In conjunction with third-party security vendors, Snowflake has launched what it calls a "cyber security workload" to enhance the capabilities of its data cloud for organisations looking to more efficiently detect and respond to cyber threats.
The Snowflake Cybersecurity workload is designed to let enterprises use the company's namesake data cloud to unify security data from diverse security applications, combining it with contextual data from HR systems or IT asset inventories, according to the company.
The idea, according to Snowflake, is that cyber security personnel can then run fast queries against the unified data sets, which can be used to enhance threat detection and investigation, generating higher fidelity alerts.
Snowflake's new security workload capabilities are aimed at helping security teams break down data silos to enable consistent visibility, eliminate manual processes and improve analytics, according to Omer Singer, head of cyber security strategy at Snowflake.
Cyber security workload processes data with SQL, Python
Snowflake's pitch to cyber security professionals is that traditional security architectures with legacy SIEM (security information and event management) products are buckling under the strain of handling the volume and variety of data necessary to combat modern cyber threats. Traditional SIEMs have high ingest costs, limited retention windows and proprietary query languages, all complicating security team's efforts at visibility and protection.
Snowflake's cyber security workload offers cloud-native capabilities to handle structured, semistructured, and unstructured logs, enabling users to efficiently store years of high-volume data. The platform also boasts a scalable, on-demand compute resource that will allow for searching and gaining insights using languages likeSQL and Python. This capability is currently in private preview.
Customers already using the new workload include CSAA Insurance Group, DoorDash, Dropbox, Figma, and TripActions.
Snowflake joins cyber security partners to deliver connected data cloud
Snowflake is expanding its ecosystem of partners in a bid to provide customers with the ability to choose from a number of applications that best fits their needs without compromising on their security handle.
The latest integrations include partnerships with vendors Hunters, Panther Labs, and Securonix, allowing organisations the ability to use Snowflake as a data platform — with all its storage and query capabilities — for connected cyber security products.
Hunters is a security operations centre (SOC) platform that empowers security teams to automatically detect, investigate and respond to real incidents. Panther Labs is a cloud-scale threat detection platform that solves the challenges of security operations at scale.
Securonix collects volumes of data in real time, detects advanced threats using machine learning algorithms, and provides actionable security intelligence for an automated response.
Snowflake's data cloud will leverage tightly integrated connected applications and data from providers on the Snowflake Data Marketplace to build a standard architecture, as a one-point solution for different cyber security use cases, the company said.
Snowflake Ventures, the corporate venture capital arm of Snowflake, has invested in Hunters.ai, Lacework, Panther and Securonix to help drive product alignment and deliver security systems without data silos to joint customers.