration Requirements
One of the challenges of using a cloud data platform that was not designed to be a security solution, however, is the lack of built-in integrations for security data sources. While data teams usually rely on ETL vendors to pipe common sources into the data warehouse, these vendors do not cover firewalls, EDR, and other security products. The partnership between security and data analytics teams turned this challenge into an opportunity.
Support from the data analytics team made the Prologis security data lake into a central source of truth that eliminated many visibility gaps. The data team has the expertise to pull logs and other details from the API of systems that could not be easily integrated into the SIEM, including a cloud-based document management solution that stores sensitive files. Custom scripts now collect similar, previously unmonitored sources to S3 buckets. From S3, Snowflake automatically streams new records into the database. This has extended the security team’s visibility to systems that were gaps for the SIEM, and as a result, the security team has more complete visibility and context for threat detection, incident response, and security metrics.
Solving the Retention Problem
Prologis’ greater visibility extends not just across data sources, but over a longer period of time. Previously, increasing amounts of data ingested daily combined with limited storage space meant reducing the log data’s retention period. With Snowflake’s cloud storage, Prologis can keep the data longer without worrying about size limitations. This creates an opportunity to analyze data further back in time, and it enables advanced analysis of data such as user behavior analytics.
Bringing Data and Security Teams Together
The same partnership approach is how the security team reduced its learning curve with SQL and BI dashboard creation. One of the goals of the Prologis security data lake initiative was to enable self-service access to security data and metrics. Authorized personnel in different teams would be able to help protect Prologis without needing to open a data request ticket or asking for help from a data administrator.
Since the security team was new to the analytics stack, this was a joint effort. The security team defined requirements, then the data analytics team and BI partners helped write the SQL code and arrange the visualizations to fulfill those requirements. This strategy has already saved time and improved visibility. Prologis plans to further accelerate workflows such as employee access audits by expanding its purpose-built dashboards on top of the unified datasets.
A Partnership for Data-Driven Security
Prologis is excited about having its security data in the same data store as its operational data. The flexibility of the security data lake gives IT Security a unique view of the combined dataset and creates new opportunities for connecting the two worlds.
The two organizations at Prologis joined forces to build a data-driven security program. With security providing the subject matter expertise and data analytics bringing SQL, Python, and Snowflake skills, Prologis eliminated limitations on data volume, performance, and reporting. Although there is a learning curve to this new architecture, the partnership between security and data analytics has given Prologis the confidence to deal with whatever comes next. Learn more about Snowflake and Prologis.
Luke Slotwinski is VP, Data & Analytics at Prologis
Tyler Warren is Director, IT Security at Prologis