SlideShare a Scribd company logo

How to Implement Snowflake Security Best Practices with Panther

Download as PPTX, PDF
Panther Labs
Panther Labs

Learn how to secure your Snowflake Data Cloud with pre-built rules and detections based on Snowflakes’s own security best practices guide.

Software
1 of 23
How to Implement Snowflake Security Best Practices with Panther
Panther for Snowflake 3 Speakers Ben Sebastian Senior Detections Engineer Mike Mitrowski Principal Security Architect
Panther for Snowflake 4 Agenda 1. Snowflake and Panther Overveiw 2. Understand Snowflake’s security best practices 3. How Panther helps you validate security best practices for Snowflake 4. Demo - Panther for Snowflake 5. Q & A
Panther for Snowflake 6 Security Monitoring with Panther for Snowflake Snowflake and Panther have partnered to deliver a solution designed to help Snowflake customers properly ensure the security and compliance of their Snowflake Data Cloud.
Panther for Snowflake 7 With Panther for Snowflake, you can… • Continuously monitor the security of your Snowflake Data Cloud • Identify settings that do not align with Snowflake security best practices • Detect configuration changes • Detect unauthorized access • Monitor supporting infrastructure • Expand your threat hunting to Snowflake
Panther for Snowflake 9 SCIM user management Native Snowflake credentials ● Password policies ● Multi-Factor Authentication ● Key Pair Authentication Federated Identity ● SAML 2.0-based SSO ● OAuth 2.0 delegated authorization Session control through policies Account, region, cloud, and data-level recovery & fallover ● Fall-Safe ● Time Travel ● Cross-cloud & region replication & fallover ● AWS, Azure, GCP redundancy Built-in Features & partner integrations RBAC & DAC Column-level security ● Using views & UDFs ● Dynamic data masking ● External tokenization Row access policy Tagging Classification Anonymization Customer data always encrypted in flight Data-at-rest always encrypted using a hierarchical key model ● Rooted in the CSP’s HSM ● Automated key rotation & re- keying ● BYOK with “Tri-Secret Secure” Snowflake Security Policy Snowflake Legal for DPA (GDPR), acceptable use, support and more ● Comprehensive audit trail for all activities by all users from login All communication secured using TLS 1.2 with HSTS enforced for all client communications, and controlled by Network Policies (IP Allowlisting) Integration with CSP Private Networking ● GSP Private Service Connect ● AWS Privatelink ● AWS VPC ID S3 policies ● Azure Private Link ● Azure cross-VNet rules for Blob access Choose from any of the Snowflake-supported cloud regions Snowflake Security & Governance At A Glance 7 | Compliance & Legal 3 | Data Governance 5 | Encryption 2 | Identity & Access 1 | Network Controls 4 | Data Protection 6 | Auditing SOC 2 Type II 12 Month Coverage Period SOC 1 Type II 6Month Coverage Period
Panther for Snowflake 11 Snowflake UI or Driver Running on Your Network (On-Prem or Cloud) Outside Traffic to AWS
Panther for Snowflake 12 Using AWS Direct Connect: Snowflake UI or Driver Running on Your Network Outside Traffic to AWS Private Link with Direct Connect
Panther for Snowflake 13 Snowflake Authentication How to do Authentication & Delegated Authorization for Snowflake
Panther for Snowflake 14 Snowflake Governance Capabilities Know Your Data Protect Your Data Unlock Your Data Access History Object Tagging Account Usage What Where Who Direct Secure Sharing Private Data Exchange Data Marketplace Row Access Policies Dynamic Data Masking External Tokenization Encryption Conditional Masking Anonymization Classification Priv Pub GA GA GA Priv Pub Pub GA GA
