Streamlining Security Operations with Advanced Log Management

For a company like Snyk, committed to developing fast and staying secure, achieving comprehensive visibility across its infrastructure is paramount. One of Snyk's primary challenges was maintaining complete coverage across its expanding security stack. Panther's flexible ingestion capabilities allowed the team to quickly onboard new log sources. 

"My favorite part about Panther is how fast you can onboard any log source. Even if there's no native integration, I can throw the logs in an S3 bucket, and it will create a schema or parser for them, which is amazing. It takes a few hours, and you have a log source onboarded, in the traditional SIEM world, it would take weeks or months.”

Filip Stojkovski, Staff Security Engineer

The Panther team helped to successfully implement custom integrations, including CircleCI logs, a common platform in security stacks that doesn’t enable easy audit log exports. This capability proved essential for maintaining comprehensive security coverage as their infrastructure evolves.

Intelligent Alerting and Noise Reduction

The Snyk team identified alert fatigue as a critical challenge for their security operations. They needed a strategic approach to separate signal from noise without compromising detection coverage. Using Panther's advanced filtering and detection engineering capabilities, Snykembarked on a comprehensive alert optimization project to transform their operations.

"Managing all the detections and alert triage was one of the first projects I did with Panther. We had too many detections and too many alerts. We needed to figure out which alerts were actionable, so we went through them, applying the correct filters to trigger only on specific patterns. By figuring out the baseline of what's normal versus abnormal behavior, we reduced our alert volume by around 70%."

Filip Stojkovski, Staff Security Engineer

The team leveraged Panther's correlation capabilities to chain multiple events, creating more sophisticated detection mechanisms that reduced false positives while maintaining high-fidelity threat detection. This approach proved particularly effective for identifying potentially malicious activities across their cloud infrastructure.

Enhanced Protection Through Custom Detection Engineering

Snyk's security team established a comprehensive framework for detection engineering, ensuring thorough protection of their crown jewels and critical assets. Their approach includes:

• Verification of sufficient logging coverage for critical assets

• Development of meaningful, actionable detections

• Creation of detailed runbooks for investigation procedures

• Implementation of automation for enrichment and response

The security team's technical expertise and Panther's Python-based detection capabilities enabled them to build sophisticated detection mechanisms tailored to their specific needs. This approach allows them to maintain high-security standards while efficiently managing resources within a smaller team.

"With the integration of Python, I could build detections from day one. The huge repository of pre-built detections Panther has is quite helpful."

Filip Stojkovski, Staff Security Engineer

As Snyk continues to grow and evolve, Panther's scalability and flexibility ensure their security operations can adapt and expand accordingly, maintaining comprehensive coverage while keeping operational overhead minimal.