Data variety, volume, and cost have been growing concerns for a long time. Challenges of how to appropriately address those concerns differ depending on the data and what it’s to be used for. Snowflake has built a robust architecture that allows organizations to stop compromising on data storage. Hunters began our partnership with Snowflake three years ago and that partnership has expanded with each iteration of our mutual products. Yesterday, we were awarded Snowflake’s 2022 Cybersecurity Partner of the Year. Today, we are proud to announce the general availability release of the Hunters Security ETL for Snowflake, built to help organizations transitioning their security data to the newly-launched Snowflake Cybersecurity workload. Here’s the rundown on what it is, why we built it, and everything you can do with it.

 

How Security ETL Works

Hunters Security ETL provides a lightweight managed extract, transform, load (ETL) solution to unify IT and security data spread across siloed tools. For example, most organizations today have dozens – if not more – different security related data sources. Hunters handles all of the collection – whether it is from the REST API, S3 bucket, or wherever it resides, so the user doesn’t need to worry about implementing, setting up infrastructure, or monitoring for changes. We take care of the infrastructure required and the logic. All the data is put into a schema that makes it easier for security teams to make queries at a later time, while maintaining the original format to make sure no data is lost in the process. It’s all managed and self-served, so users don’t need any professional services or data engineering involvement to get set up.

That means immediate value for Snowflake customers: once they onboard their data with Hunters ETL, it is ready for search and analytics. That enhances threat detection, compliance, and investigation of past incidents. Hunters has done all of the data pipelining and engineering, so Snowflake users don’t have to do it themselves and data ingestion is seamless.

The initial launch will support ETL of data sourced from security tools, including EDR, cloud infrastructure, email security, identity, and collaboration tools (cloud / SaaS).The list of the supported data sources will be constantly growing, to include additional data sources such as  firewall, network appliances, vulnerability management, and more.

 

data-sources-hunters-etl

Connecting new data sources in the Hunters portal

 

To get started, customers with a Snowflake ACCOUNTADMIN role and privileges to connect applications can go straight to Partner Connect, select “Hunters Security ETL”, and immediately get an account set up a 30-day trial. It’s that easy.

 

Who Will Benefit

Hunters Security ETL for Snowflake typically fits the needs of two types of customers – 

  • Mid-size organizations with in-house security operations that want to become more advanced and improve their security data visibility and usability
  • Established security teams looking to upgrade or replace the use of SIEM to improve the security outcomes of their SOC.

In the case of midsize or younger and growing organizations, security teams typically use a well-defined set of tools, including  EDR, identity management, and cloud infrastructure. These teams tend to be relatively small, so centralizing all their security data in  Snowflake offers efficiencies as well as better security outcomes. Hunters Security ETL for Snowflake can immediately collect and shift the data and ensure these organizations are ready to go to the next level of maturity in handling threats. Security ETL for Snowflake is a good fit for an organization that wants to centralize its security data but is not yet ready for implementing a full SOC Platform that also automates and streamlines detection, investigation and response. 

In the more established scenario, organizations are likely to already have a SIEM and mature security operations in place but are struggling with the cost, complexity, and manual work involved. These types of organizations are looking for ways to cut costs and build efficiencies into their security processes, streamlining and modernizing their efforts and retaining more data. The Security ETL can be a way for them to lift and shift data to a Snowflake data lake and explore its benefits, making it ready for security analytics. Such organizations can choose to maintain their detection engineering by themselves, or evaluate the full Hunters SOC Platform to explore the option of streamlining detection, investigation and response with built-in automation. 

 

Full Service Security

The Hunters Security ETL is essentially a “lite” version of Hunters SOC Platform, focusing on its data engine component. Hunters ETL customers will be able to expand to the full SOC Platform that includes a full suite of data integrations with a more comprehensive level of schema mapping, as well as the other stages of security operations: threat detection, automatic investigation, incident prioritization, correlation of security data, and presentation of incidents as comprehensive attack stories. 

 

Summary

A lot of the older security products were born and designed in an age of shortage: shortage of storage, shortage of compute, shortage of knowledge. Hunters was born in an age of abundance, designed to take complete advantage of modern cloud computing capabilities and to fully automate security operations, taking an immense load off of security teams. So for any organization looking to get started with Hunters Security ETL, you can sign up instantly through Snowflake. From there, if you want to upgrade to the full Hunters SOC Platform, there’s an option to start that process within the Hunters Security ETL solution.

If you’re attending Snowflake Summit and want to connect with Hunters there, learn more here.