Panther for Snowflake 15 Database Replication & Failover Cross-Cloud & Cross-Region Replication ● Business continuity & disaster recovery ● Secure data sharing across regions/clouds ● Data portability for account migrations Zero Performance Impact on Primary ● Asynchronous replication Reduced Data Loss ● Incremental refreshes Instant Recovery ● Read: Readable secondary databases ● Write: Database failover Secure ● Data encrypted at-rest & in-transit ● Tri-Secret Secure compatible Cost Effective ● Replication costs: Data transfer & compute (serverless) ● Control which databases to replicate 1 2 3 4 5 6 Azure AWS Google Cloud More about Database Replication & Failover
Panther for Snowflake 16 Hierarchical Key Model • Hierarchical key model rooted in the CSP’s HSM ○ GCP: Cloud HSM ○ AWS: Cloud HSM ○ Azure: Dedicated HSM • All data at rest is encrypted by default, with no configuration required Encryption/ Hierarchical Key Model More resources on Key Management Home/
Panther for Snowflake 17 Encryption/ Tri-Secret Secure Key Model More resources on Key Management Hierarchical Key Model using Tri-Secret Secure ● Hierarchical key model adds a hybrid HYOK & BYOK model to give the customer control ● Customer holds key in their CSP Key Management and brings key materials to Snowflake to be part of the key-encrypting key (the Account Master Key or AMK) ● CSP-supported key managers: ○ GCP: Cloud KMS ○ AWS: AWS KMS ○ Azure: Key Vault Home/
Panther for Snowflake 18 Key Rotation • Snowflake rotates keys every 30 days • Process is transparent to customer and queries More resources on Key Management Key Re-Keying • Yearly re-keying re-encrypts data on the key's birthday • Re-keying requires Enterprise Edition or better • Process is transparent to customer and queries Encryption/ Key Rotation & Re-Keying Home/
Panther for Snowflake 19 Audit Logging – Account Usage Auditing tracks every user’s activity at all times in full detail Kept in a tamper-proof area of your account for 365 days All supplied drivers and connectors also have extended logging Home/ Auditing/
Panther for Snowflake 20 How Panther Helps You Validate Security Best Practices For Snowflake 03
Panther for Snowflake 21 . High-scale with zero ops Fast detection and data queries Detection-as-Code for ultimate flexibility Panther is a security monitoring platform built for speed, scale, and flexibility. Structured data with no retention limits Panther For Snowflake
Panther for Snowflake 23 Panther Brings Your Security Data To Life 1. Security Logs Cloud Hybrid SaaS 4. Alert 3. Detect Analyze Normalize Parse 2. Ingest + more Security Team 5. Investigate Panther For Snowflake
Panther for Snowflake 24 Detection Rules ● Panther currently ships with 19 built-in queries for monitoring Snowflake ● These differ slightly from other rules in Panther as they are saved SQL queries as opposed to Python functions for the rule logic ● Rules include monitoring for items like authentication configuration, changes in user permissions, or changes in network policies ● Some specific rules of note are: • Network Policies Changed • Local User Created • Admin Access Granted • SCIM Token Generated ● Rules can be customized for your organization or used as templates to create custom rules.
runpanther.io Demo
Panther for Snowflake 26 Font size can vary from 24px to 30px Loved by Modern Security Teams Panther For Snowflake
runpanther.io Q & A
runpanther.io Thank You!

