WHAT IS SIEM SECURITY?
A SIEM (Security Information & Event Management) solution ingests and stores security events and logs from various data sources across the IT infrastructure. A wide range of data sources includes on-premise, cloud-based, and mobile ones. The main use cases of a SIEM that leverages this stored data include:
- Detect and alert on cyber threats. Write searches to detect suspicious events and patterns/outliers, and then alert when search parameters are met. Searches can use Boolean logic to detect specific patterns (alert if I see A and B but not C, etc) or statistics to find outliers.
- Investigate and respond to cyber threats. After-the fact, go through machine data going back weeks or months to determine how a threat got it, if and where they spread to, how to eradicate it, what data they may have accessed and stolen, etc.
- Report and visualize on cyber threats. Build reports, dashboards, and other visualizations to measure and manage risk. These are often also shown to executives or auditors.
- Ensure regulatory compliance. Most regulations like PCI, HIPAA, SOX, ISO, etc, require that an organization (1) log and retain machine data for a certain time period (can be weeks to years depending on the regulation) so it can be used to detect and investigate cyber threats. Regulations also require organizations to (2) measure the effectiveness of other IT security controls.
SIEM Security and Snowflake
Many organizations use Snowflake’s cloud-based, security analytics/SIEM product that can index and store all machine logs and security events for weeks/months. The data can be leveraged for advanced threat detection, threat investigations, reporting and compliance purposes. Organizations choose Snowflake over other SIEMs because we are:
- Built for the cloud
- Can automatically scale up and down
- Offer fast speed and unlimited scale
- Enable powerful analytics and custom detection rules
- Offer a much lower TCO with affordable licensing costs and no expensive hardware to buy
- Can index all data types
The bottom line for using Snowflake as a SIEM: better, faster, more cost-effective security analytics.
While Snowflake can replace existing analytics/SIEM products, often times we complement them by alleviating existing SIEM issues, such as expensive hardware and licensing costs that make data storage requirements expensive.