Snowflake rolled out a new cybersecurity workload to its cloud data platform — Data Cloud, and extended its security partnerships to better support threat detection and response and eliminate security data silos.

“The cybersecurity workload is the seventh workload at Snowflake,” Omer Singer, head of cybersecurity strategy at Snowflake, told SDxCentral. “We're going to make it really easy for the CISO to join the rest of the company on Snowflake.”

Snowflake introduced the concept of the Data Cloud in 2020. It’s an ecosystem of partners, customers, data providers, and data service providers that can share data through the Snowflake Cloud Data platform using its Secure Data Sharing technology. 

The platform previously has six workloads including data applications, data engineering, data science, data warehousing, data marketplace, and marketing analytics.

The new cybersecurity workload will provide a single, united location for high-volume security data and enable users to run analytics and gain insights using SQL and Python. In addition to threat detection and response, the cybersecurity workload supports use cases such as cloud security, security compliance, identity and access, vulnerability management.

Those features address some of the issues of traditional security and information management system (SIEM) tools. That’s why career opportunity platform Guild Education shifted from SIEM tools to the Snowflake platform.

“Guild is all in the cloud and only a portion of my program was being represented in the SIEM and I always found it frustrating that I could never get my logs from the developers out, or all of my DevSecOps tools, we could never get them out and to use them in a consolidated way,” Julie Chickillo, VP and head of security at Guild Education, told SDxCentral.

Singer noted that almost all of Snowflake’s customers used legacy SIEM to serve as the home for security data. However, “they're still dealing with a very fragmented data landscape” and their security teams have to do a lot of manual work.

With the cybersecurity workload, “for the first time you can now have a single source of truth. You can have this place where you collect all of your data and you can keep it there for as long as you want,” Singer touted. And “the CISO can align to the CIO in terms of a data strategy and have this unified source of truth that extends across the business and the security team.”

Along with the cybersecurity workload, Snowflake announced plans to integrate with more partners including Hunters, Panther Labs, and Securonix to deliver security capabilities to Data Cloud customers using connected applications. 

Snowflake was one of Hunters’ first customers using its extended detection and response (XDR) platform and security operations center (SOC) capabilities.

“We’re basically allowing Snowflake customers to ingest and collect, using Hunters, all of their security data into Snowflake. And then have all of Hunters’ analytic stack sit on top of that data,” Hunters CEO Uri May explained in an earlier interview.

Snowflake relies on an ecosystem of applications to develop security capabilities as the vendor itself focuses on the data platform layer, Singer said. 

“What we're seeing now is once the security team owns their data on their data platform, they're able to use that same single source of truth for additional use cases and the ecosystem is leaning into that,” he added.