Recommended

Snowflake essentials
Snowflake essentialsSnowflake essentials
Snowflake essentialsqureshihamid
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseSnowflake Computing
 
Snowflake Data Governance
Snowflake Data GovernanceSnowflake Data Governance
Snowflake Data Governancessuser538b022
 
Introduction to snowflake
Introduction to snowflakeIntroduction to snowflake
Introduction to snowflakeSunil Gurav
 
Snowflake Architecture.pptx
Snowflake Architecture.pptxSnowflake Architecture.pptx
Snowflake Architecture.pptxchennakesava44
 
Zero to Snowflake Presentation
Zero to Snowflake Presentation Zero to Snowflake Presentation
Zero to Snowflake Presentation Brett VanderPlaats
 
Snowflake SnowPro Core Cert CheatSheet.pdf
Snowflake SnowPro Core Cert CheatSheet.pdfSnowflake SnowPro Core Cert CheatSheet.pdf
Snowflake SnowPro Core Cert CheatSheet.pdfDustin Liu
 
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Amazon Web Services
 

Recommended

Snowflake essentials
Snowflake essentialsSnowflake essentials
Snowflake essentialsqureshihamid
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseSnowflake Computing
 
Snowflake Data Governance
Snowflake Data GovernanceSnowflake Data Governance
Snowflake Data Governancessuser538b022
 
Introduction to snowflake
Introduction to snowflakeIntroduction to snowflake
Introduction to snowflakeSunil Gurav
 
Snowflake Architecture.pptx
Snowflake Architecture.pptxSnowflake Architecture.pptx
Snowflake Architecture.pptxchennakesava44
 
Zero to Snowflake Presentation
Zero to Snowflake Presentation Zero to Snowflake Presentation
Zero to Snowflake Presentation Brett VanderPlaats
 
Snowflake SnowPro Core Cert CheatSheet.pdf
Snowflake SnowPro Core Cert CheatSheet.pdfSnowflake SnowPro Core Cert CheatSheet.pdf
Snowflake SnowPro Core Cert CheatSheet.pdfDustin Liu
 
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...
Snowflake: Your Data. No Limits (Session sponsored by Snowflake) - AWS Summit...Amazon Web Services
 
Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4Databricks
 
Master the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - SnowflakeMaster the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - SnowflakeMatillion
 
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingSnowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingIshan Bhawantha Hewanayake
 
An overview of snowflake
An overview of snowflakeAn overview of snowflake
An overview of snowflakeSivakumar Ramar
 
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the CloudHow to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the CloudDenodo
 
Snowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at ScaleSnowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at ScaleAdam Doyle
 
Snowflake for Data Engineering
Snowflake for Data EngineeringSnowflake for Data Engineering
Snowflake for Data EngineeringHarald Erb
 
snowpro (1).pdf
snowpro (1).pdfsnowpro (1).pdf
snowpro (1).pdfsuniltiwari160300
 
Snowflake Architecture
Snowflake ArchitectureSnowflake Architecture
Snowflake Architecturemymailforspamfr
 
Let’s get to know Snowflake
Let’s get to know SnowflakeLet’s get to know Snowflake
Let’s get to know SnowflakeKnoldus Inc.
 
Snowflake Overview
Snowflake OverviewSnowflake Overview
Snowflake OverviewSnowflake Computing
 
DW Migration Webinar-March 2022.pptx
DW Migration Webinar-March 2022.pptxDW Migration Webinar-March 2022.pptx
DW Migration Webinar-March 2022.pptxDatabricks
 
Changing the game with cloud dw
Changing the game with cloud dwChanging the game with cloud dw
Changing the game with cloud dwelephantscale
 
Data Mesh
Data MeshData Mesh
Data MeshPiethein Strengholt
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for DinnerKent Graziano
 
Snowflake SnowPro Certification Exam Cheat Sheet
Snowflake SnowPro Certification Exam Cheat SheetSnowflake SnowPro Certification Exam Cheat Sheet
Snowflake SnowPro Certification Exam Cheat SheetJeno Yamma
 
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglySnowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglyTyler Wishnoff
 
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...Cathrine Wilhelmsen
 
Data as a Product by Wayne Eckerson
Data as a Product by Wayne EckersonData as a Product by Wayne Eckerson
Data as a Product by Wayne EckersonZoomdata
 
Demystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFWDemystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFWKent Graziano
 
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Cloudera, Inc.
 
