Data services provider Snowflake this week deepened its strategic partnership with cybersecurity analytics provider Anvilogic, delivering joint offerings that could further shake up the security information and event management (SIEM) market.
Two cloud service providers already use Snowflake's Software-as-a-Service products for data storage and analytics, and companies want to use stored data and log information for security operations and threat detection. Targeting customers. Anvilogic claims to work with his other SIEM systems to capture data that is typically missed by such systems, such as logs generated by cloud services and alerts generated by cloud security products.
Snowflake and Anvilogic's joint solution will lead to cost savings in the range of 50% to 80% and will eventually replace traditional SIEM platforms, claims Karthik Kannan, CEO of Anvilogic.
“This is a bit of a changing of the guard, something both Snowflake and Anvilogic have been anticipating for a long time,” he says. “We've been building towards this day, but it's going to be one where our type of approach, which I'll explain later, takes center stage, and we're shedding some of the older legacy and replacing them for the next decade.”
The security information and event management (SIEM) market has undergone significant change over the past two years. In August 2022, OpenText Agree to purchase Micro Focus — owner of the famous ArcSight SIEM platform — was acquired for $6 billion. In September, Cisco announced that it would be entering his SIEM space. Acquired Splunk for $28 billion, a transaction completed in March. Earlier this month, IBM withdrew from the market The company sold its QRadar division, a SaaS cybersecurity product that includes SIEM capabilities, to Palo Alto Networks, and the two companies agreed to work together as partners. Neither company has disclosed how much Snowflake is investing in Ambilogic. (Ambilogic Completes third investment (Series C) round of $45 million In April, total funding reached $85 million.)
“Cybersecurity is a data issue”
Snowflake and Ambilogic's data-focused partnership makes good business sense. Realize that you are overflowing with data. The average company currently uses only about half of the information available through logs, but hopes to track up to 80% in the next few years. Research conducted by consulting firm McKinsey.
Combining a data-centric service provider with a cybersecurity service provider makes a lot of sense given the quest to use all data effectively, said John Bland, Head of Cybersecurity Strategy at Snowflake. says.
“We strongly believe that cybersecurity is a data issue,” he says. “The amount of data is exploding, and it's difficult to have visibility into all the data you need, all the security data and sources that you need visibility into. Also, it's difficult to preserve it and make sure it's searchable. It’s also difficult to keep it for as long as you need it.”
of Combining Anvilogic and Snowflake Pairing with a cybersecurity analytics provider likely makes sense for companies already working with a data platform, because it offers additional benefits that you can't get with a standalone SIEM provider, said Allie Mellen, principal analyst for security and risk at business intelligence firm Forrester Research.
“This is attractive to organizations already leveraging data platforms for IT operations, products, and other use cases, as it can support data integration efforts and enable better data governance practices. ” she says. “However, this is difficult for practitioners to take advantage of because it means managing multiple different vendors for various elements of what would traditionally be a single security analytics platform. is.”
Is monolithic SIEM dead?
Anvilogic and Snowflake both claim that the days of monolithic SIEM products are coming to an end. Instead, businesses need to effectively manage and serve data for specific use cases, whether it's business intelligence or threat intelligence. Snowflake's Brand says that with the partnership with Anvilogic and the ability to work with his traditional SIEM systems, he aims to help businesses gradually move to a data-centric architecture.
“Every customer I talk to is ready to say goodbye to traditional SIEM, but they don't know how,” he says. “They have been building dashboards and discovery capabilities over the past five years, or do they feel there are other competing efforts and want to risk a complete ‘rip and replace’ now? Maybe I’m not sure.”
While many traditional SIEM systems started out as appliances or added cloud-based operations as applications running within the data center, these companies also have the benefit of running natively in the cloud. .
Non-native cybersecurity platforms are at a disadvantage because so much of business operations take place in the cloud, said Saryu Nayyar, CEO of rival cybersecurity analytics firm Gurucul.
“Legacy SIEM is legacy for a reason: there is much better technology available today,” he says. “I think this is the root cause behind a lot of mergers. Vendors are not designed to work in a unified way to compensate for the deficiencies in their SIEM platforms, and they probably won't be able to do so any time soon. We are integrating features that would otherwise not work.”
But while the traditional SIEM market is certainly undergoing a difficult evolution, leading companies continue to benefit from focusing on tight integrations with third parties and other existing relationships, says Forrester's Mellen.
“At the end of the day, it's a matter of trade-offs,” she says. “Using a data platform like Snowflake presents an opportunity for some enterprises to unify the storage and access of business data. There are challenges such as making use of
