Exabeam joins cybersecurity ecosystem revolving around Snowflake

Exabeam has become the latest vendor to join a security ecosystem that is starting to emerge around the Snowflake data services platform residing on the Amazon Web Services (AWS) cloud.

The provider of a security event information management (SIEM) platform revealed this week that it will now work with customers that have made Snowflake their primary repository for storing and analyzing data. That approach eliminates the need for customers to set up a separate data repository to analyze their security data, Exabeam senior security strategist Samantha Humphries said. “It’s the budget-wise choice,” she said. “The data is already there.”

Other vendors in the nascent security ecosystem emerging around Snowflake include Hunters.ai, provider of a platform that employs machine learning algorithms to hunt for potential cybersecurity threats within an IT environment, and Lacework, which provides a platform for automating cloud security and compliance.

Snowflake is working to build alliances with security vendors that will deploy applications on top of its cloud data services, Snowflake head of cybersecurity strategy Omer Singer said. “We’re looking for a number of partners that will play different roles.”

As part of this alliance, Exabeam has also added a Cloud Connector for Snowflake to its software-as-a-service (SaaS) platform. Cybersecurity teams can also use this to monitor audit logs within Snowflake to detect anomalous account behaviors within the platform itself. Exabeam can provide continuous, real-time mapping of logs stored within Snowflake, along with surfacing the attributes of all activity and behavior associated with specific users and devices.

Historically, security analysts have needed to collect their own data. However, as organizations invest in data warehouses and associated analytics applications on cloud platforms, the need for a security team to build, deploy, and manage a separate data repository is declining. One of the best ways to maximize an investment in a data warehouse is to make it accessible to as many applications as possible. As the amount of data stored in Snowflake continues to grow, the forces of data gravity start to exert more influence over where applications should be deployed.

Snowflake makes it possible to use standard SQL to launch queries that might surface anomalies indicative of a data breach. Security analysts will be able to collaborate with database administrators and data science teams that use SQL as the lingua franca for interrogating data, Singer noted. Longer-term, Snowflake will also provide a platform to more easily access the data that would be needed to create an AI model to automate a security process, Singer added.

Most IT organizations are trying to navigate two competing agendas. As IT continues to evolve, the amount of data residing on a much wider range of platforms that needs to be secured is increasing exponentially. At the same time, cybersecurity teams, along with the rest of the organization, are under extreme pressure to reduce costs in the wake of the economic downturn brought on by the COVID-19 pandemic.

Leveraging platforms such as Snowflake to analyze data using standard SQL tools is one way to reduce costs while gaining access to a larger pool of data to analyze. The average SIEM platform running on-premises in an enterprise is usually limited to gigabytes of data. It’s not uncommon for cybersecurity teams to have to choose between different types of data to collect and analyze because they don’t have the capacity to store it all, Singer noted.

Being forced to make that choice runs counter to the best interests of cybersecurity, an issue Singer said is obviated by a Snowflake cloud platform that can make petabytes of data readily available to cybersecurity teams working from home or in the office.

It’s hard to say how large a cybersecurity ecosystem around Snowflake might become. There are plenty of options when it comes to cloud data services. However, the amount of time cybersecurity teams spend collecting data versus analyzing it should be sharply reduced in the months and years ahead.