Snowflake cybersecurity workload: less congestion for data ingestion

As part of the core news feed stemming from Snowflake Summit 2022, we learned that the firm that calls itself the Data Cloud company has announced the launch of a new Cybersecurity workload for cybersecurity teams.

The core promise here is this – using Snowflake’s platform and ecosystem of partners delivering security capabilities with connected applications, cybersecurity teams can gain visibility and automation at cloud-scale.

Organisations today are of course faced with a continuously evolving threat landscape, with 55% of security pros reporting that their organisation experienced an incident or breach involving supply chains or third-party providers in the past 12 months, according to Forrester.

Restrictive ingest costs

Snowflake claims that current security architectures built around legacy security and information management systems (SIEMs) are not designed to handle the volume and variety of data necessary to stay ahead of cyber threats.

With legacy SIEMs imposing restrictive ingest costs, limited retention windows and proprietary query languages, security teams struggle to gain the visibility they need to protect their organisations. With Snowflake’s Cybersecurity workload, the organisation says that customers gain access to the power and elasticity of Snowflake’s platform to natively handle structured, semi-structured and unstructured logs.

Enterprises are able to store years of high-volume data, search with scalable on-demand compute resources and gain insights using universal languages like SQL and Python, currently in private preview.

Organisations can also unify their security data with enterprise data in a single source of truth, enabling contextual data from HR systems or IT asset inventories to inform detections and investigations for higher fidelity alerts, and running fast queries on massive amounts of data.

Teams gain unified visibility across their security posture, eliminating data silos without prohibitive data ingest or retention costs. Beyond threat detection and response, the cyber security workload supports a broad range of use cases including security compliance, cloud security, identity and access, vulnerability management etc.

Extensive partner ecosystem

Snowflake integrates with partners including Hunters, Panther Labs, and Securonix to deliver cybersecurity capabilities to customers with the Data Cloud using connected applications.

“Snowflake is leading the security data lake movement, helping defenders bring their data and analytics together in a unified, secure, and scalable data platform,” said Omer Singer, head of cybersecurity strategy, Snowflake. “With Snowflake’s Cybersecurity workload, we further empower security teams in the Data Cloud so that they can collaborate with diverse stakeholders and succeed in their vital mission to protect the enterprise. With Snowflake’s Data Cloud, tightly integrated connected applications and data from providers on Snowflake Data Marketplace, Snowflake is pioneering a new standard architecture for security teams looking to achieve their security goals.”

The company says that its modern security architecture allows customers to gain control of their data, leverage pre-built content and security capabilities on top of their existing Snowflake environments and utilise a single copy of data across cybersecurity use cases.