Wipro Customer Presentation
Wipro Customer PresentationWipro Customer Presentation
Wipro Customer PresentationSplunk
 

More Related Content

What's hot

Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4Databricks
 
Master the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - SnowflakeMaster the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - SnowflakeMatillion
 
An overview of snowflake
An overview of snowflakeAn overview of snowflake
An overview of snowflakeSivakumar Ramar
 
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the CloudHow to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the CloudDenodo
 
Snowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at ScaleSnowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at ScaleAdam Doyle
 
Snowflake for Data Engineering
Snowflake for Data EngineeringSnowflake for Data Engineering
Snowflake for Data EngineeringHarald Erb
 
Let’s get to know Snowflake
Let’s get to know SnowflakeLet’s get to know Snowflake
Let’s get to know SnowflakeKnoldus Inc.
 
DW Migration Webinar-March 2022.pptx
DW Migration Webinar-March 2022.pptxDW Migration Webinar-March 2022.pptx
DW Migration Webinar-March 2022.pptxDatabricks
 
Changing the game with cloud dw
Changing the game with cloud dwChanging the game with cloud dw
Changing the game with cloud dwelephantscale
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for DinnerKent Graziano
 
Snowflake SnowPro Certification Exam Cheat Sheet
Snowflake SnowPro Certification Exam Cheat SheetSnowflake SnowPro Certification Exam Cheat Sheet
Snowflake SnowPro Certification Exam Cheat SheetJeno Yamma
 
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglySnowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglyTyler Wishnoff
 
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...Cathrine Wilhelmsen
 
Data as a Product by Wayne Eckerson
Data as a Product by Wayne EckersonData as a Product by Wayne Eckerson
Data as a Product by Wayne EckersonZoomdata
 
Demystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFWDemystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFWKent Graziano
 

What's hot (20)

Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4
 
Master the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - SnowflakeMaster the Multi-Clustered Data Warehouse - Snowflake
Master the Multi-Clustered Data Warehouse - Snowflake
 
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingSnowflake Datawarehouse Architecturing
Snowflake Datawarehouse Architecturing
 
An overview of snowflake
An overview of snowflakeAn overview of snowflake
An overview of snowflake
 
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the CloudHow to Take Advantage of an Enterprise Data Warehouse in the Cloud
How to Take Advantage of an Enterprise Data Warehouse in the Cloud
 
Snowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at ScaleSnowflake Data Science and AI/ML at Scale
Snowflake Data Science and AI/ML at Scale
 
Snowflake for Data Engineering
Snowflake for Data EngineeringSnowflake for Data Engineering
Snowflake for Data Engineering
 
snowpro (1).pdf
snowpro (1).pdfsnowpro (1).pdf
snowpro (1).pdf
 
Snowflake Architecture
Snowflake ArchitectureSnowflake Architecture
Snowflake Architecture
 
Let’s get to know Snowflake
Let’s get to know SnowflakeLet’s get to know Snowflake
Let’s get to know Snowflake
 
Snowflake Overview
Snowflake OverviewSnowflake Overview
Snowflake Overview
 
DW Migration Webinar-March 2022.pptx
DW Migration Webinar-March 2022.pptxDW Migration Webinar-March 2022.pptx
DW Migration Webinar-March 2022.pptx
 
Changing the game with cloud dw
Changing the game with cloud dwChanging the game with cloud dw
Changing the game with cloud dw
 
Data Mesh
Data MeshData Mesh
Data Mesh
 
Data Mesh for Dinner
Data Mesh for DinnerData Mesh for Dinner
Data Mesh for Dinner
 
Snowflake SnowPro Certification Exam Cheat Sheet
Snowflake SnowPro Certification Exam Cheat SheetSnowflake SnowPro Certification Exam Cheat Sheet
Snowflake SnowPro Certification Exam Cheat Sheet
 
Snowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the UglySnowflake: The Good, the Bad, and the Ugly
Snowflake: The Good, the Bad, and the Ugly
 
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
Pipelines and Data Flows: Introduction to Data Integration in Azure Synapse A...
 
