How Cockroach Labs Ingests 5x More Logs and Cut SecOps Costs Over $200K with Panther

Cockroach Labs is the company behind CockroachDB, a cloud-native distributed SQL database built for global scale, resilience, and performance. As a provider of critical data infrastructure for leading brands, Cockroach Labs treats security as a first-class feature—integral to both its product and operations.

Legacy SIEM tooling created friction. Security workflows were slow, manual, and costly, lacking the built-in support needed to efficiently ingest logs or build effective detections. Compliance workflows were time-consuming, and detection engineering suffered from limited version control and customizability–making it difficult to scale or maintain reliable alerts.

Unlocking Comprehensive Security Coverage Without Compromise

To modernize their approach, Cockroach Labs rearchitected their logging pipelines to be tool-agnostic, then chose Panther to power their security operations. With Panther’s security data lake-backed architecture, the team rapidly ingested logs across their environment with complete control over cost and performance. Out-of-the-box detections provided immediate coverage, and Panther’s Python-based rule engine enabled them to customize and iterate quickly.

“We wanted to move away from traditional, reactive SOC workflows and take a more modern, engineering-driven approach. With Panther, we can manage detections as code and avoid the usual click-ops, which helps our team scale more effectively with the organization.”

Munir Jaber, Security Engineer

Streamlining Audit Readiness and Compliance Operations

For the compliance team, Panther drastically reduced the burden of audits. With Panther, Cockroach Labs meets the requirements of key frameworks, including PCI DSS, SOC 2, HIPAA, and ISO/IEC 27001, without requiring additional engineering effort.

Previously, log retention limitations and cumbersome search interfaces made quarterly access reviews engineering-intensive endeavors. The team had to reduce retention in the legacy SIEM from 90 to 30 days, which led to auditor friction, and search queries required deep expertise.

“Now, we have 365 days of hot storage and an intuitive interface for searching. There's no more back and forth with auditors. It just works.”

Adam Brennick, Director of Security, Risk, and Compliance

Audit prep that once required 3.5 hours of auditor meetings was trimmed to 30 minutes or less. Tasks that previously required 8–10 engineering tickets per audit were eliminated entirely. “We pulled our SRE team completely out of the audit loop. That's a week's worth of engineering time saved,” said Adam.

Driving Detection Maturity and Team Efficiency

The Cockroach Labs security team has used Panther to scale their detection engineering practices. The team now manages detections with complete version control and visibility, making it easy to identify stale rules or iterate based on alert noise. They leverage Panther’s Python-based detection framework for component reusability and simple rule overrides to customize detections and increase alert fidelity with minimal overhead.

“When new threat patterns emerge, we extend Panther’s built-in detections rather than rebuilding them from scratch. It’s been refreshing to replace routine maintenance with strategic security work that makes our detections more impactful.”

Munir Jaber, Security Engineer

Panther also plays a central role in Cockroach Labs' broader investigation and alerting workflows. By integrating Panther with Tines, Slack, and internal bots, they’ve streamlined alert triage and built a two-key system for high-privilege access monitoring. The team is working toward standardized workflows that handle alerts from any source—CSPM, SCA, vulnerability scanners—all flowing through Panther.

“With Panther, we’re no longer just reacting. We’re proactively improving our security posture, correlating signals, and providing stakeholders with real insights.”

Adam Brennick, Director of Security, Risk, and Compliance

Panther empowers Cockroach Labs to scale their security operations with confidence. With deeper visibility, lower cost, and engineering-grade control, they’re building a program that scales through collaboration, shared ownership, and a relentless drive to improve.