Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Snowflake + Panther Webinar

151 views

Published on

Panther and Snowflake have partnered to help organizations replace legacy SIEMs and cut costs. Learn how you can achieve end-to-end security visibility and affordable long-term data retention with Snowflake and Panther.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Snowflake + Panther Webinar

  1. 1. © 2020 Snowflake Inc. All Rights Reserved TURN YOUR SNOWFLAKE INTO A CLOUD- NATIVE SIEM WITH PANTHER JUNE 18, 2020
  2. 2. © 2020 Snowflake Inc. All Rights Reserved AGENDA 2 1. INTRODUCTIONS 2. CHALLENGES 3. SNOWFLAKE PLATFORM 4. PANTHER PLATFORM 5. DEMO 6. SUMMARY 7. Q & A
  3. 3. © 2020 Snowflake Inc. All Rights Reserved TODAY’S SPEAKERS 3 Jack is a cloud security expert with 8+ years experience leading detection and response at companies like Airbnb and Yahoo. Prior to Panther, Jack co-created StreamAlert, an open source data analysis framework widely adopted by the security community. Omer Singer brings over 15 years of hands-on experience to his role as Head of Cyber Security Strategy at Snowflake. Prior to Snowflake, Omer served as an IDF intelligence officer and was Vice President of Security Operations at a global security services provider. Jack Naglieri Founder & CEO, Panther Labs Omer Singer Head of Cyber Security Strategy, Snowflake
  4. 4. © 2020 Snowflake Inc. All Rights Reserved CHALLENGES
  5. 5. © 2020 Snowflake Inc. All Rights Reserved SECURITY TEAMS FACE BIG CHALLENGES TIME TO IDENTIFY AND CONTAIN A BREACH GROWTH OF THE DATA IN 24 MONTHS $4mm 279 days 10x AVERAGE COST OF SECURITY BREACH
  6. 6. © 2020 Snowflake Inc. All Rights Reserved 6 STUDY: 90% OF ALL DATA WAS CREATED IN THE PAST TWO YEARS Source: IBM “10 Key Marketing Trends for 2017”
  7. 7. © 2020 Snowflake Inc. All Rights Reserved Source: https://splunkonbigdata.com/2020/02/10/bucket-rolling-criteria-in-splunk/
  8. 8. © 2020 Snowflake Inc. All Rights Reserved SNOWFLAKE PLATFORM
  9. 9. © 2020 Snowflake Inc. All Rights Reserved SNOWFLAKE ARCHITECTURE 9
  10. 10. © 2020 Snowflake Inc. All Rights Reserved SNOWFLAKE CLOUD DATA PLATFORM 10 DATA SOURCES OLTP DATABASES ENTERPRISE APPLICATIONS THIRD-PARTY WEB/LOG DATA IoT DATA CONSUMERS DATA MONETIZATION OPERATIONAL REPORTING AD HOC ANALYSIS REAL-TIME ANALYTICS
  11. 11. © 2020 Snowflake Inc. All Rights Reserved PANTHER PLATFORM
  12. 12. © 2020 Snowflake Inc. All Rights Reserved COMPANY BACKGROUND Founded in August 2018 Headquartered in San Francisco AWS & Airbnb security alumni Our mission is to stop security breaches by providing a cloud-scale visibility platform.
  13. 13. © 2020 Snowflake Inc. All Rights Reserved END-TO-END VISIBILITY Incident Management Orchestration Real-TimeMonitoring Parse Normalize Detect Data Sources (Cloud & On-Prem) + more Security Data Lake HuntInvestigate Business Intelligence
  14. 14. © 2020 Snowflake Inc. All Rights Reserved PANTHER PRIMITIVES Real-time Detections Extreme Scalability Detections as Code Turnkey Security Data Lake
  15. 15. © 2020 Snowflake Inc. All Rights Reserved CLOUD SAAS CLOUD-PREM PANTHER DEPLOYMENT MODELS Single-tenant hosted, zero administration Self-hosted for complete privacy
  16. 16. © 2020 Snowflake Inc. All Rights Reserved DEMO
  17. 17. © 2020 Snowflake Inc. All Rights Reserved SCENARIO AWS access key is leaked on the Internet Attacker gets the key Attacker enumerates and steals data Acmecorp Manufactures custom facemasks Runs their workload on AWS Detect w/ Panther Investigate w/ Snowflake
  18. 18. © 2020 Snowflake Inc. All Rights Reserved Baseline detections with CIS. Attacker tactics and techniques. PREPARE Detection Packs for: 200 + Pre-built Rules & Policies CloudTrail S3 Guard Duty CloudFormation Cisco Umbrella Okta Box Osquery GCP +more
  19. 19. © 2020 Snowflake Inc. All Rights Reserved DETECT # service/event patterns to detect RECON_ACTIONS = { 'dynamodb': ['List*', 'Describe*', 'Get*'], 'ec2': ['Describe*', 'Get*'], 'iam': ['List*', 'Get*'], 's3': ['List*', 'Get*'], 'rds': ['Describe*', 'List*'], } def rule(event): ... Panther Rule Snippet $ ./enumerate_aws_permissions.py [INFO]: Starting permission scanner [INFO]: Testing Dynamodb [INFO]: **ListTables: Found** [INFO]: Testing S3 [INFO]: **ListBuckets: Found** ... [INFO]: Found the following permissions: { "dynamodb": { "ListTables": { "TableNames": [ "acmecorp-orders-100" ] } }, "s3": { "ListBuckets": { "Buckets": [ { "Name": "acmecorp-financial-data-100", "CreationDate": "2019-03-14 21:15:19+00:00" }, { "Name": "acmecorp-processed-customer-data-100", "CreationDate": "2019-02-13 17:16:36+00:00" } ] } } } Attacker Console Panther Alert
  20. 20. © 2020 Snowflake Inc. All Rights Reserved RESPOND
  21. 21. © 2020 Snowflake Inc. All Rights Reserved INVESTIGATE Querying Panther data in the Snowflake UI
  22. 22. © 2020 Snowflake Inc. All Rights Reserved CONTAINMENT Remediate by revoking the key or deleting the user
  23. 23. © 2020 Snowflake Inc. All Rights Reserved POST-INCIDENT
  24. 24. © 2020 Snowflake Inc. All Rights Reserved RECAP Use built-in Panther rules to detect attacker behavior Pivot to Snowflake to answer all questions about the breach Extract IOCs and correlate activity across all of our logs Revoke the stolen key and detect a repeat intrusion Keep our company safe
  25. 25. © 2020 Snowflake Inc. All Rights Reserved Summary
  26. 26. © 2020 Snowflake Inc. All Rights Reserved BETTER TOGETHER ● Cost-efficient long-term storage for all of your data ● Zero maintenance overhead ● A normalized data lake to power threat investigations Snowflake & Panther give you best-of-breed solutions for threat detection and response at cloud-scale.
  27. 27. © 2020 Snowflake Inc. All Rights Reserved "LET’S TALK" Email sales@runpanther.io to schedule a 14-day free trial.
  28. 28. © 2020 Snowflake Inc. All Rights Reserved THANK YOU

×