Snowflake recently announced its newest data workload, Cybersecurity, at our annual user conference Snowflake Summit. Nearly 9,000 customers, partners, prospects, and analysts packed Caesar’s Forum in Las Vegas to hear what new advancements Snowflake and our partners brought to The Data Cloud. Cybersecurity professionals, other data leaders, and industry experts were curious to learn how organizations use Snowflake for cybersecurity today, and what’s in store for tomorrow. For those who didn’t get to attend in person, here’s a recap of the announcement, and perspectives from customers and analysts.
What is Snowflake’s Cybersecurity Workload?
The Snowflake Data Cloud serves as the data layer for both security teams that need a single source of truth for their security data, and for security providers that want to build their applications on Snowflake. Customers and providers can use the Data Cloud as their security data lake for nearly unlimited storage and compute for their cybersecurity use cases and applications.
What benefits does the Data Cloud provide security teams?
For years, security teams have been plagued with data silos, manual processes, slow queries, and a lack of data-driven metrics to make informed decisions in real-time. They are often required to silo data in the legacy security information and event management systems (SIEMs) they use. They also rely on cold storage such as AWS S3, due to expensive storage SIEM costs and growing data volumes. Security teams are also slow with launching and executing breach investigations that may require digging into more than one year’s of data or that isn’t readily accessible. And they often have little access to dynamic dashboards and must keep static metrics in Excel or Powerpoint. These are all results of using antiquated technology that no longer serves the needs of today’s organizations and their cybersecurity teams.
By decoupling the data layer from traditional SIEM capabilities, customers can finally have a single source of truth for their security data. Many organizations are already accomplishing this by using Snowflake’s Data Cloud as their security data lake. They enjoy cost-efficient storage and near-infinite compute for powerful analytics and fast queries. More importantly, security teams can have access to a rich ecosystem of technologies and services from Snowflake partners that provide security capabilities such as content, workflows, and out-of-the-box integrations to help remove the barriers to fast and accurate incident response.
How can security solution providers benefit, and provide value?
Here are some of the advantages for security providers that build their products on Snowflake as connected applications:
- Removing data infrastructure costs. With the connected app model, the app provider doesn’t need to worry about how much data the customer is storing because the data is stored in the customer’s Snowflake instance. The app pricing will stay relatively stable over time even as data volume increases.
- Ease of management and deployment. Onboarding to a new connected app is as easy as a few clicks since the data already exists in the customer’s Snowflake instance.
- Co-sell motions with Snowflake. App providers that are part of the Powered By Snowflake program benefit from working with our team to build and co-sell their joint solutions, making it much easier to onboard existing Snowflake customers.
Snowflake’s cybersecurity workload provides a solution in which security teams and providers can leverage the Data Cloud as the data platform for all their needs.
As shown in this architectural diagram, customers can leverage Snowflake as their security data lake and use their data for multiple security use cases, deploying various connected applications from partners, such as Tenable, Securonix, Cribl, Anvilogic, and more.
What are customers and industry experts saying about Snowflake for cybersecurity?
- Figma – “One of the difficulties for security [teams] … is correlating logs from disparate sources stored in disparate places. Snowflake allows us to combine them altogether and extract signal and indicators of compromise in just one single place.” – Dev Akhawe, Head of Security at Figma. Watch the video here.
- Guild Education – “The biggest takeaway [from using Snowflake] is automating our DevSecOps program and gaining visibility into tools that we never could before. It’s been a game changer for the team.” – Julie Chickillo, VP of Security at Guild Education. Watch the interview here.
- TripActions – “Snowflake has been vital in helping us gain a complete picture of our security posture, eliminating blind spots and reducing noise so we can continue to provide user trust where it matters most. Deploying a modern technology stack from Snowflake is a pivotal piece of our cybersecurity strategy.” – Prabhath Karanth, Sr. Director of Security, Compliance & Trust, TripActions. Watch the video here.
At Snowflake Summit, we also heard from industry experts:
- Frank Dickson, Group VP of Security & Trust from IDC: “Snowflake took an innovative approach to security, leveraging the power of its platform to create security outcomes for workloads native to its platform. My conversations with TripActions, a Snowflake customer, helped me understand how they can better protect their organizations when they have a unified source of truth of data, fast analytics, and a robust ecosystem of partners.”
- Dave Dewalt, Founder – NightDragon; former CEO of FireEye and McAfee: “Getting a single source of truth out of all of our security data is needed. Watching the excitement and enthusiasm [and] the partner community rallying around Snowflake [is] pretty cool.” Watch the interview.
What’s next?Join us on this webinar, during which our Security Field CTO, Mike Mitrowski, will demo how to leverage threat intelligence from the Snowflake Marketplace for hunting and containing threats in the wild.