Data as a Product by Wayne Eckerson
Data as a Product by Wayne EckersonData as a Product by Wayne Eckerson
Data as a Product by Wayne Eckerson
 
Demystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFWDemystifying Data Warehousing as a Service - DFW
Demystifying Data Warehousing as a Service - DFW
 

Similar to How to Implement Snowflake Security Best Practices with Panther

Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Cloudera, Inc.
 
Wipro Customer Presentation
Wipro Customer PresentationWipro Customer Presentation
Wipro Customer PresentationSplunk
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitAmazon Web Services
 
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0Rasmi Swain
 
Challenges In Modern Application
Challenges In Modern ApplicationChallenges In Modern Application
Challenges In Modern ApplicationRahul Kumar Gupta
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Amazon Web Services
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeDharma Atluri
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationNGINX, Inc.
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Amazon Web Services
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic Sumo Logic
 
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24Neo4j
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseSplunk
 

Similar to How to Implement Snowflake Security Best Practices with Panther (20)

Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
Comprehensive Security for the Enterprise III: Protecting Data at Rest and In...
 
Wipro Customer Presentation
Wipro Customer PresentationWipro Customer Presentation
Wipro Customer Presentation
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
 
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
Ridwan Fadjar Septian PyCon ID 2021 Regular Talk - django application monitor...
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0
 
Challenges In Modern Application
Challenges In Modern ApplicationChallenges In Modern Application
Challenges In Modern Application
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscapeAsug84339 how to secure privacy data in a hybrid s4 hana landscape
Asug84339 how to secure privacy data in a hybrid s4 hana landscape
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack Security
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service Communication
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic
 
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
Discover Neo4j Aura_ The Future of Graph Database-as-a-Service Workshop_3.13.24
 
Managing SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk EnterpriseManaging SCADA Operations and Security with Splunk Enterprise
Managing SCADA Operations and Security with Splunk Enterprise
 

More from Panther Labs

Customer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-CodeCustomer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-CodePanther Labs
 
Taking Action on Your Security Alerts with Panther and Tines
Taking Action on Your Security Alerts with Panther and Tines Taking Action on Your Security Alerts with Panther and Tines
Taking Action on Your Security Alerts with Panther and Tines Panther Labs
 
Threat Hunting at Scale
Threat Hunting at ScaleThreat Hunting at Scale
Threat Hunting at ScalePanther Labs
 
Writing Custom Python Detection with Panther (Part 1)
Writing Custom Python Detection with Panther (Part 1)Writing Custom Python Detection with Panther (Part 1)
Writing Custom Python Detection with Panther (Part 1)Panther Labs
 
Replacing Legacy SIEM with Panther and Snowflake
Replacing Legacy SIEM with Panther and SnowflakeReplacing Legacy SIEM with Panther and Snowflake
Replacing Legacy SIEM with Panther and SnowflakePanther Labs
 
Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)
Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)
Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)Panther Labs
 
Cloud Security 101 (Webinar Deck)
Cloud Security 101 (Webinar Deck)Cloud Security 101 (Webinar Deck)
Cloud Security 101 (Webinar Deck)Panther Labs
 
Detecting S3 Breaches with Panther
Detecting S3 Breaches with PantherDetecting S3 Breaches with Panther
Detecting S3 Breaches with PantherPanther Labs
 

More from Panther Labs (8)

Customer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-CodeCustomer Story: Scaling Security With Detections-as-Code
Customer Story: Scaling Security With Detections-as-Code
 
Taking Action on Your Security Alerts with Panther and Tines
Taking Action on Your Security Alerts with Panther and Tines Taking Action on Your Security Alerts with Panther and Tines
Taking Action on Your Security Alerts with Panther and Tines
 
Threat Hunting at Scale
Threat Hunting at ScaleThreat Hunting at Scale
Threat Hunting at Scale
 
Writing Custom Python Detection with Panther (Part 1)
Writing Custom Python Detection with Panther (Part 1)Writing Custom Python Detection with Panther (Part 1)
Writing Custom Python Detection with Panther (Part 1)
 
