In conjunction with third-party security vendors, Snowflake has launched what it calls a “cybersecurity workload” to enhance the capabilities of its data cloud for organizations looing to more efficiently detect and respond to cyberthreats.
The Snowflake Cybersecurity workload is designed to let enterprises use the company’s namesake data cloud to unify security data from diverse security applications, combining it with contextual data from HR systems or IT asset inventories, according to the company.
The idea, according to Snowflake, is that cybersecurity personnel can then run fast queries against the unified data sets, which can be used to enhance threat detection and investigation, generating higher fidelity alerts.
Snowflake’s new security workload capabilities are aimed at helping security teams break down data silos to enable consistent visibility, eliminate manual processes and improve analytics, according to Omer Singer, head of cybersecurity strategy at Snowflake.
Cybersecurity workload processes data with SQL, Python
Snowflake’s pitch to cybersecurity professionals is that traditional security architectures with legacy SIEM (security information and event management) products are buckling under the strain of handling the volume and variety of data necessary to combat modern cyberthreats. Traditional SIEMs have high ingest costs, limited retention windows and proprietary query languages, all complicating security team’s efforts at visibility and protection.
Snowflake’s cybersecurity workload offers cloud-native capabilities to handle structured, semistructured, and unstructured logs, enabling users to efficiently store years of high-volume data. The platform also boasts a scalable, on-demand compute resource that will allow for searching and gaining insights using languages like SQL and Python. (This capability is currently in private preview.)
Customers already using the new workload include CSAA Insurance Group, DoorDash, Dropbox, Figma, and TripActions.
Snowflake joins cybersecurity partners to deliver connected data cloud
Snowflake is expanding its ecosystem of partners in a bid to provide customers with the ability to choose from a number of applications that best fits their needs without compromising on their security handle.
The latest integrations include partnerships with vendors Hunters, Panther Labs, and Securonix, allowing organizations the ability to use Snowflake as a data platform — with all its storage and query capabilities — for connected cybersecurity products.
Hunters is a security operations center (SOC) platform that empowers security teams to automatically detect, investigate and respond to real incidents.
Panther Labs is a cloud-scale threat detection platform that solves the challenges of security operations at scale.
Securonix collects volumes of data in real time, detects advanced threats using machine learning algorithms, and provides actionable security intelligence for an automated response.
Snowflake’s data cloud will leverage tightly integrated connected applications and data from providers on the Snowflake Data Marketplace to build a standard architecture, as a one-point solution for different cybersecurity use cases, the company said.
Snowflake Ventures, the corporate venture capital arm of Snowflake, has invested in Hunters.ai, Lacework, Panther and Securonix to help drive product alignment and deliver security systems without data silos to joint customers.