Exabeam and Snowflake partner on cybersecurity analytics
Security firm Exabeam and data specialist firm are partnering to combine Snowflake data lakes with Exabeam's security analytics and automation capabilities.
With automation and analytics, data stored on Snowflake will be secured through an entirely automated workflow from data collection through to incident response. The companies say security teams can detect, investigate, and respond to threats.
According to Exabeam chief product officer Adam Geller, remote working is contributing to rising demand for cloud technology. Geller says that the partnership addresses a market need for cloud-based security analytics on third-party logs sent to Snowflake.
Snowflake head of cybersecurity strategy Omer Singer adds, “Security data continues to grow in size and complexity, and a fragmented architecture keeps many organisations struggling to mobilise it for protecting the enterprise.
The two companies make a case for protection against credential-based attacks, the likes of which affected companies including Marriott last year. In that incident, attackers stole credentials belonging to Marriott employees. That information was used to access customers' personal data, including contact emails and birthdates.
Furthermore, Verizon's 2020 Data Breach Investigations Report found that compromised credentials are involved in 80% of all cyber attacks, which means organisations seek greater visibility into indicators of compromise and lateral attack movements.
“The proliferation of data is central to all businesses, and so is the need to guard against malicious attacks – especially now, as enterprises rely so heavily on data clouds like Snowflake,” says Exabeam senior director of business development Chris Stewart.
“This partnership advances our mission to assist security operations teams in quickly detecting, investigating and responding to incidents throughout the enterprise.
The companies say that organisations can combine Exabeam's security analytics with Snowflake's data platform, which can provide protection against credential-based attacks, including insider threats.
“The technical integration between the Exabeam SaaS Cloud and Snowflake Data Cloud is done through the new Exabeam Cloud Connector for Snowflake, which allows for easy ingestion of data stored in Snowflake.
“Exabeam provides continuous, real-time mapping of logs stored within Snowflake and attributes all activity and behaviour to users and devices. This attribution, with additional data and context, provides visibility into abnormal or risky activity to detect malicious insiders or attacks involving compromised credentials.
“As a new addition to the 40-plus existing Exabeam Cloud Connectors, the Cloud Connector for Snowflake also allows for monitoring of Snowflake audit logs in Exabeam Advanced Analytics to detect anomalous account behaviours within the application itself.