Replacing Legacy SIEM with Panther and Snowflake
Replacing Legacy SIEM with Panther and SnowflakeReplacing Legacy SIEM with Panther and Snowflake
Replacing Legacy SIEM with Panther and Snowflake
 
Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)
Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)
Panther 101: Bootstrapping Your Cloud SIEM (Webinar Deck)
 
Cloud Security 101 (Webinar Deck)
Cloud Security 101 (Webinar Deck)Cloud Security 101 (Webinar Deck)
Cloud Security 101 (Webinar Deck)
 
Detecting S3 Breaches with Panther
Detecting S3 Breaches with PantherDetecting S3 Breaches with Panther
Detecting S3 Breaches with Panther
 

Recently uploaded

why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 

Recently uploaded (20)

why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 

How to Implement Snowflake Security Best Practices with Panther

  • 1. How to Implement Snowflake Security Best Practices with Panther
  • 2. Panther for Snowflake 3 Speakers Ben Sebastian Senior Detections Engineer Mike Mitrowski Principal Security Architect
  • 3. Panther for Snowflake 4 Agenda 1. Snowflake and Panther Overveiw 2. Understand Snowflake’s security best practices 3. How Panther helps you validate security best practices for Snowflake 4. Demo - Panther for Snowflake 5. Q & A
  • 4. Panther for Snowflake 6 Security Monitoring with Panther for Snowflake Snowflake and Panther have partnered to deliver a solution designed to help Snowflake customers properly ensure the security and compliance of their Snowflake Data Cloud.
  • 5. Panther for Snowflake 7 With Panther for Snowflake, you can… • Continuously monitor the security of your Snowflake Data Cloud • Identify settings that do not align with Snowflake security best practices • Detect configuration changes • Detect unauthorized access • Monitor supporting infrastructure • Expand your threat hunting to Snowflake
  • 6. Panther for Snowflake 9 SCIM user management Native Snowflake credentials ● Password policies ● Multi-Factor Authentication ● Key Pair Authentication Federated Identity ● SAML 2.0-based SSO ● OAuth 2.0 delegated authorization Session control through policies Account, region, cloud, and data-level recovery & fallover ● Fall-Safe ● Time Travel ● Cross-cloud & region replication & fallover ● AWS, Azure, GCP redundancy Built-in Features & partner integrations RBAC & DAC Column-level security ● Using views & UDFs ● Dynamic data masking ● External tokenization Row access policy Tagging Classification Anonymization Customer data always encrypted in flight Data-at-rest always encrypted using a hierarchical key model ● Rooted in the CSP’s HSM ● Automated key rotation & re- keying ● BYOK with “Tri-Secret Secure” Snowflake Security Policy Snowflake Legal for DPA (GDPR), acceptable use, support and more ● Comprehensive audit trail for all activities by all users from login All communication secured using TLS 1.2 with HSTS enforced for all client communications, and controlled by Network Policies (IP Allowlisting) Integration with CSP Private Networking ● GSP Private Service Connect ● AWS Privatelink ● AWS VPC ID S3 policies ● Azure Private Link ● Azure cross-VNet rules for Blob access Choose from any of the Snowflake-supported cloud regions Snowflake Security & Governance At A Glance 7 | Compliance & Legal 3 | Data Governance 5 | Encryption 2 | Identity & Access 1 | Network Controls 4 | Data Protection 6 | Auditing SOC 2 Type II 12 Month Coverage Period SOC 1 Type II 6Month Coverage Period
  • 7. Panther for Snowflake 11 Snowflake UI or Driver Running on Your Network (On-Prem or Cloud) Outside Traffic to AWS
  • 8. Panther for Snowflake 12 Using AWS Direct Connect: Snowflake UI or Driver Running on Your Network Outside Traffic to AWS Private Link with Direct Connect
  • 9. Panther for Snowflake 13 Snowflake Authentication How to do Authentication & Delegated Authorization for Snowflake
