Extended Threat Detection via Data Lake, with Hunters and Snowflake
- Feb 5, 2020
- By Hunters
- 2 minutes to read
Today, February 5, 2020, we announced a leap in our AI-based threat hunting solution – Hunters.AI. At the core of this recent enhancement, a new collaboration with cloud data platform Snowflake.
Cyber attackers are doing very well at staying just below the radar. Most of their operations do not trip any wire, and they are getting really good at blending in the crowd.
The good news is that they always leave traces. But the hard part is to find these traces, and the one main thing likely to get in your way, is, simply, too much data.
There are two main things you can do to spot cyberattacks from the get-go, both of which are enormously challenging:
The first is to collect the data in a consolidated manner: all of it. Anywhere a cyber attacker may have left tracks. Of course, this means dealing with massive amounts of data.
The second, which is equally as hard, is to be able to sift through all this data, and find the gold. This means looking for interesting signs, investigating them, correlating them, and finding those activities that add up to real security incidents.
Hunters, together with Snowflake’s data lake, now enables security teams to easily centralize petabytes of organizational IT and security data to achieve high-fidelity, extended threat detection; both for structured and semi-structured data.
Quintessentially, Snowflake users can utilize Hunters’ autonomous threat hunting solution to transform their account into an advanced security data lake.
Hunters and Snowflake’s security data lake enable security teams to easily centralize all the data they need to achieve high-fidelity threat detection and investigation. Hunters.AI pulls security data from all sources to your instance of Snowflake, where it can be combined with other enterprise data sources. Hunters.AI autonomous threat hunting then analyzes this data via Snowflake Secure Data Sharing using detection logic covering advanced attacker techniques, as well as the MITRE ATT&CK framework. Security teams can perform investigations within Snowflake or Hunters.AI’s graph-based interface, which shows entity relationships.
If you want to learn more about how you can leverage you Snowflake instances for threat detection and response, request a demo with one of our experts.