Throughout my career as a security engineer at both Yahoo and Airbnb, the ability to effectively detect and respond to security incidents was encumbered by slow queries and operational overhead.
When you’re under the gun to quickly respond to security alerts, spending time scaling your SIEM and waiting for queries to complete heavily impacts the ability to perform your job. For security teams, every second counts, and you must be focused on stopping attacks, not managing infrastructure. These challenges directly inspired me to found Panther, a security analytics platform for teams that need to detect attackers quickly and scale to adapt with the fast-growing organizations you support.
To make Panther, and consequently, security teams successful at handling huge amounts of log data at scale, we make use of serverless cloud technology, namely Snowflake. I’m especially proud that Panther was recently named “Snowflake’s Cybersecurity Partner of the Year”, and in this blog, I’ll share why investing in Snowflake is truly a game-changer for the future of security analytics. In addition, I’ll highlight how Snowflake enables the next generation of data warehousing for security teams and how Panther’s customers can gain these benefits.
Panther is designed to meet the needs of organizations of all scales. We invested in using Snowflake for several important reasons, but primarily to improve the life of security engineers. Snowflake is a critical component in our architecture that directly results in the ability to store and query terabytes of data in seconds to answer critical security questions. The platform also provides an incredible query scale, flexible compute sizing, strong security controls, a growing ecosystem, and quickly evolving platform features.
Panther does the heavy lifting of transforming unstructured log data, also known as performing ETL, into a collection of structured database tables, powered by Snowflake, and provides real-time alerting, threat hunting, and more. Instead of being forced into a domain-specific language, teams can standardize on an extended version of SQL that provides even more powerful analytical capabilities on security data.
Security teams can take advantage of these features, and more, to consume and analyze Petabytes of security data for detecting and investigating breaches. Here are the 5 primary reasons we chose Snowflake as the data platform for Panther:
If you are a current user of Snowflake and need to build a security program, Panther can take full advantage of your current paradigms with our “Bring your own Snowflake” model. With this option, Panther’s single-tenant SaaS environment can plug directly into your Snowflake account to begin normalizing security data into your warehouse.
Snowflake’s customers can easily turn a Snowflake implementation into a next-generation cloud security logging and analytics platform with real-time alerting and hundreds of pre-built detection rules. In an era of vendor consolidation and the need for greater simplicity, the possibility of adding a cutting-edge security solution on top of an existing cloud data warehouse reduces complexity and the need to learn to use additional solutions.
With this partnership, Snowflake can expand their go-to-market and offer cutting-edge security capabilities to both new and existing customers. Panther and Snowflake share the same core mantra of enabling teams to collect and understand data at a huge scale without worrying about operations and overhead. The combination of Panther and Snowflake creates a groundbreaking, cloud-first approach to cybersecurity and security analytics that is disrupting the legacy SIEM market and removing the pain felt by security teams. The allure, and reality, of a real-time security analytics solution in the cloud with speed, scale, and flexibility in mind is long overdue.
This is the first time security practitioners have had all of the security data available, no matter the scale, for effective investigations, incident response, and threat hunting. We are excited about the joint solution we have created with Snowflake and are looking forward to continuing our trajectory together. Thank you Snowflake for bestowing this tremendous honor upon us and for being a great partner through the journey.