All Posts

How Panther Protects Data in the Cloud

Brandon Min

At Panther, we have several controls in place to protect customer data in the cloud. Our team of security experts has experience with security products and services at Meta, Airbnb, Box, Outreach, Nationwide, and Ernst & Young. The myriad of ways we ensure the security and privacy of customer data are documented below. 

Data Security 

Panther secures customer data with encryption in AES 265 format both at rest and in transit. Uniquely with Panther, each customer is provided their own instance in a single-tenant, fully dedicated, and isolated cloud environment. Access tokens or secret keys, shared with Panther, are stored in AWS Key Management Storage (KMS). Furthermore, Panther’s completely serverless architecture, leveraging AWS managed services such as Lambda, ECS Fargate, and DynamoDB, assists in decreasing infrastructure vulnerabilities by reducing the overall attack surface.

Data Storage and Redundancy: The primary data storage services utilized by Panther are AWS S3, DynamoDB, and Snowflake. S3 stores newly ingested log data for real-time analysis and caching respectively. Once analyzed, the data is replicated and sent to Snowflake via Snowpipe. Panther leverages all AWS and Snowflake redundancy best practices for overall data retention and multi-cloud robust structure

Real-Time Security Monitoring with Panther

Panther performs real-time monitoring for specific access events in all customer environments by utilizing AWS services such as CloudTrail, GuardDuty, S3 & DynamoDB access logs, VPC flow logs, and application load balancer logs. 

A few examples of behaviors we monitor are: 

  • Alerting on access events into S3
  • Monitoring KMS to alert if customer keys are accessed

Permissions/Access Control

Deployment TypePanther Instance (AWS)Snowflake Instance
SaaS – Panther managed 
  • Panther is deployed in an AWS account. We manage all upgrades, patches, and operations for upkeep.
  • Single-Tenant Instance for each customer.
SaaS – Snowflake Connected App 
  • Same measures as the above section
  • Customer utilizes their pre-existing Snowflake instance.
  • Customer provides Panther with an account admin to manage data sent from the console.

Panther: A cloud-native security platform 

Panther is a cloud-native security monitoring platform that provides real-time detection, dynamic alert context for informed incident response, and quick investigation with automatically enriched data. Aside from stronger cloud security, Panther also has several advantages compared to a  self-hosted threat detection or logging platform. 

Implement a tool in weeks instead of months: Research shows SIEM deployments can take over 6 months to complete. With Panther’s cloud-native approach, implementation time can be shortened from months to weeks. Customers can gain access to Panther in just under 30 minutes with no server operations required. Following deployment, customers can take advantage of Panther’s simple cloud-based log ingestion tools, pre-built parsers, and out-of-the-box detections to begin monitoring their environment in as little as 10 minutes. 

Extensive Scalability: With an on-premises approach, security teams are required to predict the size of monthly log ingest in order to manage cost. With Panther, predicting ingestion and managing scalability is no longer necessary. Panther’s serverless architecture, built on AWS Lambda, allows the platform to automatically scale infrastructure needs up and down as necessary. This leads to significant operational savings and overall lower TCO. Contributing to lower time to detection and faster security insights. 

Faster performance: Legacy security tools weren’t built with cloud-scale in mind. With more frequent attacks, security teams need to detect threats as soon as they occur. With Panther, customers are able to leverage Snowflake to store and query data with incredible speed without indexing. Due to Panther automatically enriching and normalizing data at ingestion, security engineers can analyze terabytes of data within minutes reducing mean time to detect and respond to attacks. 

Serviced Vulnerability Management: Several on-premise based security tools require customers to patch, maintain, and service their own infrastructure. This lift can require teams to spend weeks managing updates or even paying expensive outside consultants to do the work for them. With Panther, all protection, management, upgrades, and services of running a SIEM are taken care of right from the start. Allowing customers to focus on security findings and insights vs maintaining and securing SIEM deployments. 

Customers Who Trust Panther

Compliance