No one stays on top forever. After years of leading the pack, Splunk fell dramatically in this year’s Gartner SIEM rankings. The market share leader found itself nearly outside the Leaders quadrant in terms of vision and execution.
I’ve reviewed the latest report and there is one unifying theme that explains both Splunk’s drop and the rise of Securonix and Exabeam. But first, here is the previous MQ where Splunk was already falling behind on vision (x-axis) but still held the highest position in execution (y-axis):
That was for 2020, based on Gartner’s analysis and customer interviews that took place…
Ask any Frenchman and they’ll tell you that Champagne Only Comes From Champagne. Everything else is just sparkling wine. In cybersecurity, unfortunately, we don’t have nearly as much clarity on our definitions.
Case in point is XDR, possibly the hottest category in cyber. Vendors across the industry are adopting the XDR label, with Barracuda being the latest shop announcing that they’ve entered the XDR market via acquisition. So what is XDR?
Oliver Rochford from Securonix recently pointed out that there are multiple definitions for eXtended Detection and Response floating around. Many are conflicting, causing confusion with buyers and eye-rolling with…
Here’s a term that cybersecurity practitioners should adopt from the analytics industry: “data silo”. That’s anywhere that data is left behind and not collected to a central source of truth. Silos make it hard to mine data for insights and busting them is a big part of data engineering. Increasingly, security teams are facing data silos caused by cloud migration and work-from-home outpacing traditional Security Information Event Management (SIEM).
Why are SIEM solutions responsible for creating data silos? Many SIEM solutions charge by daily ingest volume, a model that doesn’t align with the massive amount of logs generated by public…
This month’s Snowflake Summit conference was a “before and after” watershed moment for Snowflake’s role in cybersecurity. Across several recorded sessions, technical features with impressive performance metrics were demonstrated on security log data. That’s no coincidence. We are already seeing a wave of solutions re-platforming to Snowflake to simplify their backend and deliver more value to users.
If you’re building a cybersecurity product and didn’t attend the event, don’t worry: the sessions were recorded and I took notes.
This session featured members of Snowflake product leadership and the SVP of Engineering at HUMAN (formerly WhiteOps). First, Snowflake listed…
As security data lakes become established as best practice and The Great Splunkbundling accelerates, what will be the role of data platforms like Snowflake? The new security stack won’t look like the vertically integrated SIEMs of the past. The data platform will play a humble but essential role supporting specialized solutions in an ecosystem that delivers better security, lower costs and more automation.
A number of trends have pushed security architectures to extreme fragmentation. The shift to cloud infrastructure, which is highly instrumented and generates logs for every little thing, results in a ten-fold increase in machine data. The move…
Last January, I predicted that 2020 would be The Year of the Security Platform. Did that end up happening? And what should we expect for 2021?
The year was packed with partnership announcements aimed at consolidating security solutions into a cohesive stack. For example, Obsidian announced that CrowdStrike alerts would be available natively in its solution for combined visibility across SaaS and endpoints.
AWS, probably the most influential tech platform, showed what the future of observability platforms might look like with their Managed Service for Grafana. Unlike its hostile hosting of Elasticsearch (with Elastic screaming bloody murder), AWS took a…
Security data lake projects are taking flight but they’re a strange bird. The folks typically responsible for creating and managing the data lake are on the data analytics team but they’re new to concepts like incident response and the abomination that is the Windows Event Log. The security team, meanwhile, is new to concepts like ETL/ELT and materialized views.
This post provides an overview of an implementation strategy that is working at Snowflake customers where data and security teams combine forces to roll out a security data lake.
If Snowflake could be used as a SIEM, security teams would enjoy cheap unlimited storage, zero maintenance overhead, scalable query power for investigations, and all the other reasons why customers love the data platform.
But that’s a big if.
Some of Snowflake’s largest customers already use it for SIEM workloads but they’ve devoted entire teams to make that possible.
That’s because Snowflake is missing critical SIEM features:
The most powerful tool for creating actionable security metrics is the SLA. Unfortunately, most vendors don’t provide an SLA status feature. As a result, security teams fail to align cross-organizational efforts and continue to manually review risk findings.
Let’s change that! With live vendor data accessible on Snowflake Data Exchange, you can quickly create a layer of SLA insights on top of your security reports. Improved clarity and security posture are bound to follow.
Cloud infrastructure changes quickly and is inevitably affected by configuration drift. Misconfigurations put the company at risk so security teams use a variety of solutions to…
This is a great time to launch a self-service initiative as a way to improve your security program without making costly new commitments. Especially with team members working remotely, freer access to data can improve efficiencies and speed up remediation of risks like cloud misconfigurations and visibility gaps. If you take advantage of this crazy time to squeeze more value from your security data, that’s a silver lining to this gloomy cloud.
Popular data science author Bernard Marr put it well when he wrote:
Data democratization means that everybody has access to data and there are no gatekeepers that create…
I believe that better data is the key to better security. These are personal posts that don’t represent Snowflake.