OCT 31, 2023
Managed Detection & Response Leaders Embrace Data and Analytics to Stay Ahead
The Managed Detection & Response (MDR) industry finds itself in a new era with unprecedented challenges from platform giants and the migration of the attack surface to the cloud, with innovation becoming a requirement for survival. Companies built to provide clients with 24x7 “eyes on glass” now find themselves at the intersection of rapid technological advancements and evolving threat landscapes. Successful MDR providers are finding new ways to protect customers and grow their profits by leveraging advances in data and artificial intelligence.
The MDR landscape
One side of the equation finds industry powerhouses like CrowdStrike, Microsoft and SentinelOne venturing into the MDR domain by bundling managed services with their popular solutions. On the surface, this seems tempting for customers who already rely on these vendors for endpoint security. However, MDR challenges are complex and ever-evolving, making it less likely that any "jack of all trades" will deliver successful outcomes for customers.
Cloud security and its challenges
Then you have the realm of cloud security, which has emerged as the new game in town, promising greater challenges and, at the same time, opportunities. Compared to relatively straightforward threats of the past, such as the Slammer worm, today's security professionals are confronted with multi-dimensional attacks against cloud infrastructure and the administrators who oversee it. The enormity of security data volume further complicates matters, with reports suggesting that cloud infrastructures are up to 10 times chattier than their on-premise counterparts.
We are seeing more and more MDR providers leveraging data and analytics to navigate this challenging landscape and many are choosing to partner and build with Snowflake. Here are just three of the reasons why.
Integrating with the Data Cloud
MDR providers who choose to integrate with the Data Cloud are gaining product flexibility. This integration allows them to tap into the scalability, cost-effectiveness, and operational efficiency of platforms like Snowflake. MDR providers can transform from being perceived as service providers to becoming product companies in their own right. This opens the door to delivering more tailored and effective solutions to their clients.
Data sharing with security teams
Customers who are increasingly data-savvy are sharing data with security teams. MDR providers can facilitate data sharing using Snowflake’s “secure data sharing” or via the connected application deployment model. Connected apps allow customers to maintain control of their data while leveraging the provider’s cloud-based solution. This not only empowers security teams with direct access to valuable insights but also fosters collaboration, as clients become more engaged throughout the detection & response lifecycle.
Data science and GenAI for automation
Data science and generative AI (GenAI) are being used by leading MDR providers to automate rote tasks and boost analyst efficiency. For example, LLMs are able to provide natural language explanation of complex rule logic and gnarly log lines.
In the emerging, security operations center (SOC) co-pilot model, analysts of all experience levels are able to make better and more consistent decisions, faster.
Leading MDRs embrace the Data Cloud
, a leading MDR provider, is a prime example of a successful partnership with Snowflake. ReliaQuest GreyMatter, a security operations platform, uses Snowflake for Cybersecurity
to give analysts faster search, holistic visibility, and scalability — enabling accelerated threat detection and response.
Since integrating with the Data Cloud, ReliaQuest GreyMatter has seen a 94% improvement in processing large scale threat hunting data. Snowflake’s unique approach to data storage allows ReliaQuest to query large security data sets at scale and more efficiently than before.
ReliaQuest has always treated cybersecurity as a data problem. Coupled with Snowflake’s support for both managed app (vendor’s Snowflake) and connected app (customer’s Snowflake) options, ReliaQuest can deliver better security outcomes and be prepared to meet their customer’s requirements today, and tomorrow.
Security teams that choose Powered by Snowflake
providers gain flexibility and power to use their security data beyond what their vendor provides, and can connect additional applications for use cases such as security control validation. The teams that thrive will be the ones that recognize that data access and analytics are relevant and even critical to their success.
For MDR providers, this is not a time for business as usual — the industry faces daunting challenges but also exciting opportunities. By embracing data and analytics, MDR providers can navigate these challenges effectively. Integration with the Data Cloud, data sharing with clients, and harnessing the power of AI are three key innovation trends that are leading MDR providers toward a brighter and more secure future with Snowflake.
Author
Snowflake Startup Spotlight: DeepTempo
DeepTempo uses Deep Learning and Snowflake to revolutionize cybersecurity by enhancing threat detection, reducing false positives and enabling seamless security integration.
Gem builds a real-time threat detection and response platform
See how cybersecurity startup Gem processes its clients’ cloud security data at virtually unlimited scale and in real time, using Snowflake’s Data Cloud.
Workrise builds a strong security program with their security data lake and modern SIEM
Learn how Snowflake & Panther partnership transformed Workrise's security with unified logs, real-time threat detection & AI-driven response.
Snowflake Invests in Theom to Automate Data Protection
Snowflake invests in Theom to help enterprises automate data protection and simplify governance across complex environments using AI-powered security solutions.
Snowflake Accelerates Business Growth for Data, Apps and AI Products
Snowflake accelerates business growth for providers of data, apps and AI products with seamless integration, reduced procurement blockers and scalability.
Predictions for the Dawning AI Age: What to Expect in 2024
AI predictions for 2024: supercharged data strategies, downsized LLMs, and enhanced security. Get insights into the evolving AI landscape.
Snowflake Ransomware Guardrails
Explore how Snowflake helps protect against ransomware with layered prevention, detection and recovery measures — both built-in and customer-managed.
Data Encryption with Customer-Managed Keys
The security of customer data is Snowflake's first priority. For customers with the highest security requirements, we are adding customer-managed keys.
Snowflake Openflow Revolutionizes Data Movement for AI and Interoperability
Snowflake Openflow simplifies data integration across sources and formats with a managed, extensible platform — now generally available on AWS with BYOC.
