April 22, 2022

Last Updated on January 18, 2024

What if you could be proactive in your approach to cloud data security rather than reacting once an attack has been made?

This is exactly the solution our guest is providing at Panther Labs. We speak with Jack Naglieri, Founder & CEO, about the cloud-native approach to security analytics and exactly why SIEMs are getting left behind.

Join us as we discuss:

  • Developing Panther and taking a different cloud-native approach
  • Understanding Snowflake and data lakes
  • Creating a proactive security response rather than reactive
  • Interesting findings from the state of SIEM

A Different Cloud-Native Approach

Panther is taking a very different cloud-native approach, to say the least, and it all started with Jack’s experiences at a couple of other big companies: Yahoo and Airbnb.

The biggest challenges that Jack has faced as a practitioner were always operational overhead and scale. It just wasn’t viable to get the data he needed into a single place. It also meant severely limiting the volume of data they were collecting.

Because Panther Labs is a serverless architecture, you just need us to set up your account for you.” — Jack Naglieri

This puts security teams in a risky place. Nobody wants to have an attack or a breach happen, and then only have thirty days of data for incident response due to those limitations.

At Yahoo, they had massive data teams, but they weren’t at the service of the security team. They stayed in their lanes and focused on the core business.

Fast forward a couple of years to Airbnb. They were built in the cloud, and so Jack and his team approached security the same way. Instead of having to rack servers and do virtual machines, they were able to spin up Amazon EC2 instances with the click of a button. Couple that with using services like AWS Lambda and Simple Query Service (SQS), and it’s allowed them to take very complicated data systems, and go serverless.

Snowflake and Data Lakes

Odds are, you’re probably not familiar with Snowflake and data lakes, which is understandable if you’re a security pro and not a data scientist. Even so, these technologies are crucial to understanding the value proposition of Panther.

Security is a data problem; we want teams to be able to bring that data to life.” — Jack Naglieri

In simplest terms, a data lake is an incredibly large database. There are a lot of different ways to slice and dice it because data lakes can be structured or unstructured. Data lakes use storage solutions like generalized blob storage to store all that data. Then data warehouses make it usable.

Snowflake is trying to be the de facto cloud data warehouse, where you can feed as much data as you want into this relational database, then it will elastically scale because it separates storage and compute.

Creating a Proactive Security Response

Obviously, every company wants to be able to handle security proactively instead of reactively. Nobody likes having to deal with a breach. Which is why Panther utilizes stream processing, and uses Python to get creative and clever on how they do analysis.

They’re able to monitor logs in real-time, allowing customers to fend off attacks before they ever happen, rather than waiting to get hit and playing scramble defense.

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here.

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

Free OWASP ASVS Testing Guide

If you are just learning about OWASP’s testing standard or are considering the best way to prove the security of an application, this guide is meant for you!