Cybersecurity is a data problem at its core. Yet, security teams haven’t achieved tremendous success in utilizing the modern data stack that data analytics teams have enjoyed for years. Security teams face constant pressure from vulnerabilities and breaches in their infrastructure and supply chains because they remain on a proverbial island with antiquated technology. Cybersecurity leaders must uplevel their strategies by implementing a modern security data lake.
We first knew it was possible to leverage Snowflake’s Data Cloud for security use cases when a large customer from the financial services industry came to us with a problem. Their security team needed to respond quickly to a large-scale incident that would require them to comb through petabytes of data. The security engineers estimated it would take months and cost millions to resolve the incident with their legacy architecture and security information event management (SIEM) solution.
The limitations of legacy SIEMs were clear: expensive storage, short retention periods, slow queries, and the exacerbation of data silos drove slow and manual incident response. The security engineers had to find a way to crunch petabytes of data with Snowflake, just like their financial analysts often did daily, without any resource contention or complexity to access data. A few weeks later, with the help of the Snowflake team, the customer’s investigators and threat hunters loaded and analyzed petabytes of log data in Snowflake to help resolve the incident quickly.
Snowflake for Cybersecurity
For the three years since that incident, I’ve been working with industry leaders and practitioners to develop a well-rounded solution for today’s cybersecurity industry. I found that almost every security team faces the same challenges—growing data volumes, expanded attack surfaces, data silos, manual processes, and lack of dynamic metrics that enable data-driven decisions in near-real time. As a result, it became clear these teams needed a solution that could provide cost-efficient storage to eliminate data silos, deliver near-infinite computing for powerful analytics, and provide out-of-the-box integrations, content, and workflows to help remove the barriers to fast and accurate incident response.
And that’s why we’ve recently announced the launch of our new cybersecurity workload. With Snowflake’s Data Cloud, cybersecurity teams can break down data silos to enable better visibility, deliver advanced analytics that remove manual processes, and give security teams a clearer picture of evolving risks and threats coming their way. Today, customers like Dropbox, TripActions, Figma, Netgear, Clari, and many others (including Snowflake’s security team) run their cybersecurity workloads and use cases with Snowflake.
Aside from providing a single, unified location for your security data and enabling you to run powerful analytics with SQL and Python, Snowflake has also built an ecosystem of connected applications that allow customers to bring full-featured security capabilities from leading vendors to their data in the Data Cloud. These applications offer off-the-shelf capabilities for various use cases, from SIEM and vulnerability management to compliance automation and third-party risk management. Snowflake’s Marketplace vendors also provide access to live, ready-to-query contextual data such as threat intelligence and geo-location datasets.