  • 10. Panther for Snowflake 14 Snowflake Governance Capabilities Know Your Data Protect Your Data Unlock Your Data Access History Object Tagging Account Usage What Where Who Direct Secure Sharing Private Data Exchange Data Marketplace Row Access Policies Dynamic Data Masking External Tokenization Encryption Conditional Masking Anonymization Classification Priv Pub GA GA GA Priv Pub Pub GA GA
  • 11. Panther for Snowflake 15 Database Replication & Failover Cross-Cloud & Cross-Region Replication ● Business continuity & disaster recovery ● Secure data sharing across regions/clouds ● Data portability for account migrations Zero Performance Impact on Primary ● Asynchronous replication Reduced Data Loss ● Incremental refreshes Instant Recovery ● Read: Readable secondary databases ● Write: Database failover Secure ● Data encrypted at-rest & in-transit ● Tri-Secret Secure compatible Cost Effective ● Replication costs: Data transfer & compute (serverless) ● Control which databases to replicate 1 2 3 4 5 6 Azure AWS Google Cloud More about Database Replication & Failover
  • 12. Panther for Snowflake 16 Hierarchical Key Model • Hierarchical key model rooted in the CSP’s HSM ○ GCP: Cloud HSM ○ AWS: Cloud HSM ○ Azure: Dedicated HSM • All data at rest is encrypted by default, with no configuration required Encryption/ Hierarchical Key Model More resources on Key Management Home/
  • 13. Panther for Snowflake 17 Encryption/ Tri-Secret Secure Key Model More resources on Key Management Hierarchical Key Model using Tri-Secret Secure ● Hierarchical key model adds a hybrid HYOK & BYOK model to give the customer control ● Customer holds key in their CSP Key Management and brings key materials to Snowflake to be part of the key-encrypting key (the Account Master Key or AMK) ● CSP-supported key managers: ○ GCP: Cloud KMS ○ AWS: AWS KMS ○ Azure: Key Vault Home/
  • 14. Panther for Snowflake 18 Key Rotation • Snowflake rotates keys every 30 days • Process is transparent to customer and queries More resources on Key Management Key Re-Keying • Yearly re-keying re-encrypts data on the key's birthday • Re-keying requires Enterprise Edition or better • Process is transparent to customer and queries Encryption/ Key Rotation & Re-Keying Home/
  • 15. Panther for Snowflake 19 Audit Logging – Account Usage Auditing tracks every user’s activity at all times in full detail Kept in a tamper-proof area of your account for 365 days All supplied drivers and connectors also have extended logging Home/ Auditing/
  • 16. Panther for Snowflake 20 How Panther Helps You Validate Security Best Practices For Snowflake 03
  • 17. Panther for Snowflake 21 . High-scale with zero ops Fast detection and data queries Detection-as-Code for ultimate flexibility Panther is a security monitoring platform built for speed, scale, and flexibility. Structured data with no retention limits Panther For Snowflake
  • 18. Panther for Snowflake 23 Panther Brings Your Security Data To Life 1. Security Logs Cloud Hybrid SaaS 4. Alert 3. Detect Analyze Normalize Parse 2. Ingest + more Security Team 5. Investigate Panther For Snowflake
  • 19. Panther for Snowflake 24 Detection Rules ● Panther currently ships with 19 built-in queries for monitoring Snowflake ● These differ slightly from other rules in Panther as they are saved SQL queries as opposed to Python functions for the rule logic ● Rules include monitoring for items like authentication configuration, changes in user permissions, or changes in network policies ● Some specific rules of note are: • Network Policies Changed • Local User Created • Admin Access Granted • SCIM Token Generated ● Rules can be customized for your organization or used as templates to create custom rules.
  • 21. Panther for Snowflake 26 Font size can vary from 24px to 30px Loved by Modern Security Teams Panther For Snowflake