Extended Threat Detection via Data Lake, with Hunters and Snowflake

  • February 5, 2020

Today, February 5, 2020, we announced a leap in our AI-based threat hunting solution – Hunters.AI. At the core of this recent enhancement, a new collaboration with cloud data platform Snowflake.

See, cyber attackers are doing very well at staying just below the radar. Most of their operations do not trip any wire, and they are getting really good at blending in the crowd.
The good news is that they always leave traces. But the hard part is to find these traces, and the one main thing likely to get in your way, is, simply, TOO MUCH DATA.

There are two main things you can do to spot cyberattacks from the get-go, both of which are enormously challenging:

The first is to collect the data in a consolidated manner – all of it. Anywhere a cyber attacker may have left tracks. Of course, this means dealing with *massive* amounts of data. Did we say challenging?

The second, which is just as hard, is to be able to sift through all this data, and find the gold. This means looking for interesting signs, investigating them, correlating them, and finding those activities that add up to real security incidents.

If only there was an easy way to store huge amounts of data, and then somehow automatically perform investigations on the data…

WELL, NOW THERE IS! (safe to say you saw it coming)

Hunters, together with Snowflake’s data lake product, enables security teams to easily centralize petabytes of organizational IT and security data to achieve high-fidelity, extended threat detection; both for structured and semi-structured data.

Quintessentially, Snowflake users can now utilize Hunters’ autonomous threat hunting solution to transform their account into an advanced security data lake.

Hunters and Snowflake’s security data lake enables security teams to easily centralize all the data they need to achieve high-fidelity threat detection and investigation. Hunters.AI pulls security data from all sources to your instance of Snowflake, where it can be combined with other enterprise data sources. Hunters.AI autonomous threat hunting then analyzes this data via Snowflake Secure Data Sharing using detection logic covering advanced attacker techniques, as well as the MITRE ATT&CK framework. Security teams can perform investigations within Snowflake or Hunters.AI’s graph-based interface, which shows entity relationships.

MORE GOOD NEWS AHEAD!

Teams from both Snowflake and Hunters will be present at the upcoming RSA conference to showcase the solution. Learn more about the collaboration and schedule to meet them

Share this article

Share on email
Share on facebook
Share on twitter
Share on linkedin

Regular elementor form:

Request an intro

Subscribe to our blog

Share this article

Share on email
Share on facebook
Share on twitter
Share on linkedin
Scroll to Top