Ask any Frenchman and they’ll tell you that Champagne Only Comes From Champagne. Everything else is just sparkling wine. In cybersecurity, unfortunately, we don’t have nearly as much clarity on our definitions.

Case in point is XDR, possibly the hottest category in cyber. Vendors across the industry are adopting the…


Here’s a term that cybersecurity practitioners should adopt from the analytics industry: “data silo”. That’s anywhere that data is left behind and not collected to a central source of truth. Silos make it hard to mine data for insights and busting them is a big part of data engineering. …


This month’s Snowflake Summit conference was a “before and after” watershed moment for Snowflake’s role in cybersecurity. Across several recorded sessions, technical features with impressive performance metrics were demonstrated on security log data. That’s no coincidence. …


As security data lakes become established as best practice and The Great Splunkbundling accelerates, what will be the role of data platforms like Snowflake? The new security stack won’t look like the vertically integrated SIEMs of the past. …


Last January, I predicted that 2020 would be The Year of the Security Platform. Did that end up happening? And what should we expect for 2021?

2020: Many integrations, few actual platforms

The year was packed with partnership announcements aimed at consolidating security solutions into a cohesive stack. …


Security data lake projects are taking flight but they’re a strange bird. The folks typically responsible for creating and managing the data lake are on the data analytics team but they’re new to concepts like incident response and the abomination that is the Windows Event Log. …


If Snowflake could be used as a SIEM, security teams would enjoy cheap unlimited storage, zero maintenance overhead, scalable query power for investigations, and all the other reasons why customers love the data platform.

But that’s a big if.

Snowflake is not a SIEM

Some of Snowflake’s largest customers already use it for SIEM workloads…


The most powerful tool for creating actionable security metrics is the SLA. Unfortunately, most vendors don’t provide an SLA status feature. As a result, security teams fail to align cross-organizational efforts and continue to manually review risk findings.

Let’s change that! With live vendor data accessible on Snowflake Data Exchange…


This is a great time to launch a self-service initiative as a way to improve your security program without making costly new commitments. Especially with team members working remotely, freer access to data can improve efficiencies and speed up remediation of risks like cloud misconfigurations and visibility gaps. …


So you’ve decided to build a security data lake. You’re probably looking forward to the scale and price performance of storing security data in cloud storage. $23 a month per terabyte is sweet! But that’s just storage.. …

Omer Singer

I believe that better data is the key to better security. These are personal posts that don’t represent Snowflake.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store