“Although we evaluated multiple solutions, Panther and Snowflake was an easy decision for us. With the ease of set-up, low maintenance overhead, and inexpensive storage were able to focus on business building security insights, detections, and KPIs in very little time.”
– Tim Kelly, Director, Security Engineering at Workrise
Visibility is crucial to any effective security program. It is impossible to secure what you can’t see. This was a top priority for Workrise, an energy staffing and vendor management company that needed to quickly and cost-effectively ingest data and identify unknown unknowns.
Workrise faced the challenge of ingesting high volume logs from multiple software providers with various query syntaxes and user interfaces, making it impossible to piece together a story through a single view. Leveraging Panther’s modern architecture it’s easier to ingest data and achieve visibility while simultaneously reducing costs. Panther also parses, normalizes and optimizes data upon ingest — allowing the team to perform security tasks more efficiently and searching across multiple data sets quickly and efficiently.
Panther enables detection-as-code using Python. Instead of being constrained by a proprietary language, the Workrise team writes detection logic in a widely-used programming language known for its simplicity and flexibility. Deploying this “logic as-code” also means the team can collaborate more effectively around new detections and manage their current logic more effectively via version control and code reuse. This allowed Workrise’s security team to write, test, and deploy custom detections and automate response actions without having to learn a new, complex language.
Panther’s ability to provide seamless alert routing was a key feature that attracted Workrise. This allowed the company to crowdsource the highest value detections and send them directly to the responsible people, achieving quick wins and building momentum towards full automation and response. Finally, the Workrise team also spent less time wrangling their data infrastructure – allowing them more time to focus creative approaches to data analysis and detection – enabling them to better mitigate threats.
The Workrise security team researched multiple SIEM providers, including Chronicle, Sumo Logic, and Splunk, but recognized that Workrise was already a Snowflake customer. This made the Panther and Snowflake marriage an ideal solution for their team. They could have a separate security account, marry the data they needed, and leverage many of tools that their data engineering team had already built. Additionally, leveraging Panther and Snowflake allows the Security team to use the same languages (Python & SQL) as the data science team and plugin in and BI visualization tool to perform executive reporting.
The Panther and Snowflake solution provided a Swiss Army knife for Workrise, allowing them to quickly and easily ingest data, gain visibility, and achieve maximum security. They could leverage the power of Snowflake’s data warehousing and Panther’s approach to detection-as-code to detect and respond to threats quickly and efficiently.
Benefits of Using Panther and Snowflake for Security
Panther and Snowflake are a perfect combination for any business that wants to build a more secure future. Together, the two tools offer simplicity, efficiency, and the ability to see and secure what matters most. With Panther, you can easily detect and respond to threats in real-time, and with Snowflake, you can quickly ingest and analyze large volumes of data from multiple sources. Together, they provide a comprehensive security solution that can help your business stay one step ahead of cyber threats.
Panther connected with Tim Kelly, Director, Security Engineering at Workrise, to learn how the company leverages Panther and Snowflake to build a detection and response program that allows for full visibility. Watch the full Workrise webinar here.